on 04-10-2012 10:09 AM
Hello,
Can we have a workflow for removing role,and expiring and locking user globally in CUA and changing User group to EXPIRED.
1)when I select role for removal it ask for approval of role owner we don’t need that.
2)it locks user in each system not globally in CUA.
3)does not update User Group.
Regards,
Prasant
Hi Prasant,
1. Maintain separate path for role removal with out Role owner Stage.
2. Dont have much idea with CUA.
3. How are you trying to update user group ? (Check Note: 1684783 & 1615552)
Regards,
Ajesh.
Message was edited by: Ajesh Raju Pujari
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Prasant,
As per my understanding you dont want role removals to go through role owners.I assume you are using BRF+ initiator.
In the initiator decision table you define a new row with PROV_ACTION = 009 (REMOVE) and give a new RULE_RESULT ( Say REM)
Make sure you dont give the action in any other row for the respective system(s). Otherwise initiator will not be unique.
Now go to maintain MSMP worflows, map the rule result REM to a new path ( With out role owner stage). Thus avoiding to go through Role owner.
Regards,
Ajesh.
Hello Ajeesh,
1)GRC Default path
2)Key user Path with 2stages a)manager b) Role Owner
GRC Default path at mapping GRC initiator will move request to default path.
So when ever request goes it goes for approval from Manager at key user path and role owner for role approval.
when create request for role removal it goes for approval we dont need single approval.
Regards,
Prasant
Hi Prasant,
Looks like you are using default initiator and default path. You need to create custom initiator with different ruleset. Based on the rule result, you configure the paths.
I suggest you create a BRF+ Initiator to achieve this. Following doc will help you.
http://scn.sap.com/docs/DOC-1566
Regards,
Ajesh.
Hi Prasant,
The given link has the process or generating the initiator and maintaing it.
http://scn.sap.com/docs/DOC-1566
Follow the steps given in the doc and let us know if you get stuck in the process.
Regards,
Ajesh.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.