cancel
Showing results for 
Search instead for 
Did you mean: 

UAR Approvals for roles with multiple owners

Former Member
0 Kudos

Hi All, We have in many cases, two role owners for roles defined in CUP. When running the UAR, both owners are notified.

However, when one of the owners submits the approved/removals UAR request, the request closes out and the other owner does not have the opportunity to validate the request also.

Any suggestions how to be able to accomodate both owners?

The UAR CAD option is out of scope since it makes no sense to upload and maintain 4000 roles in the CAD.

Thanks! -Dylan

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

FYI, We were not able to find an acceptable workflow solution but decided to restrict access via authorization. We will allow the role primary Role Owner to make the UAR line item updates but not allow the Role Owner to submit the UAR.

The Secondary Role Owner will be allowed to Submit final version of the UAR.

Role makeup:

ZAE_UAR_ROLE_OWNER (UAR Role Owner Approver)

AE.ViewAccessEnforcer

AE.ViewRemoveAccess

AE.ViewApprove

AE.ViewSaveRequest

ZAE_UAR_QUARTERLY_OWNER (UAR Quarterly Owner Approver)

AE.ViewAccessEnforcer

AE.ViewSubmitRequest

Hopefully, more workflow flexibility is will be built-in to the UAR just like with normal CUP requests.

Best Regards, Dylan

Former Member
0 Kudos

Hi Dylan,

I think that is good approch.

We had similar need, achieved this by having additional additional stage called global role owner.

UAR workflow goes like this, Initiator -> role owner -> ww role owner -> sap-security.

role owner approve/reject access and then ww role owner gets to reviews .

Thanks

Laks

Former Member
0 Kudos

Hello Laks,

Thanks for the input. Even though our workflow is simpler, the problem is that we have multiple secondary owners per system.

Initiate UAR --> Primary Role Owner & Secondary Ower --> Auto-provision.

We'd like to break up the Primary and Secondary owner into two stages but have not been able to do it successfully. It sounds simple, but the workflow design in UAR is too limiting.

-Dylan