Configure Manager Look-Up in ARM for GRC 10
Configuring ARM in GRC10 isn’t a difficult task if you know which details you have to take into account. This document gives you an overview of which information is required. It doesn’t consider all details but at least what you need to make sure the manager look up is working.
Pre-requirements:
Please install the following note in the backend system where your HR data’s are stored.
Note: 1756290 – Incorrect Manager picked if employee itself is a manager
To search for HR data (Manager, personnel number, etc.) from SAP ERP system and populate them on GRC ARM it is necessary to have GRC plug-in GRCPIERP installed in the backend (where your HR data’s are).
It is also necessary to have properly and completely configured HR org management which includes all required information. This can be done in T-Code PPOME. As you can see on the following picture my user is assigned as Head of an organization unit which manages some users.
We have also stored the employee’s communication ID (system user name) in the Communication Info type 0105.
Maintain Data Sources Configuration in GRC Box
Maintain the connector information which is required for Access Control to retrieve the user and authentication information from the HR system.
IMG > GRC > Access Control > Maintain Data Sources Configuration
Update the Data Source for the structures pointing to your HR system as follows:
As you can see in Sequence one the user User Data Type is set to HR. We have also configured alternative data sources if HR data is not available in sequenze two and three.
End User Personalization:
To make sure a manager cannot be changed manually (if picked from HR), you can maintain the end user personalization and set to Mandatory, not changeable if data exists.
IMG > GRC > Access Control > User Provisioning > Maintain End User Personalization
Example:
While creating an access request for the user T-TEST it automatically shows the manager (BANZER_A) which is defined in HR org management.
Well, that’s all for the moment. I hope this document has helped you to successfully configure manager look-up in ARM. Please feel free to share your thoughts and comments in order to improve our knowledge.
Regards,
Alessandro
Dear Alessandro,
This is quite good document. However. may I know how different it is from normal configuration to pick details from HR.
I only see one difference of note implementation in Plug-In system.
can you please clarify?
Regards
Hi Alessandro,
We are planning to populate the manager from a custom table, could you help us in the configuration of the same.
thank you.
Dear Pranay,
can you please open a new discussion for your query?
I would like to avoid discussions that do not belong to this document in the comments.
Thanks and regards,
Alessandro
thank you.
How to maintain managers in GRC without any HR org structure in ECC?
Hi Alessandro,
I would like to check if there is anything to be done in the HR System GRC Plug-in.
Jonathan Yim
Hello,
Even after following and double-checking this steps, the Manager still comes blank in the Access Request form. Other user details, like first and last names are coming correctly from HR and the info type 0105 subtype 0001 are correct in the backend.
Can you advise what else we could be missing, please?
Thanks and best regards,
Gustavo
Hi Gustavo,
is this fixed, we are facing same issue.
Regards,
Pankaj Sharma