- SAP Community
- Products and Technology
- Additional Q&A
- Set SoD detour condition on path level?
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Set SoD detour condition on path level?
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 05-25-2010 3:26 PM
Dear forum,
We have a parallel workflow where the different paths are divided by business processes.
We want that SoD free paths continue as normal. Problematic paths are sent for resolution.
The problem as I see it is that the SoD detour condition is set on request level, not path level. Both problematic and non-problematic paths will meet the condition and are pushed into the detour. The non-problematic path will get stalled, because it has to wait for mitigation approval. Is there any workaround?
Kind Regards,
Vit V.
Accepted Solutions (1)
Accepted Solutions (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
When you define your detour, you specify for which path it is, and at what stage it should detour. We do something similar where requests with SOD violations go thru a detour whereas requests with no SOD violations continue in their current path. For multiple paths, you will have to configure multiple detours.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Jose,
We have different detour paths for every parallel path. But if any SoD conflict is detected, the SoD condition is met for all paths and are pushed into the detour(s). Have you successfully tested it?
Example:
Main Paths
P1
P2
P3
Stages
_1: Manager
_2: Role Owner
_3: BPO (CAD business process of role)
P1_1
P1_2
P1_3
P2_1
P2_2
P2_3
P3_1
P3_2
P3_3
Detours (1-stage with mitigation controll approver)
P1_DT
P2_DT
P2_DT
SoD detour takes place at stages:
P1_2
P2_2
P3_2
Problem 1: If the SoD conflict condition is met, all paths are pushed into their detours
Problem 2: Let say we have two paths with SoD conflicts, a third one is not. Two mitigation controlls are applied. All three paths are pushed into their detour paths for mitigation approval.
Worst case scenaro:
Conflicting path 1: Mitgation Approver 1 approves
Conflicting path 2: Mitgation Approver 1 + Mitgation Approver 2 Approves
Non-conflicting path: Mitgation Approver 1 + Mitgation Approver 2 Approves
kind regards,
vit v
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi VIt,
I got chance to go through your scenario, what I am thinking is that issue is not detour paths taken by the request.
But the conflicts or SOD violation of one path is also visible in another path. Hence the detour path is taken.
like if you have role 1 in path1 that has violations say Risk " RSK1" and role 1 is there in path1. In Path2 you have role 2 that does not have violations.But Risk "RSK1" will be also visible in path2 hence detour 2 is taken.
Check it is existing in your landscape. If it is limitation. Raise a message with GRC support.
Kind Regards,
Srinivasan
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Answers (0)
- How to use aggregated value of a Z Condition Type automatically update into a Z Amount Field. in Enterprise Resource Planning Q&A
- Quick Start guide for PLM system integration 3.0 Implementation in Product Lifecycle Management Blogs by SAP
- Quick Start guide for PLM system integration 3.0 Implementation/Installation in Enterprise Resource Planning Blogs by SAP
- Business Rule Framework Plus(BRF+) in Enterprise Resource Planning Blogs by Members
- Unplanned Delivery Cost of Purchasing in S4HANA Cloud, Public Edition in Enterprise Resource Planning Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.