Solved: How to manage multiple security approvers in CUP

Former Member · ‎08-02-2010

Hello GRC CUP experts,

We are having a question regarding how to manage the fact that we have multiple security admins who will be administering th approval for account access in CUP. We have 4 basis people who will be sharing responsibility as the security approver in the workflow. Standard configuration defines a security lead with an alternate. We need for our all four of our security people to be able to view and approve any request that is submitted. We can define a single delegation for the security lead, but that only allows for two people to share the approval queue. How do we enable all 4 people to process any request needing security approval? I tried to fiddle with the Distribution List and DL Approvers, but don't see where this gets me. We are on 5.3.

Thanks,

Yvonne

Former Member · ‎08-02-2010

Hi Yvonne,

Instead of using security lead stage, have a look at security stage. Security stage will send the request to users who are assigned to 'AESecurity' role in UME. This way you can assign this role to all the four security admin and you won't have configure anything else.

Regards,

Alpesh

Former Member · ‎08-02-2010

Hi Yvonne,

Instead of using security lead stage, have a look at security stage. Security stage will send the request to users who are assigned to 'AESecurity' role in UME. This way you can assign this role to all the four security admin and you won't have configure anything else.

Regards,

Alpesh

Former Member · ‎08-02-2010

Thanks Alpesh, I tried your suggestion, and now the request is available for multiple security admins to approve. That's all great. However, now they are not receiving emails telling them that a request needs their approval. Do we need to modify the stage further to manuipulate how the next approval email is sent?

Yvonne

Former Member · ‎08-03-2010

Yvonne -

By default, no email notifications are sent for any stage that uses the standard "Security" Approver Determinator. If you want email notifications sent to your 4 BASIS users, I suggest creating a Custom Approver Determinator (CAD) to use instead. Assuming that it's not for the first stage of your approval workflow, then you could just use an attribute that will always be true... like 'Request Type = New' or whatever applies to your situation. Just define all 4 of your BASIS users as the approvers for that attribute and then use the CAD in your stage.

- Rob

Former Member · ‎08-06-2010

Hi

If you want to take approval from any one of the security administrator then create mail groupid then give this mailid it in the RAR-> configuration->Approvers-> security lead option. then a mail is triggered to the group when request reaches the Security lead stage approval.

Regards

Hari

Former Member · ‎08-06-2010

Rob, Thanks for the idea. I created the CAD as you suggested and now multiple people can approve and they all get the emails.

That's exactly what I needed.

Yvonne

Former Member · ‎02-21-2012

Hi Rob--

Is this also true if you specify a "Group E-Mail Address" in the Approvers -> Security Lead configuration? I have specified an email address there, but am not getting email notifications when my workflow hits the default "Security" approval stage.

Thanks,

Brett