- SAP Community
- Products and Technology
- Additional Q&A
- CUP Automatic reject request
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
CUP Automatic reject request
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 07-16-2010 5:40 PM
Hello,
inspired by the great blog from Frank Bannert (/people/frank.bannert/blog/2009/06/19/configure-bobj-ac-53-cup-that-workflows-only-appear-if-violations-detected) to have a workflow (triggered from IdM) that only appears if SoD-violation is detected, I want to go further:
Can anyone tell me how to create a workflow step in CUP that automatically rejects the request?
The idea is to have a request from IdM for a person to get a role. This request now comes to CUP. With the basic construction mentioned in the blog above, there is a obligatory SoD check. If there is no violation, the request is granted in CUP automatically and sent back to IdM. If there is a violation, I now want the request to be rejected in CUP automatically (instead of a manual step with user interaction).
Is this possible - and how?
Thanks in advance
Matthias Arlt
Accepted Solutions (0)
Answers (2)
Answers (2)
koehntopp
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Matthias,
I'm really not sure why you'd want to do this. I completely fail to understand the red/green light thought on risk analysis.
For any given customer I've been to ver the last few years, this is just not how role management works. If you can do that, why bother with GRC and IdM and not just automatically assign role by position in HR?
The only way to do that is to read the audit trail in IdM and decide whether to allow or reject based on the information in there.
But I'm sticking to my point - this is academical and will bite you in reality.
Frank.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello,
thank you Alpesh for the straight answer.
As to Frank: actually this is a customer scenario: we have mass uploads and the customer does not want to deal with a lot of possible SoD-violations each single one at a time but prefers to have a report that tells him the violations without having all the requests being on hold.
However since it is technically not possible, no further discussion is necessary.
Regards
Matthias Arlt
koehntopp
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Matthias,
maybe I need to correct this - it is technically possible, but you need to make the distinction whether a request had SoD risks on IdM. The risk analysis service will tell you if there were risks, you can have a "no stage" path to come back without user intervention.
What is it that you want to mass upload - initial user/role assignments, or ongoing requests?
You can also do a simulation in RAR before the upload, or a risk analysis immediately after that. If it's a one time thing, it probably doesn't qualify for a special implementation.
Can you tell us in a bit more detail what it is you want to do? There surely is a solution, it's just not easy to find from the information so far.
Frank.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Matthias,
Another option is to use a detour. All non-SOD requests go to the appropriate approvers; all SOD requests go to one person for approval review. That "admin" type of person could then reject, approve or forward the request to the appropriate approver.
If that person has admin rights they could also mass cancel the requests in Configuration --> Request --> Administration.
You could give that reviewer change access to the request to delete the SOD entries. After making the changes, and SOD report is re-run and re-submitted.
It's not an auto-delete solution, but close.
-Dylan
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
No Mathias. There is no automated way in CUP to reject request. You can automatically approve the request in CUP by adding stageless approval but you won't be able to reject request without manual intervention.
Regards,
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Manage Supply Shortage and Excess Supply with MRP Material Coverage Apps in Enterprise Resource Planning Blogs by SAP
- Automatic Hire in Human Capital Management Blogs by SAP
- FAQ on Upgrading SAP S/4HANA Cloud Public Edition in Enterprise Resource Planning Blogs by SAP
- SAP Commerce Cloud Q1 ‘24 Release Highlights in CRM and CX Blogs by SAP
- Email Notification after Screening Maintenance Request in Enterprise Resource Planning Q&A
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.