A.2 Global Configuration Values
Global configuration values (GCVs) are values that can be used by the driver to control functionality. GCVs are defined on the driver or on the driver set. Driver set GCVs can be used by all drivers in the driver set. Driver GCVs can be used only by the driver on which they are defined.
The SAP GRC Access Control driver includes several predefined GCVs. You can also add your own if you discover you need additional ones as you implement policies in the driver.
To access the driver’s GCVs in iManager:
-
Click
to display the Identity Manager Administration page.
-
Open the driver set that contains the driver whose properties you want to edit:
-
In the list, click .
-
If the driver set is not listed on the tab, use the field to search for and display the driver set.
-
Click the driver set to open the Driver Set Overview page.
-
-
Click the upper right corner of the driver icon to display the menu, then click .
or
To add a GCV to the driver set, click, then click .
To access the driver’s GCVs in Designer:
-
Open a project in the Modeler.
-
Right-click the driver icon
or line, then select
or
To add a GCV to the driver set, right-clickthe driver set icon
, then click .
Table A-7 Global Configuration Values
|
Option |
Description |
|---|---|
|
|
If , incoming values for Group Membership attributes are set as association-ref attributes values on the containing value elements. |
|
|
Select to display the information for the requestor. |
|
|
Specify the ID of the GRC user that is supplied as the on all requests to GRC. |
|
> |
Specify the first name of a GRC user that is supplied as the name on all requests to GRC. |
|
|
Specify the last name of the GRC user that is supplied as the on all requests to GRC. |
|
|
Specify the e-mail address of the GRC user that is supplied as the on all requests to GRC. |
|
|
Select to display the information for request mapping. |
|
|
Specify a value for the request priority. This value must correspond to a request priority value defined in GRC. It is the priority value specified with the request data. |
|
> |
Select whether the account is disabled or deleted when the entitlement for a user account in the GRC system is revoked. delete account: A Delete Account request is submitted to GRC. disable account: A Lock Account request is submitted to GRC. |
|
> |
Specify the GRC request type that contains the CREATE_USER action. For more information, see Section 4.1, Configuring Request Types. |
|
> |
Select if the GRC request type used for new user accounts also contains the action ASSIGN_ROLES, otherwise select . |
|
> |
Specify the value of the GRC request type that contains the ASSIGN_ROLES action. |
|
> |
Specify the value of the GRC request type that contains the DELETE_USER action. |
|
> |
Specify the value of the GRC request type that contains the LOCK_USER action. |
|
> |
Specify the value of the GRC request type that contains the UNLOCK_USER action. |
|
> |
Specify the GRC request type that contains the CHANGE_USER action, but not the ASSIGN_ROLES action. |
|
> |
Select to display the request status parameters. |
|
> |
Specify a value for how often GRC is polled to get the current status of a previously submitted request. |
|
> |
Select to always obtain the results of a GRC risk analysis after submitting a request to GRC. Select to not obtain the GRC risk analysis results. |
|
> |
Select to always obtain the GRC audit trail when requests are approved or rejected. Select to not obtain the GRC audit trail for requests. |
|
Role Mapping > Show role mapping configuration. |
Select to display the GCVs for enabling the driver to work with the Role Mapping Administrator. For more information, see the Identity Manager Role Mapping Administrator 1.0 Installation and Configuration Guide. |