GRC AC Request Provisioning Scenario.ppt

Embed Size (px)

DESCRIPTION

AC Request

Citation preview

GRC 10 generic data source parameter Configuration with Virtual directory Server (VDS):

GRC AC Request Scenario 1:

To define the "Submit AC Request" parameters in the Identity Management correctly, you needto know the corresponding parameters defined on the SAP BusinessObjects Access Controlside:

Integrating Request Parameters configuration settings:Make sure that the mandatory parameters (e.g. e-mail address) are defined in the "Submit ACRequest" on the Identity Management side.When a request (with the defined parameters) is received by the SAP BusinessObjects AccessControl, the request may be approved/rejected through a request administration process.Write RequestId and opt. Start PollingThe task Write RequestId and opt. Start Polling is a part of the ordered task group Perform RiskCheck.The pass calls the script sap_grc10_WriteRequestId2PVO to retrieve the request ID from acontext variable (MX_GRC_REQUEST_ID as of, and GRC_REQUEST_ID prior to SAP NWIdentity Management 7.1 SP4) and save it to MX_AC_REQUESTID on a pending value object.It then checks the attribute MX_AC_POLLING_ENABLED of the assigned privilege (definedon the repository definition of the privilege). If this attribute is set and the polling enabled, thenthe attribute MX_AC_POLLING_TASK is read, and the referenced task executed. Otherwise(if the attribute is not set) the call-back service is enabled and used, and the task stops.GRC Request flow Scenario 2:GRC10 SP06..I have configured Access Request.and i could able to create request with Manager user id in User details of request.when i check the audit log of it..it is showing like this..and in the Manager inbox there are no request available...am i missing any thing in MSMPRecommended suggestions: the clarity of the screen shot, it seems that the request is escalated to the security stage, as per escalation configuration, and at the security stage no agent found.If this info is correct from the audit log, then check whether any user is assigned with the privileges of security from AC owners section of setup tab.

------------------------------------------------------------------------------------------------------- seems that you don't want it to go to security yet and actually want it to go to Manager for approval, however it fails to find the right approver and applies the escape path to security. Is this correct? Anyway, possibly something is wrong with the MSMP Workflow Configuration itself. In MSPM Workflow Config > Maintain Rules, you should have a rule called GRAC_MSMP_MANAGER_AGENTThen in the next step under Maintain Agents you should have GRAC_MANAGER agent, with assigned agent rule ID GRAC_MSMP_MANAGER_AGENT.Then in your path that you use you should have a Stage ID like GRAC_MANAGER with Agent GRAC_MANAGER. Do you have this so far in MSMP Config?------------------------------------------------------------------------------------------------------------ Make sure that the user ID that has appropriate security to search users. Also, it seems that you do not have an escape route enabled. You can check MSMP Instance Monitor to more details (Txn: GRFNMW_DBGMONITOR_WD) and also possibly SLG1 for authroization issues.