Hello Experts,

We are just trying to configure the basic components of Access Control on AC 10.

We have configured PSS and when we are trying to configure workflow for access requests we are running into issues.

I Just wanted to check what I configured makes sense.

We only need basic functionality.

1.User Lock,Unlock ---Where the only Approver is Manager ( We have configured LDAP so the system picks up manager details for the user)

2.Next is Validity Extension where we don't want any stage but the users can change their validity date just by submitting request and request is auto approved (Auto Provisioning has been configured)

3.We need Change Acct(For Adding of new roles)

4.We need New Acct(For creating new acct and also adding roles in same step)

I see that the major difference w.r.t. 5.3 to 10 is that in 5.3 we have different kind of Request types and we can have different initiators but in 10 we have a process id (Access Request) which pretty much covers above 1-4 etc and we have a single standard initiator(If we want more we need to use BRF+)

So Initially I configured in such a way that the request only goes to manager and it is approved .Here I had to use the system name and it worked fine.

Then I configured second stage of role owner approval and then when i add system and role it was erroring out so i just added the role and did a change acct and it worked fine.Don't know why it wasn't taking system and role together(could be because the role already has system name and maybe it didn't want redundant values)

So after configuring second stage when I tried to use it for user lock/unlock it is erroring out as obviously it doesn't like taking just system name.

My Config settings based on MSMP workflow.

1. Process ID -- SAP_GRAC_ACCESS_REQUEST

2. Rule ID-GRAC_AC_INITIATOR(Rule Result --GRAC_DEFAULT_RESULT)

5.Maintain Paths-GRAC_DEFAULT_PATH

Maintain Stages- GRAC_MANAGER,GRAC_ROLEOWNER

sorry for such a long post but I am at my wit's end as I am so near yet so far from the solution.

Thanks

Uday