Skip to Content

Configuring ARM in GRC10 isn’t a difficult task if you know which details you have to take into account. This document gives you an overview of which information is required. It doesn’t consider all details but at least what you need to make sure the manager look up is working.

Pre-requirements:

Please install the following note in the backend system where your HR data’s are stored.

Note: 1756290 – Incorrect Manager picked if employee itself is a manager

To search for HR data (Manager, personnel number, etc.) from SAP ERP system and populate them on GRC ARM it is necessary to have GRC plug-in GRCPIERP installed in the backend (where your HR data’s are).

It is also necessary to have properly and completely configured HR org management which includes all required information. This can be done in T-Code PPOME. As you can see on the following picture my user is assigned as Head of an organization unit which manages some users.

/wp-content/uploads/2013/07/post01_253422.png

We have also stored the employee’s communication ID (system user name) in the Communication Info type 0105.

Maintain Data Sources Configuration in GRC Box

Maintain the connector information which is required for Access Control to retrieve the user and authentication information from the HR system.

IMG > GRC > Access Control > Maintain Data Sources Configuration

Update the Data Source for the structures pointing to your HR system as follows:

/wp-content/uploads/2013/07/post02_253423.png

As you can see in Sequence one the user User Data Type is set to HR. We have also configured alternative data sources if HR data is not available in sequenze two and three.

End User Personalization:

To make sure a manager cannot be changed manually (if picked from HR), you can maintain the end user personalization and set to Mandatory, not changeable if data exists.

IMG > GRC > Access Control > User Provisioning > Maintain End User Personalization

/wp-content/uploads/2013/07/post03_253424.png

Example:

While creating an access request for the user T-TEST it automatically shows the manager (BANZER_A) which is defined in HR org management.

/wp-content/uploads/2013/07/post04_253421.png

Well, that’s all for the moment. I hope this document has helped you to successfully configure manager look-up in ARM. Please feel free to share your thoughts and comments in order to improve our knowledge.

Regards,

Alessandro

To report this post you need to login first.

7 Comments

You must be Logged on to comment or reply to a post.

  1. Faisal Khan

    Dear Alessandro,

    This is quite good document. However. may I know how different it is from normal configuration to pick details from HR.

    I only see one difference of note implementation in Plug-In system.

    can you please clarify?

    Regards

    (0) 
  2. Pranay Aitha

    Hi Alessandro,

    We are planning to populate the manager from a custom table, could you help us in the configuration of the same.

    thank you.

    (0) 
    1. Alessandro Banzer Post author

      Dear Pranay,

      can you please open a new discussion for your query?

      I would like to avoid discussions that do not belong to this document in the comments.

      Thanks and regards,

      Alessandro

      (0) 
  3. Gustavo Soares

    Hello,

    Even after following and double-checking this steps, the Manager still comes blank in the Access Request form. Other user details, like first and last names are coming correctly from HR and the info type 0105 subtype 0001 are correct in the backend.

    Can you advise what else we could be missing, please?

    Thanks and best regards,
    Gustavo

    (0) 

Leave a Reply