on 2022 Jan 18 5:41 AM
HI All,
in a IDM-GRC set-up where IDM does the provisioning, can we have ONLY ff ID access requests provisioned by GRC.
The initiator rule/BRF rule used consists of the calling of risk analysis function module followed by reading the risk analysis results into the decision table.
However, inclusion of the Request type column in this decision table does not pick up our FF id rule result. it picks up the rule result NO-SOD-PATH. i think the reason is because the FF id request consists of FF id. And is therefore the FM is not not able to perform the risk analysis. Thus giving a NO-SOD-PATH.
Looking forward your suggestion. And my set-up is a centralized provisioning one, where Global provisioning is set to 'No Provisioning' in GRC.
If we make this setting as Provisioning enabled, we think that GRC will do the provisioning for other request types as well, which is not desirable. Because IDM is doing it.
Regards
Plaban
Request clarification before answering.
Hi Plaban,
I am not sure what the initiator has to do with the provisioning problem (as it can be adapted if needed by a custom one), but let me try to answer the provisioning problem. Here, it depends on whether you are using the classical AC/IDM integration (request starting in IDM) or the new one (request starting in AC).
For the former the provisioning settings are considered, so 'No provisioning' actually means also no FF IDs are provisioned by AC. For the latter this is supposed to work (please check note 3156573 for a required fix).
Best regards
Gerald
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
6 | |
2 | |
2 | |
2 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.