Access Request Schema Attributes

Important

The parameters and their respective descriptions of the parameters are mentioned in the following format:

Description of the parameter.

Considerations for Schema Attributes

  • The connector aggregates the value for the following account attributes based on the connector that is maintained in the highest sequence in the User Detail Data Source:

    • First Name

    • Last Name

    • User ID

    • Email

    • Phone

    • Department

    • Manager ID

    • User Type

  • The connector aggregates the Role name in the format System Name/Role Name. For example:

    HANADB/CONTENT_ADMIN.

    For the GRC business role, only the Role Name is displayed

  • Update account is supported during the Create Account operation for all the account attributes except for the Status attribute.

  • If values are changed by the GRC administrator after a request is created, that request is not completed.

  • Only the Add and Remove operations are supported.

  • The Request ID is sent to GRC for every provisioning operation and is not available in the UI during certification.

  • Line item approval and rejection (only) is supported for the Role attribute from the GRC side.

  • An Identity Status as Enabled or Disabled is mapped to the Locked/Unlocked status of the user in the system. If there are multiple systems, it is based on the order in which the Repository Objects sync job is run for the system in SAP GRC. Additionally, it depends on the effective record updated in GRC after all repository object sync jobs are executed. If the option for Enable/Disable users on all the SAP GRC connected-systems is enabled:

    • The identity status will be disabled when the user account is disabled on all the systems.

    • The identity status will be enabled even if the user account is enabled on any single system.

  • If the option for Enable/Disable users on all the SAP GRC connected-systems is disabled:

    • The identity status will be disabled only when the user account is disabled on the master system.

    • The identity status will be enabled only when the user account is enabled on the master system.

  • The Requester ID And Requester Email are automatically set as the Application Owner ID and Email in GRC while placing the Access Request.