Hi Stephane.

There is not a especific script to be followed after a backend refresh. As already described in the previous answers, you just need to:

1) Confirm if the RFC connection from GRC to this backend system is still working (GRC user password in this backend may have changed or maybe he was somehow locked).

2) Make sure that the GRC user didn't loose any permissions in this backend system.

3) Confirm on GRC side if the due jobs (synchs, FF log collection, batch risk analysis, etc.) are still running against this backend system without errors.

Regarding Business Roles, it is really a good but weak feature. It is handled on GRC side and you don't have any kind of control on backend side which would easily allow reconciliation.

But check with your GRC team because there is a job on GRC side for Business Roles reassignment which should bring the linkage between business and technical roles back. You just need to pay attention because this job can also (re)assign technical roles to your users if the content of your Business Roles has been changed or if the technical role assignments were manually maintained in your backend system.

Regards,

Marcelo Monsores

Yes, they are using Business role concept and Access request. The satellite/managed system we did a refresh on is a preprod instance which they are keeping in sync with Production. So basically when people make requests for production it will do the same assignment in preprod instance. We refreshed preprod but kept the original copy of UMR so nothing would change.

Now they are complaining that about 50% of the users have broken link. But to be honest It maybe that those links were already broken before the refresh but they only noticed after the refresh was done. Not 100% sure on that. I just wondered if there was a known issue on this or a special refresh procedure to follow post-refresh.

Thank you

Stephane

Hi Stephan,

I think its a common/known problem for the non production refresh:) as there are some GRC specific plugin configuration on the managed systems..Does your GRC/Security team uses Business Role concept(GRC BRM) for non production systems and also are they using Access Request(GRC ARM) for non production systems.

Thanks

Ramesh

Thanks for your reply.

I'm sorry I'm not a GRC person and I don't know a whole lot about it. Synch jobs and RFC have all been setup. We did a refresh of one of the satellite/managed system and kept User master records and RFC intact on the managed system, but then the Security team complained that from GRC perspective, it broke links between user mapped to roles. As a result of this, any user termination or role removal will not actually remove the roles from users in the refreshed system.

Hope this helps clarify a bit

Stephan

Hi, this seams like a very broad question.

Basically the GRC AC system is conntected with many RFC destinations, and vice versa.

Synchjobs also need to be maintained in the GRC system.

Kind regards,