Supporting Data in A GRC control indicator

Gary22
Tera Contributor

Can someone please guide me for the following scenario I am trying to setup  . 

 

I have a control that no user should have admin rights . 

I am now designing an indicator for this control . 

This will be a manual indicator , but in supporting data i want to query sys_user table for all users with the admin role . Or if a particular user is my entity for the control , I want to show all the roles for that particular user as supporting data in the indicator results . 

My doubt is , how to frame the query in the indicator template to fetch this data 

 

 

 

 

thanks in advance 

1 ACCEPTED SOLUTION

Hi Gary,

Then in this case, you need to change the Method from 'manual' to 'script' and build a below script to query the entity (user record) present in a control to the sys_user_has_role table and check if the entity record is having admin role or not. If there are records then Indicator should fail else it should pass.

Below can be the script

var grSUHR = new GlideRecord('sys_user_has_role');
grSUHR.addEncodedQuery("sys_id=+current.profile^role.name=admin");  // Here current.profile will get the entity sys id from control table
grSUHR.query();
if(grSUHR.next())
{
result.passed = false;
}
else
result.passed = true;

result.supportingDataIds = [grSUHR.user.user_name, grSUHR.user.manager, grSUHR.user.roles,grSUHR.user.location];

 

Note -  I have not checked the script on actual indicator template but it should work in your case.

 

Please Mark Correct/helpful, if applicable, Thanks!! 
Regards
Sulabh Garg

Please Mark Correct/helpful, if applicable, Thanks!!
Regards
Sulabh Garg

View solution in original post

6 REPLIES 6

Gary22
Tera Contributor

attaching screenshot for ref

Sulabh Garg
Mega Sage
Mega Sage

Hi Gary,

You may like to setup the Supporting data as below and instead of querying the sys_user table, you should query the 'sys_user_has_role' table to check the condition (user with admin role) under "Basic Criteria'.

Please see screenshot for reference.

find_real_file.pngfind_real_file.png

 

Please Mark Correct/helpful, if applicable, Thanks!! 
Regards
Sulabh Garg

Please Mark Correct/helpful, if applicable, Thanks!!
Regards
Sulabh Garg

hi @Sulabh Garg 

 

thanks for replying . this is giving me all users with admin roles . If my entity is a record from the user table , how do i put a where condition comparing the user name to my entity 

Hi Gary,

Then in this case, you need to change the Method from 'manual' to 'script' and build a below script to query the entity (user record) present in a control to the sys_user_has_role table and check if the entity record is having admin role or not. If there are records then Indicator should fail else it should pass.

Below can be the script

var grSUHR = new GlideRecord('sys_user_has_role');
grSUHR.addEncodedQuery("sys_id=+current.profile^role.name=admin");  // Here current.profile will get the entity sys id from control table
grSUHR.query();
if(grSUHR.next())
{
result.passed = false;
}
else
result.passed = true;

result.supportingDataIds = [grSUHR.user.user_name, grSUHR.user.manager, grSUHR.user.roles,grSUHR.user.location];

 

Note -  I have not checked the script on actual indicator template but it should work in your case.

 

Please Mark Correct/helpful, if applicable, Thanks!! 
Regards
Sulabh Garg

Please Mark Correct/helpful, if applicable, Thanks!!
Regards
Sulabh Garg