Additional Blogs by Members
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Configure Manager Look-Up in ARM for GRC 10

alessandr0
Active Contributor
‎07-29-2013 2:16 PM

Configuring ARM in GRC10 isn’t a difficult task if you know which details you have to take into account. This document gives you an overview of which information is required. It doesn’t consider all details but at least what you need to make sure the manager look up is working.

Pre-requirements:

Please install the following note in the backend system where your HR data’s are stored.

Note: 1756290 - Incorrect Manager picked if employee itself is a manager

To search for HR data (Manager, personnel number, etc.) from SAP ERP system and populate them on GRC ARM it is necessary to have GRC plug-in GRCPIERP installed in the backend (where your HR data’s are).

It is also necessary to have properly and completely configured HR org management which includes all required information. This can be done in T-Code PPOME. As you can see on the following picture my user is assigned as Head of an organization unit which manages some users.

We have also stored the employee’s communication ID (system user name) in the Communication Info type 0105.

Maintain Data Sources Configuration in GRC Box

Maintain the connector information which is required for Access Control to retrieve the user and authentication information from the HR system.

IMG > GRC > Access Control > Maintain Data Sources Configuration

Update the Data Source for the structures pointing to your HR system as follows:

As you can see in Sequence one the user User Data Type is set to HR. We have also configured alternative data sources if HR data is not available in sequenze two and three.

End User Personalization:

To make sure a manager cannot be changed manually (if picked from HR), you can maintain the end user personalization and set to Mandatory, not changeable if data exists.

IMG > GRC > Access Control > User Provisioning > Maintain End User Personalization

Example:

While creating an access request for the user T-TEST it automatically shows the manager (BANZER_A) which is defined in HR org management.

Well, that’s all for the moment. I hope this document has helped you to successfully configure manager look-up in ARM. Please feel free to share your thoughts and comments in order to improve our knowledge.

Regards,

Alessandro

7 Comments
Popular Blog Posts
Top kudoed authors
View all