Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Configure FFID Assignment workflow in GRC 10.1 using Decision table

Go to solution
surya_appala
Active Participant

on ‎2018 Feb 21 4:17 PM

0 Likes
885

Hi

We are in GRC 10.1 SP 15 and is integrated with SAP IDM. All role assignments happen through IDM but only for risk analysis purpose requests are flown to GRC.

BRF+ is configured accordingly using Procedure calls and Table operations and made use of process ID: SAP_GRAC_ACCESS_REQUEST

Now, my client wants to configure workflow for FFID assignment in GRC. This means we should make use of same Process ID: SAP_GRAC_ACCESS_REQUEST.

Please suggest/help if I add one more line item to BRF+ existing decision table with Request type and Rule Result as additional columns, will it route to the desired path? Is it recommended approach and does it disturb requests from IDM? Thank you.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

gustavo_soares
Participant
‎2018 Feb 26 8:41 AM

Hello Surya,

I understand that the Request Type should be used as input to the decision table of the initiator rule. If it is type 6 - Superuser Access, then the rule result will trigger the correct path, based on your MSMP configuration (Step 5 - Maintain Paths).

It won't disturb the requests for IDM (considering that the request type is different and also checked in the decision table).

You may need to define that type in SPRO > IMG > GRC > AC > User Provisioning > Define Request Type.

Cheers,
Gustavo

Show replies
Show replies
surya_appala
Active Participant
‎2018 Mar 07 1:11 PM

Thank you Gustavo 🙂 But in our current Decision table, there is no Request type as input column. If I need to add Request type as input column what will be the request type for requests coming from IDM? Can I leave it blank?

I shall test it in quality once business is Okay with the proposal. 🙂

gustavo_soares
Participant
‎2018 Mar 08 2:04 AM

Hi Surya,

You can set the first row of the decision table for request type 006 - Superuser. Then it can be blank for the other rows(IDM).

If you need to know the request type for IDM, check in SPRO > IMG > GRC > AC > User Provisioning > Define Request Type.

Cheers,
Gustavo

Answers (1)

Answers (1)

Former Member
‎2018 Feb 27 5:33 PM

Hi Surya,

Yes I agree with Gustavo, If the DT has the right Request type and the rule to be triggered, it should not be problem to enable workflow for FF requests.We have the same scenario and its working fine.

Thanks

Ramesh

Show replies
Show replies
surya_appala
Active Participant
‎2018 Mar 07 1:11 PM
0 Likes

Thank you Ramesh 🙂

Ask a Question