on 07-30-2010 12:53 AM
Hi All, We have in many cases, two role owners for roles defined in CUP. When running the UAR, both owners are notified.
However, when one of the owners submits the approved/removals UAR request, the request closes out and the other owner does not have the opportunity to validate the request also.
Any suggestions how to be able to accomodate both owners?
The UAR CAD option is out of scope since it makes no sense to upload and maintain 4000 roles in the CAD.
Thanks! -Dylan
FYI, We were not able to find an acceptable workflow solution but decided to restrict access via authorization. We will allow the role primary Role Owner to make the UAR line item updates but not allow the Role Owner to submit the UAR.
The Secondary Role Owner will be allowed to Submit final version of the UAR.
Role makeup:
ZAE_UAR_ROLE_OWNER (UAR Role Owner Approver)
AE.ViewAccessEnforcer
AE.ViewRemoveAccess
AE.ViewApprove
AE.ViewSaveRequest
ZAE_UAR_QUARTERLY_OWNER (UAR Quarterly Owner Approver)
AE.ViewAccessEnforcer
AE.ViewSubmitRequest
Hopefully, more workflow flexibility is will be built-in to the UAR just like with normal CUP requests.
Best Regards, Dylan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Dylan,
I think that is good approch.
We had similar need, achieved this by having additional additional stage called global role owner.
UAR workflow goes like this, Initiator -> role owner -> ww role owner -> sap-security.
role owner approve/reject access and then ww role owner gets to reviews .
Thanks
Laks
Hello Laks,
Thanks for the input. Even though our workflow is simpler, the problem is that we have multiple secondary owners per system.
Initiate UAR --> Primary Role Owner & Secondary Ower --> Auto-provision.
We'd like to break up the Primary and Secondary owner into two stages but have not been able to do it successfully. It sounds simple, but the workflow design in UAR is too limiting.
-Dylan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.