cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Mitigation assignment approval in Access Request Workflow

Go to solution
pavan_muthyala
Explorer

on ‎07-23-2014 9:29 AM

0 Kudos

Hi Guys,

I am currently implementing GRC for one of the clients. I have a question with respect to Mitigation assignment approval in Access Request Workflow.

Below is the Scenario,

1) User Submits the request

2) Manager Approves

3) Role Owner runs the SOD & finds SOD violations. Role Owner assigns the mitigation controls & approves the request

Clarification:

Once the role owner approves , depending on the mitigation controls assigned , can this request be routed to the mitigation control owner for approval in next stage? is this configurable with out custom BRF+ rules ? I know there is a workflow separately  (SAP_GRAC_CONTROL_ASGN) for approval of assignment which I suppose is out side of the Access request workflow.

Please suggest.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

pavan_muthyala
Explorer
‎07-24-2014 3:21 AM
0 Kudos

Hi Alessandro,

Thanks a lot for your reply.

So from what i understand : Once the role owner assigns the mitigation, new workflow is triggered for mitigation control assignment approval .

The role owner must wait until this has been approved by the mitigation approver through the other workflow.

When mitigation assignment is approved , role owner would approve the access request.

So all i need to do is to activate the SAP_GRAC_CONTROL_ASGN workflow for this scenario to work.

Correct me if i am wrong.

Show replies
Show replies
alessandr0
Active Contributor
‎07-24-2014 6:48 AM
0 Kudos

Pavan,

more or less - as the control assignment workflow is independent the access request doens't wait. So if the role owner set a mitigation the control workflow starts. If you allow the role owner to approve the access request with risks, means if the risk isn't mitigated, then the role owner can proceed.

To have your scenario working you must set the following in Access Request workflow: Role Owners are not allowed to approve as long as there are risks. All risks must either be remediated or mitigated before approval. That means if the role owner sets a mitigation the assignment workflow starts. As soon as the mitigation is valid (final approval) the access request can be approved.

Technically both workflows are independent and don't have a relation to each other. But with some settings you can combine them.

Does this answer your question?


Regards,

Alessandro

Answers (1)

Answers (1)

alessandr0
Active Contributor
‎07-23-2014 9:41 AM
0 Kudos

Hi Pavan,

that's not possible with standard functionality. As you've mentioned you can use the Control Assignment workflow but that starts a new workflow and doesn't affect the access request workflow. So if you put a mitigation and the control assignment workflow starts, the access request workflows goes to its next stage. It is then possible that the control assignment gets rejected but that doesn't affect the access request.


To build up your requirement you have to use BRF+ rules.

Hope this helps.

Regards,

Alessandro

Show replies
Show replies
Ask a Question