cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC AC - how to bypass ARM workflow based on certain request types?

Go to solution
Former Member

on ‎10-24-2014 3:58 AM

0 Kudos

Hi GRC Experts


We are currently helping a client implementing GRC AC10.1,  our requirement is that ARM workflow just need to handle the Firefighter assignment request, for other request types, ARM workflow should be bypassed because all other requests should be approved in OA system and then be automatically  submitted to GRC AC via WebService.


Is there any way to bypass ARM workflow based on certain request types  and directly submit request without any approval in GRC?


Thank you in advance


James

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

madhusap
Active Contributor
‎10-24-2014 4:32 AM
0 Kudos

Hi James,

Can you explain what you mean by bypassing?

In GRC if you want to maintain workflow only for Firefighter access, then you can just enable only Firefighter access workflow, maintaining only Firefighter access request type in your BRF+ decision table.

Is my understanding correct?

Regards,

Madhu.

Show replies
Show replies
Former Member
‎10-24-2014 4:43 AM
0 Kudos

Hi Madhu


Thanks for your reply


Yes, I just want to only enable Firefighter access workflow, what I mean by bypassing is disabling other ARM access workflow. Have you an example about how to disable other request type? I'm wondering if I disable the ARM request type, can the request be automatically submitted or just raise error


Best regards

James

madhusap
Active Contributor
‎10-24-2014 4:51 AM
0 Kudos

Hi James,

Go to SPRO -> IMG -> ACCESS CONTROL -> USER PROVISIONING -> Define Request Type

Here you can maintain all your request types. You can disable the request type from appearing in NWBC using the check box "ACTIVE" as shown below.

Deactivate all request types except Emergency User Access request type. Now users will see only one request type in NWBC i.e. Emergency User Access.

Then in your BRF+ initiator just maintain an entry with Emergency User Access request type and corresponding rule result.

Let me know if you need any more details.

Regards,

Madhu.

Former Member
‎10-24-2014 6:42 AM
0 Kudos

Hi Madhu


Now my question is that if I disable all other request types except Emergency User Access request type, can the Web Service calling still work for other request types? How does Web Service calling work in GRC? Directly post the request once the GRC get request from web service?


Best regards

James

madhusap
Active Contributor
‎10-24-2014 7:23 AM
0 Kudos

Hi James,

In that case you can keep all your request types active and you can restrict the users access to only Emergency User Access by using below authorization object.

Make sure that the roles assigned to end user is controlled by this authorization object so that they can request access only for EAM.

Regards,

Madhu.

Former Member
‎10-24-2014 7:42 AM
0 Kudos

Hi  Madhu

Thanks a lot, it's a reasonable way to restrict the end user can only apply Emergency User Access in GRC.


Here is my BRF+ demo configuration, but I don't know how can I process the request type 001-005 since there should no any approval for these request type. In my mind, we should just disable the workflow for request type 001-005, right? Can you please show me some demo about directly submit without approval? Thanks a lot


Best regards

James

madhusap
Active Contributor
‎10-24-2014 7:52 AM
0 Kudos

Hi James,

Please follow below link and create your decision table. In case you face any issue, let me know.

BRF plus Flate Rule - GRC Integration - Governance, Risk and Compliance - SCN Wiki

In order to understand on Creating access request using we services please check below link

Regards,

Madhu.

Former Member
‎10-24-2014 8:33 AM
0 Kudos

Hi Madhu


Thanks for your reply.


Yes, I used to use BRF+ to define routing path, and input into MSMP for different paths. But our requirement is to directly submit the request without approval, how can I define the stages or paths? Thanks a lot


Best regards

James

Colleen
Advisor
Advisor
‎10-24-2014 8:44 AM
0 Kudos

Hi James

But our requirement is to directly submit the request without approval, how can I define the stages or paths?

If you want automatic approval you need to send the item down a path with zero stages. It will execute and complete the MSMP without sending it to an agent for approval.

To achieve this, have an initiator rule based on Request Type Check. In this if request type is 006 for Firefighter then rule result with be FF_REQ. If the request type <> 006 then rule results will be OTH_REQ.

Within the MSMP, you can then defined two paths - FF_PATH and OTH_PATH. The FF_PATH then needs the stages that you require for approval (how many approvers) whilst the OTH_PATH needs a path with no stages

The next thing I recommend you do is restrict which request types users can lodge requests for to limit them to 006 unless users still do lodge ARQ requests?

It's the same MSMP so you cannot just deactivate for some request types and not others. You must send them down a path.

It looks like you are almost there - it's the MSMP side you need to finish off as your BRF+ rule almost done. I would recommend doing <>006 instead of 001..005 in case you have other request types.

Regards

Colleen

Former Member
‎10-24-2014 8:44 AM
0 Kudos

Sorry Madhu, my question is that how can I define stages or paths without approver? Thank you


Best Regards

James

Colleen
Advisor
Advisor
‎10-24-2014 8:51 AM
0 Kudos

Hi James

  1. MSMP > 6. Maintain Paths
  2. Create your path (just the name and description)
  3. Do not add any stages to your path (entire table for the path will be empty)

Path without stages = automatic approval (once it hits that path ofcourse)

Regards

Colleen

Former Member
‎10-24-2014 8:52 AM
0 Kudos

Hi  Colleen

Thanks for you reply, I'll try to define a sub-path without any stage and will update you the testing result

Thanks you and best regards

James

Former Member
‎10-24-2014 8:57 AM
0 Kudos

Hi  Colleen

Thank you, I will try

Best regards

James

madhusap
Active Contributor
‎10-24-2014 9:08 AM
0 Kudos

Hi James,

Yeah understood. Colleen already gave you the solution. Just try and let us know if any issue

Thanks,

Madhu.

Former Member
‎10-24-2014 3:40 PM
0 Kudos

Hi Madhu, Hi Colleen

Bingo!! It can work now, I really appreciate your kind help, thank you very much

Best regards

James

Answers (0)

Ask a Question