Skip to Content
Author's profile photo Madhu Babu #MJ

Terminate Account – Request Process – GRC 10

Purpose

 

The purpose of this document is to discuss about Terminate account request process being followed by one of our customers. This document’s main intention is to explain the terminate account process being followed by one of our customers and to understand how terminate account request is handled by different customers and this can be achieved by collaborating with all consultants in GRC space.

Terminate Account – Requirements

 

For terminate account request,

Lock the user,

Update the user group to DELETE,

Change the Validity of the User to Previous day date and

Change the Valid To-date of all the roles also to Previous day date

 

Terminate Account – Configuration

 

Terminate Account – Request Type

 

 

Terminate Account – Configuration Parameter settings

 

Configuration Parameter – 2042 [Visibility of Valid from/valid to for profiles] value has been set as “3

Value 3 allows approver to edit only Valid To date of the existing roles for the user.

Terminate Account – GRC request

 

First selected the user to terminate and included System Line Item with validity dates properly assigned for termination.

In Next step, I clicked on existing assignments and added all existing assignments to the request with provision action RETAIN and changed the validity dates for roles as per my User Validity and submitted the request.

Once this is done, my requirements for Terminate Account request type are properly working.

P.S: I want consultants from GRC space to collaborate with this document and suggest if the process being followed is proper and also to discuss about different ways of terminating a user account through GRC.

Assigned tags

      15 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Alessandro Banzer
      Alessandro Banzer

      Dear Madhu,

      we are following a similar approach on user termination.

      1. Change validity period (Valid through date is set to last working day)

      2. Change user group to NOVALID

      All users are reviewed monthly and will be deleted after 90 days.

      In most of the cases we don't set the valid date on role level as if a user terminates he anyhow cannot access the system anylonger.

      Looking forward to get more valuable input.

      Best regards,

      Alessandro

      Author's profile photo Madhu Babu
      Madhu Babu
      Blog Post Author

      Hi Alessandro,

      Approach mentioned by you is the one that used to be followed by my previous customers.

      In my current project, along with valid to date change, they are also looking to change valid to dates for existing roles as per user valid to date.

      I tested this scenario and is working fine.

      Looking forward to get better approach or best approach preferred by lot of customers from experts out here.

      Regards,

      Madhu.

      Author's profile photo Former Member
      Former Member

      Hello All

      I want to learn how to configure HR Trigger BRF Rules

      Do you have some documentation, i have already downloaded SAP notes but i want some specific details if possible.

      Thanks a lot.

      Picho

      Author's profile photo Mamoon Rashid
      Mamoon Rashid
      Author's profile photo Former Member
      Former Member

      Hi Banzer,

      We are following similar on user termination. i.e . Change validity period (Valid through date is set to last working day).

      Due to some reason after approval valid through date is not being set in back end system.

      Please help me to resolve this issue.

      Regards,

      Basawareddy

      Author's profile photo Padmavathi Sai
      Padmavathi Sai

      Hi Basawareddy,

      Are you using Change&Lock User action in your terminate account request type?

      Regards,

      Sai.

      Author's profile photo Former Member
      Former Member

      Hi Sai,

      Thanks for the reply, I am using GRC 10.0 for delete account request with change option.

      regards,

      Basawareddy

      Author's profile photo Former Member
      Former Member

      Hi Madhu,

      I am following same steps as your's, but in system valid through date and roles end date is not updating.

      Please suggest.

      Regards,

      Basawareddy M Gopsen

      Author's profile photo Madhu Babu
      Madhu Babu
      Blog Post Author

      Hi Basawareddy,

      Requester needs to explicitly maintain the end date for System as well as to roles while raising the request. Then only it works. Also make sure you have run the sync jobs already so that existing assignments shows all roles assigned to user.

      Regards,

      Madhu.

      Author's profile photo Former Member
      Former Member

      Hi Madhu,

      Yes, requester updated end dates manually for all roles and also in system line item.

      Even though valid through date and roles end dates are not being updated in the backend system, but user id is getting locked.

      Please suggest.

      Regards,

      Basawareddy

      Author's profile photo Former Member
      Former Member

      Hello Experts,

      I have an issue in this topic.I have configured the same as above for the user termination request.However, User group is not getting updated.User is getting locked an roles VT dates are getting updated as mentioned in the request.

      I suspect, my user source is ECC system itself and while submitting it gives a message that the user details are updated as per the source.

      Can someone help me resolve this issue.

      Regards,

      Mohan kalla.

      Author's profile photo Former Member
      Former Member

      It is resolved now.

      Author's profile photo Former Member
      Former Member

      Hello Mohan, could you please share how is your BRF+ rule configured? What else do i have to do after finishing BRF + creations update in MSMP? Do you have a decision table that you can share?

      Thank you.

      Picho

      Author's profile photo Raj Singh
      Raj Singh

      Mohan,

      Can you please update the message with steps that resolved this issue ?

      Regards,
      Raj

      Author's profile photo Former Member
      Former Member

      Hi all ,

       

      I want to know when we raise GRC request for role assignment what will be the date of role assignment .

      1. Request raised date or Request approved date.

      In my system it is showing role assignment date is request raised date

       

      Can any one help can we change this or its default date of assignment

      Sunil.