Customizing Access Request Variables for Provisioning

The following variables are hard coded in SAP GRC with default values. You can update these variables/values to meet your requirements:

Access Request Type
Access Request Provisioning Action for Role
Access Request Provisioning Action for System

Note
To obtain the SAP GRC values, refer to Verify the Request Type and Configuration.

Note
For new applications, the default key/value mapping is available out of the box. You can customize these key/value pairs on the application debug page.

From the application debug page, add the required attributes as follows:

Copy

<entry key="access_request_type_mapping">
    <value>
        <Map>
            <entry key="Create Account" value="001"/>
            <entry key="Update Account" value="002"/>
            <entry key="Enable Account" value="005"/>
            <entry key="Disable Account" value="004"/>
        </Map>
    </value>
</entry>
<entry key="prov_actions_mapping_for_role">
    <value>
        <Map>
            <entry key="Assign" value="006"/>
            <entry key="Remove" value="009"/>
        </Map>
    </value>
</entry>
<entry key="prov_actions_mapping_for_system">
    <value>
        <Map>
            <entry key="Create User" value="001"/>
            <entry key="Update User" value="002"/>
            <entry key="Enable User" value="005"/>
            <entry key="Disable User" value="004"/>
            <entry key="Change &amp; Lock User" value="023"/>
            <entry key="Change &amp; Unlock User" value="024"/>
        </Map>
    </value>
</entry>

Note
By Default the UI values for Access Request Type Mapping, Provisioning Actions for Role, and Provisioning Actions for System are disabled. If a user wants to add the same Request Type, Provisioning action (Role/System), or Code for any of the mappings then they must first delete the existing one. Afterwards, they can then add the same Request Type, Provisioning action (Role/System), or Code. This has been designed to reduce human errors and perform uniqueness validations.

For example:

To add the Code for Disable Account you must perform the following:

Select the Disable Account row checkbox, and then select Delete.
Enter "Disable Account" as the Request Type, enter "006" as the Code, and then select Add. The updated values will then be saved in the UI.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.

Customizing Access Request Variables for Provisioning

Documentation Feedback