on 04-20-2012 10:25 AM
Hi All,
We have created a BRF+ rule.
Initiator rule
001 Request Type(New account) - Z_PATH
Z_PATH
Stage 010 Manager --- Agent is Z_MANAGER(Defined BRF+ rule)
Stage 020 Role owner--- Agent GRAC_ROLEOWNER (From SAP)
Stage 030 Security ---- Agent GRAC_SECURITY (From SAP)
We are able to submit request successfully(selecting a system and a role in that system whose owner and content approver are maintained). manger is able to approve.
Request is not provisioned to role owner in Z_PATH stage 020.
When same path Z_PATH is used for change account request type ...for the same role selected in New account request is provisioned to role owner for approver.
Not able to figure out why we have problem only with new account.
Please help.
Regards,
Sravan
Have you used a custom initiator to determine if the request is "New User" or a "Change User"? And are you using the same Path for both request types?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sravan, please check the msmp advance debugger and swels to check if the workflow was created or not.
Advance debugger will let you know about any wf issues. Search for sap note about advance msmp debugger.
Check st22 for any application issue logs.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Amit,
Here is the content of error part of log.
Please suggest what may be the problem.
Regards,
Sravan
Srvan:
You don't list what your stage 040 is for this path above. I ran across a similar situation with this before and found that the user ID that was listed in trying to process the requst did not have the appropriate security to display users and therefore could not find one.
Also, as a side note, with MSMP it is extremely important now to have the excape routes set up for all process IDs that you are using or your workflow will just cancel as it is currently doing.
Thanks
Kevin Tucholke
Hi Kevin,
I was trying to create new paths and using to resolve the issue. 040 is same stage as 020 mentioned in the initial query of mine.
Even escape route is not enabled...Request is provisioned successfully to roleowner of role selected in change account (002) request type.
But for New account (001) when same role is selected and (same path is being used for both 001 and 002 req types) ...request is not provisioned to role owner. I am stuck there and checking logs for the same.
Sravan
Hi Sravan,
Looking at the logs, seems to be problem with request looking for role approver for the Create User Line Item, along with role assign line items in the stage. Not sure if this is the way it should act, never used in this sense.
To avoid this, you can create another path (Say Z_PATH_CREATE) with only Manager & Security Stages for create user line item. You can change your initator config to achieve this. Choose provision at the end of request option in "Maintain Provision Settings". This way one request will bifurcate to two paths, once all paths has the approvals then provisioning will be done.
Another way is to choose option Create user if doesnt exist and for role assignements in Maintain Provision Settings and make end user authenticaton set to YES, this way user credentials are always verified againt User Data Source.
Let us know if this solves the problem.
Regards,
Ajesh.
Hi Sravan,
What is the status of the request not processing. Check the audit log to see any warinings or errors. Not solved, update the audit log here.
Regards,
Ajesh.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.