on 01-25-2010 11:21 PM
Hello,
I am having a problem setting up UAR workflow in CUP.
I have analyzed my config and tried everything given on SAP note 1290835, but I cannot still generate UAR requests (I have set role owners as UAR reviewers, but unfortunately they are not getting an approval request for UAR review.
If anyone of you has an idea of what went wrong, please help.
Thanks,
HM
HM,
May be the requests are in for Admin Review. Did you check the option 'Admin review required before sending tasks to reviewers' . Is it Yes or No?
Thanks & Regards,
Venky.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Venky,
Thanks for your reply.
I have tried both.
When I set the option to "Yes", requests are coming in and being observed on Configuration>User Review>Request Review---but there is no approval button to pass the requests to the next stage (role approvers).
Instead, there are just "change" or "cancel" button on the screen.
Also,
When I set the option to "No", I don't even see any approval requests in CUP.
Thanks,
Hideo
HM,
Since your UAR process is based on "Role Owner" as reviewer, please ensure that each role being reviewed has Role Owner information associated.
Generally ADMIN review is advisable for both UAR/SOD reviews so that GRC Admin can cancel irrelevant requests or adjusts the reviewers.
If you have enabled the ADMIN review, then after admin review is done, schedule the UAR Review update workflow tasks so the requests are pushed to next stage(First stage - Role owner as Reviewers) of UAR review path.
If ADMIN review is not enabled requests will be directly dispatched to the role owners ASA they are generated.
Ensure that you have correct workflow path configured, SMTP server connection is working properly (for emails) and appropriate email message configured under Reviewer stage.
Once requests are moved out of ADMIN review they are no longer available in User Review--> Request Review.
To verify the current open requests use CUP Config >Request->Administration to search for open UAR requests.
As you mentioned that requests were generated but Reviewers did not receive the email, please check SMTP config and Stage level email setting.
Also note that Reviewer-Coordinator mapping is an optional part if you want to have Coordinators monitor/track incomplete reviews. If you decide to use this feature, you have to populate it before UAR requests are generated(before UAR Review Load Data job).
Let me know if you still have any issues with UAR review (ensure to mention current CUP/ERM support pack level).
Regards,
Amol
Amol,
I have done a little experiment for the Admin Review option.
I was able to see a list of roles with assigned users under the config tab (User Review>Request Review) after running the u201CUAR Review Load Datau201D job.
However, after running the u201CUAR Review Update WorkFlowu201D job to push those requests to the next stage u201CUAR Reviewu201D, I donu2019t see any request coming in for those defined role owners (no email or no approval request in their work box under the My Work tab.
Please note that:
1. At the u201CUAR Reviewu201D stage, the approver determinator is u201CRevieweru201D.
2. In the config (User Review>Options), u201CWho are the reviewers?u201D is u201CRole Approversu201D.
Just as information:
1. I have set aside the option of Reviewer-Coordinator mapping for now.
2. My support pack is 9.
I am still struggling with this issue. Do you see anything that went wrong?
Thanks,
HM
HM,
As you mentioned that once UAR Review update workflow job is run requests aren't pushed to Reviewers, please check if you still can see all the UAR requests in ADMIN review after running the update workflow job.
If they are in ADMIN review then I think I know what the problem is. Please check that all the UAR requests in ADMIN review have valid Reviewer before requests are pushed out. You can search for the requests without reviewer information and then manually update the reviewer information.
CUP will not push the requests if request does not have valid reviewer (in your case each request should have valid role owner.).
Let me know if this helps.
Regards,
Amol
Amol,
Yes, you see my situation very clearly.
1. I can see all the UAR requests in ADMIN review after running the update workflow job.
2. I do not have valid reviewers (role owners) for each one of the roles stored in CUP.*
*There are approx 200 roles, but I have assigned only two role owners for this testing purpose.
Experiment:
1. I have cancelled all the requests in ADMIN review except for the ones that have reviewers (role owners)---at this point, only two reviewers left in ADMIN review.
2. Run the update workflow job.
3. Those two role owners are still not getting the requests.
Question:
Do you mean that I should have reviewers (role owners) for each one of the roles before I run the UAR review load data job? If your answer is u201CYesu201D, it explains all my problem. I need to do some additional testing to verify this.
I will give a try and let you know the result.
Thanks a lot!
HM
Ankur,
From your comments, I assume:
1. I have to assign role owners to each every one of the roles if I want them to be UAR reviewers.
2. I have to assign a coordinator before running the UAR Review Update Workflow job for any roles that are missing a coordinator.*
*This also means I have to maintain the reviewer/coordinator relationship in the Coordinator pane since the system won't let me select a coordinator or reviewer alone during the ADMIN review (has to be a pair).
I haven't gone through the testing yet, but I will share the result when I am done.
I really appreciate your time. Thanks a lot!
HM
Ankur,
My test went successful!
Now, requests are passed onto the Reviewer stage.
Basically I followed you and Amolu2019s suggestion:
1. Assign a coordinator to each role owner (my UAR reviewer).
2. Run the UAR Review Load Data job.
3. Cancel all the requests for which role owners are missing in the ADMIN review.*
4. Run the UAR Review Update Workflow job.
5. Run the Email Dispatcher job.
6. Now, each role owner is getting an approval request.
*I can either cancel requests or assign a reviewer/coordinator in the ADMIN review (you just don't want to leave the reviewer/coordinator column blank).
Thank you for all your time and support!
HM
Please check if the UAR path is active or not.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You will need to define the role owners in the roles within CUP.
You will need to define a UAR initiator, stage and path.
Make sure your email dispatcher is active.
As Amol mentioned, most customers, including his, use the Admin review feature to ensure the request goes to the correct reviewer.
Please double-check the above steps.
Thanks!
Ankur
SAP GRC RIG
Ankur,
We have approximately 10 paths already configured, and they work ok, including Create New Account, ERM Approval, Mitigation Control Approval, and all other basic workflows.
I basically have no problem with setting up workflows other than UAR and SOD review (of course, I had some minor issues with each along the way, thoughu2026). Note: we have not been working on SOD review config.
So,
1. I have defined role owners, and I can search and see those owners in CUP (not for all existing roles but a few role owners as an experiment),
2. I have defined a UAR initiator/stage/path correctly as I believe (I also tied several different combinations).
3. I donu2019t think email dispatcher is a cause since I can receive notifications and jump to open requests.
4. As to Admin Review, we are still considering the option.
Does it give you any clue?
HM
Ankur,
No problem with running and completing the Role Usage Synchronization job in ERM (no error or anythingu2026)
When I choose to have the admin review option, I can get requests at the 1st stage (Admin) but cannot pass those requests to the 2nd stage (Reviewer*).
*Reviewer is set to be Role Approver in the User Review>Option pane
Thanks,
HM
Do you have the coordinators and reviewers defined for the requests?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
DId you run the UAR Review Update Workflow job? If not, please run it, the requests will be forwarded from the Admin.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.