Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Allow Role Approvers of Single roles to review assignments to Business Roles

Go to solution
mhughes2
Participant

on ‎2018 May 07 9:58 PM

0 Likes
1,421

Hello All,

I have set up all of the required steps to assign Single/composite roles to a Business Role and assign it to a user, and I have validated that the Business Role owner will approve that role and any compliance issues will go out for approvals as needed.

I now want to know how to allow the role owners of the Single/Composite roles in a Business role to be notified by GRC to review those roles that are in the Business role and if they are not then they can submit the role to be removed from the business role.

Looking at the BR in the role management screen in the Properties section for Certification and "Role Reaffirm" all of the blogs I have read sound as if these will only go to the Role owner of the business role.

Is that correct or will either option trigger the single role owner to review and confirm they still think the Business role should have this access?

If the won't trigger then, than is there a way to set a review date on a business role for the individual approvers of the BR content?

Thanks

Michael

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎2018 May 08 9:18 PM
0 Likes

Michael,

I am not quite sure what your question referring too,Are you asking if an email(not workflow) will be sent to single/composite role approver or you are expecting to send workitem to the single/composite role approver workinbox? or Both?

Thanks

Ramesh

Show replies
Show replies
mhughes2
Participant
‎2018 May 09 11:21 PM
0 Likes

Ramesh,

I am asking whether the workflow/email notification process will work for Business Roles the same as it works for Single/Composite roles, but would trigger an email/workflow notification to the single/composite role owners instead of the Business Role owner.

Currently if you activate reviews on non-business roles for a specific date it will trigger a workflow/email to the role owner to review either the Tcodes in a role or the users assigned to the role and the reviewer can then submit a request to remove the Tcode or User from the role if they feel it should change.

Reading the configuration documentation it looks like if I activate either option in the business role it will only notify the Business Role owner to review the access the roles have not the role owners of the individual roles in the business role.


I was hoping there were be a way to notify individual role owners to review the business roles their single/composite role is assigned to through the same workflow/email process and be able to submit a request to remove the access if they feel that Business role should not have it.

Former Member
‎2018 May 10 4:04 PM
0 Likes

Michael,

Yes its possible but you have create a new BRF+ initiator rule for role approver by role type SIN/BUS/etc then map the rule to MSMP paths for SIN/BUS etc.

Thanks

Ramesh

Answers (2)

Answers (2)

japneet_singh2
Active Participant
‎2018 Jun 06 11:46 AM
0 Likes

Hi Micheal,

For the approval, the work item will be sent to the business role approver and not individual role owner of single or composite role.

Thanks
Japneet

Show replies
Show replies
japneet_singh2
Active Participant
‎2018 Jun 06 11:46 AM
0 Likes

Hi Micheal,

For the approval, the work item will be sent to the business role approver and not individual role owner of single or composite role.

Thanks
Japneet

Show replies
Show replies
Ask a Question