cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC10 Workflow for Role Removal.

Go to solution
Former Member

on ‎04-10-2012 10:09 AM

0 Kudos

Hello,

Can we have a workflow for removing role,and expiring and locking user globally in CUA and changing User group to EXPIRED.

1)when I select role for removal it ask for approval of role owner we don’t need that.

2)it locks user in each system not globally in CUA.

3)does not update User Group.

Regards,

Prasant

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎04-10-2012 11:08 AM
0 Kudos

Hi Prasant,

1. Maintain separate path for role removal with out Role owner Stage.

2. Dont have much idea with CUA.

3. How are you trying to update user group ? (Check Note: 1684783 & 1615552)

Regards,

Ajesh.

Message was edited by: Ajesh Raju Pujari

Show replies
Show replies
Former Member
‎04-10-2012 2:41 PM
0 Kudos

Could you please provide some details.

My current path is.

path: MANAGER>>> ROLEOWNER(Routing Enabled)if no owner found goest for Auto apprpval)if SOD Found goes for Mitigation).

Regards,

Prasant

Former Member
‎04-11-2012 6:27 AM
0 Kudos

Hi Prasant,

As per my understanding you dont want role removals to go through role owners.I assume you are using BRF+ initiator.

In the initiator decision table you define a new row with PROV_ACTION = 009 (REMOVE) and give a new RULE_RESULT ( Say REM)

Make sure you dont give the action in any other row for the respective system(s). Otherwise initiator will not be unique.

Now go to maintain MSMP worflows, map the rule result REM to a new path ( With out role owner stage). Thus avoiding to go through Role owner.

Regards,

Ajesh.

Former Member
‎04-11-2012 9:04 AM
0 Kudos

Hello,

I am not using BRF+ initiator.

Regards,

Prasant

Former Member
‎04-11-2012 9:27 AM
0 Kudos

Hi Prasant,

If you are using FM. Still the logic remains the same.

Try and let us know if you are facing problem.

Regards,

Ajesh.

Former Member
‎04-14-2012 7:39 AM
0 Kudos

Hello Ajeesh,

1)GRC Default path

2)Key user Path with 2stages a)manager b) Role Owner

GRC Default path at mapping GRC initiator will move request to default path.

So when ever request goes it goes for approval from Manager at key user path and role owner for role approval.

when create request for role removal it goes for approval we dont need single approval.

Regards,

Prasant

Former Member
‎04-17-2012 7:30 AM
0 Kudos

Hi Prasant,

Looks like you are using default initiator and default path. You need to create custom initiator with different ruleset. Based on the rule result, you configure the paths.

I suggest you create a BRF+ Initiator to achieve this. Following doc will help you.

http://scn.sap.com/docs/DOC-1566

Regards,

Ajesh.

Former Member
‎04-19-2012 9:20 PM
0 Kudos

Could you please guide me in creating Initiator . for request type.

I mean if Request type is 004 then it should go to path X.

If request type is 008 then it should go to path Y

Former Member
‎04-20-2012 5:20 AM
0 Kudos

Hi Prasant,

The given link has the process or generating the initiator and maintaing it.

http://scn.sap.com/docs/DOC-1566

Follow the steps given in the doc and let us know if you get stuck in the process.

Regards,

Ajesh.

Answers (0)

Ask a Question