Configuring Additional Data Generator Workflow Parameters
The SAP GRC Integration provides support for the following additional parameters in the SAP GRC Data Generator workflow:
-
RiskLevel
-
RuleSetId
-
ReportType
-
simulationRiskOnly
It displays results of risks or violations that are obtained from the combination of the user's existing and new assignments. The possible values for simulationRiskOnly are as follows:
-
X: Displays the new violation result obtained from combination of new assignment.
-
Blank: Displays all the violations of old and new assignments (a consolidated violation result).
Perform the following steps to specify the value of the above parameters:
-
Go to Menu > Setup > Business Processes > SAP GRC Data Generator.
-
Go to Process Variables.
-
Expand the required Variable (that is,
RiskLevel,RuleSetId, orReportType) and initialize the values by selecting the type as String. Add single/multiple values separated by a comma.
Upgrade settings
If you are upgrading to IdentityIQ version 8.2, 8.1 Patch 4, or 8.0 Patch 5, perform the following changes in the SAP GRC Data Generator workflow to specify the values for riskLevel, reportType, ruleSetId, and simulationRiskOnly.
To specify values for riskLevel, reportType, and ruleSetId:
-
Add the following workflow process variables marked in bold:
<Variable initializer="false" name="trace">
Description>Used for debugging this workflow and when set to true trace will be sent to stdout.</Description>
</Variable>"
<Variable input="true" name="reportType">
<Description>A comma separated string of Report Type values used for SAP GRC Proactive checks.</Description>
</Variable>
<Variable input="true" name="riskLevel">
<Description>A comma separated string of Risk Level values used for SAP GRC Proactive check.</Description>
</Variable>
<Variable input="true" name="ruleSetId">
<Description>A comma separated string of Rule Set Id values used for SAP GRC Proactive check.</Description>
</Variable>
"<Description> This subprocess is used in "Provision and Approval" subprocess." -
At the Invoke SAP GRC Request Executor step, add the following arguments and return structures:
<Arg name="reportType"/>
<Arg name="riskLevel"/>
<Arg name="ruleSetId"/>
<Return name="riskLevel" to="riskLevel"/>
<Return name="ruleSetId" to="ruleSetId"/>
<Return name="reportType" to="reportType"/> -
Perform the following steps to add initial values to variables:
Go to Menu > Setup > Business Processes > SAP GRC Data Generator. Go to Process Variables and perform the following:
-
Expand the reportType and initialize the values by selecting the type as String. Add values with a comma separating entries. For example,
02,05 -
Expand the riskLevel and initialize the values by selecting the type as String. Add a single numeric value. For example,
- 1 -
Expand the ruleSetId and initialize the values by selecting the type as String. Add a single entry. For example, -
CLIENT_RULESETIDNote
SAP GRC performance is impacted if multiple riskLevel and ruleSetIds are set together.Note
If risk is detected for any value of riskLevels and ruleSetIds then it creates SAP GRC Request immediately and the rest of the riskLevel and ruleSetId values are ignored.Note
Setting multiple values for riskLevel, reportType, and ruleSetId with leading or trailing spaces is not allowed.
-
To specify values for simulationRiskOnly:
-
In between the following lines add the following workflow process variables marked in bold:
<Variable input="true" name="ruleSetId">
<Description>A comma separated string of Rule Set Id values used for SAP GRC Proactive check.</Description>
</Variable>
<Variable input="true" name="simulationRiskOnly">
<Description>A String value of Simulation Risk Only used for SAP GRC check.
</Description>
</Variable>
"<Description> This subprocess is used in "Provision and Approval" subprocess.
At the Invoke SAP GRC Request Executor step, add the following arguments and return structures:
<Arg name="simulationRiskOnly"/>
<Return name="simulationRiskOnly" to="simulationRiskOnly"/>