Scenario: Access for business administrators

Applies to: On premises On Cloud Cloud Pak for Data

Some users or groups need access to objects in a different way than most other users and groups in your organization. For example, business administrators need more access controls compared to other users, such as being able to update or delete an object.

This scenario is a variant of Scenario: Objects that are shared across GRC domains.

Exception management

One example is exception or waiver management.

In general, exceptions from a requirement, control, or process are granted on a project basis. The project is a child of a business entity and is implemented as a risk entity. The project can have secondary associations to a process, a subprocess, or a requirement. Exceptions are child objects of the project and define the requirement, control, or process from which the exception is seeking relief. The project is granted the exception. If no specific project is involved in the exception, the business entity is granted the exception

All users can create exceptions but they can view only the exceptions that they created. The exception process custodians in IT have the job of reviewing and approving exceptions. You must extend role-based security to grant the exception process custodians in IT the ability to read and update all exceptions.

Privacy incidents

Another example involves the employees who are responsible for privacy incidents.

Specific individuals across the enterprise have responsibility for entering and maintaining information about Privacy incidents. In addition to other access that they have, they are designated as Privacy users and they might be in a Privacy Group or a Privacy Profile. The Privacy users can see all privacy incidents regardless of where the Privacy users are in the business hierarchy. They have access to additional fields on privacy incidents.

Similar functionality can be provided on other object types, such as audit findings, incidents, and waivers.