- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago - last edited 3 weeks ago
Hello SN community.
I am looking for validation.
When assigning the GRC Business User role. Most of the documentation states to add users to the GRC Business User group.
Would it be better to assign the role directly to various ITIL type groups that would be assigned an IPT?
For example. if I assign an IPT to a server team assignment group GRC business user group, but the IPT intended for the server team
and some not all of the users of the group are part of the grc business user group, some users may not be able to be assigned to or see the IPT record and reporting on issues based on assignment group will not be accurate
Would it be a better approach to add the grc.business_user role to the server team assignment group, so that all users inherit the role and access to the assigned IPT to allow for reassignment within their team and the IPT can be directly assigned to their assignment group?
Is the GRC Business user group more for control of license usage?
Update: the OOB Ref qual looks for the grc.business_user role. So the only group that could be selectable would be a group that has that role anyways. Thoughts?
Thanks yall
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago - last edited 3 weeks ago
Best practice is to assign roles to groups, and then add users to those groups. If your Server Team team members all need the grc.business_user role, it makes sense to add that role to the group. Based on your update, regarding the ref qual, it sounds like the Server Team group needs the role to even be assignable. For that reason, I believe it makes sense to proceed with adding the role to the Server Team group.
As for tracking the licenses -- I'm not able to speak to that... I'd reach out to your account rep to understand how that is measured. That said, it probably wouldn't be limited to just the GRC Business User group; a search could be ran against sys_user_has_role to get the count.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago - last edited 3 weeks ago
Best practice is to assign roles to groups, and then add users to those groups. If your Server Team team members all need the grc.business_user role, it makes sense to add that role to the group. Based on your update, regarding the ref qual, it sounds like the Server Team group needs the role to even be assignable. For that reason, I believe it makes sense to proceed with adding the role to the Server Team group.
As for tracking the licenses -- I'm not able to speak to that... I'd reach out to your account rep to understand how that is measured. That said, it probably wouldn't be limited to just the GRC Business User group; a search could be ran against sys_user_has_role to get the count.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Great! That is validating to hear. I will mark this as the solution. Thank you
