cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RoleOwner not picking up for New Request

Former Member

on ‎04-20-2012 10:25 AM

0 Kudos

Hi All,

We have created a BRF+ rule.

Initiator rule

001 Request Type(New account) - Z_PATH

Z_PATH

Stage 010 Manager  --- Agent is Z_MANAGER(Defined BRF+ rule)

Stage 020 Role owner--- Agent GRAC_ROLEOWNER (From SAP)

Stage 030 Security ---- Agent GRAC_SECURITY (From SAP)

We are able to submit request successfully(selecting a system and a role in that system whose owner and content approver are maintained). manger is able to approve.

Request is not provisioned to role owner in Z_PATH stage 020.

When same path Z_PATH is used for change account request type ...for the same role selected in New account request is provisioned to role owner for approver.

Not able to figure out why we have problem only with new account.

Please help.

Regards,

Sravan

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎04-20-2012 1:02 PM
0 Kudos

Have you used a custom initiator to determine if the request is "New User" or a "Change User"? And are you using the same Path for both request types?

Show replies
Show replies
Former Member
‎04-21-2012 5:21 AM
0 Kudos

Yes Kaushal. We have maintained Decesion Table of initiator rule with New Account(001) mapped to Z_PATH and Change Account(002) mapped to Z_PATH

amit_bajaj
Employee
Employee
‎04-20-2012 11:38 AM
0 Kudos

Hi Sravan,  please check the msmp advance debugger and  swels to check if the workflow was created or not.

Advance debugger will let you know about any wf issues. Search for sap note about advance msmp debugger.

Check st22 for  any application issue logs.

Show replies
Show replies
Former Member
‎04-21-2012 6:40 AM
0 Kudos

Hi Amit,

Here is the content of error part of log.

  • Rule A/F/GRAC_MSMP_ROLEOWNER_AGENT executed
  • Rule A/F/GRAC_MSMP_ROLEOWNER_AGENT returned results
  • Retrieved rule result: 0002/ROLEAPP_TEST
  • MSMP agent rule GRAC_MSMP_ROLEOWNER_AGENT returned 1 approvers
  • MSMP agent GRAC_ROLEOWNER did not return any approvers for Line Item '0001'
  • Approver not found at Path Z_PATH_NEWACCOUNT Stage GRAC_ROLEOWNER; escape path is not enabled
  • Approver not found at Path Z_PATH_NEWACCOUNT Stage GRAC_ROLEOWNER; escape path is not enabled
  • No agent found, cancelling path Z_PATH_NEWACCOUNT (in stage no. 040 - GRAC_ROLEOWNER)

Please suggest what may be the problem.

Regards,

Sravan

kevin_tucholke1
Contributor
‎04-21-2012 2:51 PM
0 Kudos

Srvan:

You don't list what your stage 040 is for this path above.  I ran across a similar situation with this before and found that the user ID that was listed in trying to process the requst did not have the appropriate security to display users and therefore could not find one. 

Also, as a side note, with MSMP it is extremely important now to have the excape routes set up for all process IDs that you are using or your workflow will just cancel as it is currently doing.

Thanks

Kevin Tucholke

Former Member
‎04-22-2012 5:40 PM
0 Kudos

Hi Kevin,

I was trying to create new paths and using to resolve the issue. 040 is same stage as 020 mentioned in the initial query of mine.

Even escape route is not enabled...Request is provisioned successfully to roleowner of role selected in change account (002) request type.

But for New account (001) when same role is selected and (same path is being used for both 001 and 002 req types) ...request is not provisioned to role owner. I am stuck there and checking logs for the same.

Sravan

Former Member
‎04-23-2012 11:06 AM
0 Kudos

Hi Sravan,

Looking at the logs, seems to be problem with request looking for role approver for the Create User Line Item, along with role assign line items in the stage. Not sure if this is the way it should act, never used in this sense.

To avoid this, you can create another path (Say Z_PATH_CREATE) with only Manager & Security Stages for create user line item. You can change your initator config to achieve this. Choose provision at the end of request option in "Maintain Provision Settings". This way one request will bifurcate to two paths, once all paths has the approvals then provisioning will be done.

Another way is to choose option Create user if doesnt exist and for role assignements in Maintain Provision Settings and make end user authenticaton set to YES, this way user credentials are always verified againt User Data Source.

Let us know if this solves the problem.

Regards,

Ajesh.

Former Member
‎04-20-2012 11:26 AM
0 Kudos

Hi Sravan,

What is the status of the request not processing. Check the audit log to see any warinings or errors. Not solved, update the audit log here.

Regards,

Ajesh.

Show replies
Show replies
Former Member
‎04-21-2012 5:25 AM
0 Kudos

Hi Ajesh

Log says

  • Approver not found at Z_PATH_NEWACCOUNT stage GRAC_ROLEOWNER; escape path is not enabled
  • No Agent found, canceling the path Z_PATH_NEWACCOUNT (in stage 040 - GRAC_ROLEOWNER)
Ask a Question