Supporting Data in A GRC control indicator

Gary22 · ‎06-20-2022

Can someone please guide me for the following scenario I am trying to setup .

I have a control that no user should have admin rights .

I am now designing an indicator for this control .

This will be a manual indicator , but in supporting data i want to query sys_user table for all users with the admin role . Or if a particular user is my entity for the control , I want to show all the roles for that particular user as supporting data in the indicator results .

My doubt is , how to frame the query in the indicator template to fetch this data

thanks in advance

Sulabh Garg · ‎06-21-2022

Hi Gary,

Then in this case, you need to change the Method from 'manual' to 'script' and build a below script to query the entity (user record) present in a control to the sys_user_has_role table and check if the entity record is having admin role or not. If there are records then Indicator should fail else it should pass.

Below can be the script

var grSUHR = new GlideRecord('sys_user_has_role');
grSUHR.addEncodedQuery("sys_id=+current.profile^role.name=admin"); // Here current.profile will get the entity sys id from control table
grSUHR.query();
if(grSUHR.next())
{
result.passed = false;
}
else
result.passed = true;

result.supportingDataIds = [grSUHR.user.user_name, grSUHR.user.manager, grSUHR.user.roles,grSUHR.user.location];

Note - I have not checked the script on actual indicator template but it should work in your case.

Please Mark ✅ Correct/helpful, if applicable, Thanks!!
Regards
Sulabh Garg

View solution in original post

Gary22 · ‎06-20-2022

attaching screenshot for ref

Sulabh Garg · ‎06-21-2022

Hi Gary,

You may like to setup the Supporting data as below and instead of querying the sys_user table, you should query the 'sys_user_has_role' table to check the condition (user with admin role) under "Basic Criteria'.

Please see screenshot for reference.

Please Mark ✅ Correct/helpful, if applicable, Thanks!!
Regards
Sulabh Garg

Gary22 · ‎06-21-2022

hi @Sulabh Garg

thanks for replying . this is giving me all users with admin roles . If my entity is a record from the user table , how do i put a where condition comparing the user name to my entity

Sulabh Garg · ‎06-21-2022

Hi Gary,

Then in this case, you need to change the Method from 'manual' to 'script' and build a below script to query the entity (user record) present in a control to the sys_user_has_role table and check if the entity record is having admin role or not. If there are records then Indicator should fail else it should pass.

Below can be the script

var grSUHR = new GlideRecord('sys_user_has_role');
grSUHR.addEncodedQuery("sys_id=+current.profile^role.name=admin"); // Here current.profile will get the entity sys id from control table
grSUHR.query();
if(grSUHR.next())
{
result.passed = false;
}
else
result.passed = true;

result.supportingDataIds = [grSUHR.user.user_name, grSUHR.user.manager, grSUHR.user.roles,grSUHR.user.location];

Note - I have not checked the script on actual indicator template but it should work in your case.

Please Mark ✅ Correct/helpful, if applicable, Thanks!!
Regards
Sulabh Garg