Setting up User Defaults in Access Control 10.0
The Purpose of this document is to explain the working of User defaults in GRC Access Control 10.0 and the various configurations required to make it work as per the user requirements.
During the process of creating a user, the admin might like a few default parameters to be assigned to the newly created user automatically. This assignment might be based upon various request attributes like Request Type, Request Priority, etc. This can be achieved by setting the User Defaults.
Basic flow of User Defaults
To get user defaults work, user needs to create a BRF+ applications that returns a User Default ID based upon various request attributes as listed below:
- Request Type
- Business Process
- Functional Area
- Employee Type
When the BRF+ decision table gets a match for values defined in it, a corresponding User default ID is returned. This User Default ID is then used to assign appropriate User Defaults to the user.
Setting up the BRF+ Decision Table
Create a BRF+ Application for user defaults and set its decision table so that it returns the User Default ID based upon the Request attribute chosen by you. As an example, if you want to assign certain user defaults to the user based upon various request types, you can create the decision table as shown in the screenshot below:
Mapping BRF+ Application for User Defaults
User also needs to map the BRF+ Application for user defaults under the IMG configuration shown below:
Goto IMG->Governance, Risk and Compliance->Access Control->Maintain AC Applications and BRFplus Function Mapping
Insert a new entry with the values mentioned in the Table shown below. You need to enter the BRF+ Function ID that you have used in the BRF+ for User Defaults.
BRF Function ID
MSMP Process Id
A reference screenshot showing the settings is shown below:
Maintaining User Defaults based upon User Default ID
Now, you need to set the various User Defaults and Parameters that would be assigned based upon the User Default IDs returned by the BRF+ Application as described above. To set these user defaults and parameters Goto IMG->Governance, Risk and Compliance->Access Control->User Provisioning->Maintain User Defaults. The Screen there looks as shown in the screenshot below:
Here, you can set various User Defaults like Start Menu, Time Zone, Decimal No, Logon Language, Date Format, etc. as per the requirement. A new entry can be created for a User Default ID if it does not exist already. A reference screenshot has been shown below for this:
You can also assign User Group based upon this User Default D by clicking over the "Set the User Group' link in the left panel as shown in the screenshot below:
Finally, if you want to assign values for certain Parameters for this User Default ID, click on the 'Set Parameter ID' on the left panel and set the Parameters as shown in the reference screenshot below:
Once all these settings are made properly, the User Defaults would be assigned to the User when the Access Request would be provisioned. Please note that the User Defaults cannot be seen during the creation of Access Request. They would be assigned at run time when the request would be provisioned.
Could anyone tell me how can I create a decision table with result column "User Default ID"?
Please look at note 1615552, once you get to step 2, you will understand how this is done.
I appreciate that this article is old, but how did you get the column "System" into the Decision table? I am on SP13 and the nearest thing I can put in is "Role_Connector" and this does not work when I simulate. From my understanding, the simple User Default BRF+ rule provided by SAP can only handle Header level attributes, therefore I would also ask if you actually got the rule defined above working in the actual scenario.
Await your feedback.
When I click on new enteries for user default id and try to input connector, it says entery already exist.I am not able to enter any new default id into it.
Although i am changing connector, but still it says entery already exist with this key.
Could you suggest.I am not able to change Default id..
As per requirement i need to set user Default based on User Group. That means:
Do you consider i can use the attributte User Group into the header level attributes into the BRF+.
I had some doubts with this article as it mentions:
"To get user defaults work, user needs to create a BRF+ applications that returns a User Default ID based upon various request attributes as listed below:
Kind regards and thank you.
Will BRF process multiple rows in the table or will it stop at the first one? We have mutiple systems request on one AR and it appears that BRF is processing properly the first system only. Any idea on this?
Sara - User Group works fine as a context parameter
Joyce - Are you sure your decision table is set to "returns all matched found"? You can find this when you click on the table settings button. Not 100% if this will fix the issues, but can be a common issue with decision tables