How to delete roles, mitigation controls, users, and other informations from one connector
When a user has to delete one Connector/System from GRC the syncs jobs will not remove from the tables the data from this connector,
but there is a report GRAC_DELETE_ACCESS_RULES that do the job, if you select the last check box as you can see in image:
You will delete data from the selected connector for the following GRC tables, *Noticed that all this tables has connector field and if this field is equal the connector that was choose the data will be erased.*
- gracactionsyst
- gracactpermsys
- gracactusage
- gracauthpmsyst
- gracclasssyst
- gracfldsys
- gracfldsyst
- gracfldvalsys
- gracmgmtactusage
- gracobjectauth
- gracpdprofiles
- gracpermclssys
- gracpermfldsys
- gracpermfldval
- gracprofile
- gracprofilet
- gracrlconn
- gracroleorg
- gracroleusage
- gractaskexecstmp
- gracuser
- gracuserconn
- gracusermap
- gracuserorg
- gracuserprofile
- gracuserrole
- gracusrpdprofile
- gracclasssyst
- gracfldsyst
- gracfldvalsys
- gracprofile
- gracroleorg
- gracroleusage
- gracusermap
- gracuserorg
- gracactionsyst
- gracactpermsys
Hello Rafael,
Thanks for sharing the valuable information
Regards
Deepak M
Hi Rafael,
A really useful document. Superb.
However, as per the naming convention of the options, it seems that, they delete accordingly, as below:
1st: Functions, for the selected system, will be deleted. So, could you share your thought on this. Risk is not defined for a system. So, if a Risk has 2 functions from 2 diff. connectors, then this risk will only, be left with 1 function(from the non-removed connector).However, if a Risk contains functions only,from the selected connector, then the Risk, will be deleted
2nd:Mitigation Control will be deleted/not-deleted, as per the Risk, deleted/non-deleted, as mentioned above
3rd: Risk Analysis data, for the above Risks, and the users for the selected Connector
4th: User, Role and Profile Sync data for the selected connector
Hi Plaban,
I just mention the last check, because some customers was with this doubt, but thanks for sharing the rest of the functionalities π ,
Regards
Rafael
Thank you Guimba,
We embrace recurrent issues about this topic and this is a great 'How-to'.
Regards,
Fernando
Superb! Thanks Rafael!
Nice to know, good work!
thanks for sharing - so far this information was only available in the coding π
Excellent information
Ravi
Hi,
Nice document . I Appreciate this π .
Keep on Posting.
Thanks Rafael.
Just to confirm:
Is this to be used only if the connector is deleted?
Is it useful if we see old data for an existing connector, for example, delete Business Roles that still appear in BRM?
If a connector is removed and later on added again, should we run this report? At what point?
If we run this report for an existing connector, will the incremental sync job pick it up?
Sorry for Β the number of questions, but it sounds like this functionality is as useful as dangerous π
Thank you
Hello Gustavo,
This is really dangerous, you should run only in the case that you want to exclude all the information related to this connector. After run this report all the other reports will run as was the first time. So the incremental sync will not work,
Regards
Rafael
That's really good info. Is there a way to delete only old data from these tables? Especially GRACPERMFLDVAL, GRACPERMFLDVALG and GRACACTPERMSYS. These tables are too huge for the DB and we are looking for ways to cleanup.
Regards,
Vishnu