Showing results for 
Search instead for 
Did you mean: 

Risk mitigation path before role owner approval in GRC 10 Access request

Former Member
0 Kudos

Hi Friends,

We are implementing ARM and we are facing issues with the design. Please help.

We want the workflow as below:

1) Access Request submitted

2) If there are SOD violations, route it to Security/point of contact. Security will mitigate and either send back to role owner approver or

auto provisioning

3) If No SOD, it should goto role owner approval stage and then auto provisioning

If the request is for role remove, it should go to auto provisioning without approvals but notify the role owner.

Please help me.


View Entire Topic
Former Member
0 Kudos

Hi Krishna ,

In your case you have to route your request based on risk analysis at request submission.

You can use the Function module GRAC_INITIATOR_SOD_VIOLATIONS , this is a initiator rule and it executes at the time of request submission.

So this means you will have to maintain this initiator rule in your Global Rules area.

There will be two results for this initiator SOD_VIOLATIONS and NO_SOD_VIOLATIONS.

So the request can take two paths based on the risk results one will be Role owner and other will be to security.

Let me know if this is what you were looking for.



Former Member
0 Kudos

Solution is... need to create a dummy stage and skip to next level. maintain SOD detour in the dummy path