cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

MSMP Workflow Path using User Group

former_member208271
Participant

on ‎07-31-2012 7:04 AM

0 Kudos

Hi Experts

We are currently on GRC10 SP09 using AC and have a default path, where an Access Request goes to the Manager and then to the Security Team.

Our business requirement is it should Workflow to a Controller/Reviewer and then to the Manager. This Controller/Reviewer would be linked to the User Group on a table or somewhere. So each User Group should have a Controller/Reviewer linked to it.

So when an Access Request is created it will first workflow to the Controller/Reviewer that is linked to the User Group of the employee and once approved/submitted it will workflow to the Manager.

Does anyone have any suggestions before we customize?

Regards

Mustafa Motalib

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎08-21-2013 11:29 AM
0 Kudos

Hello,

I have tried to create a BRF+ custom agent based upon the User Group field as a determining condition (just as shown in this thread). The user groups do exist in sync across all systems (including GRC) and the approver's assigned in the rule are all valid GRC users.

Whilst simulations work fine within the BRF+ workbench itself, the actual custom agent fails to operate within the MSMP process and shifts the request to the escape route instead as it can not determine the approver.

SAP note https://service.sap.com/sap/support/notes/1783743 is not applicable as we are on SP12.

Any useful help will be appreciated.

Show replies
Show replies
Former Member
‎07-31-2012 2:12 PM
0 Kudos

Sounds like a Custom BRF+ Header level Agent which will look at the User's credentials assigned/populated within the request form. the results would look at a Decision table (Expression) attached to the Agent Rule.

This is doable, as the User Group field is available and recognised by the BRF+ engine from the Access Request data submitted (See Screenshot below of the options available at Header level of a request when creating the custom MSMP Rule (As a BRF+ Line Item By Line Item type).

Once you have made this custom Agent Rule and added it as an Agent to the Access Request MSMP process, you should be ok to achieve your goal and your ideal Access Request Workflow.

All the best.

Show replies
Show replies
former_member208271
Participant
‎08-07-2012 7:16 AM
0 Kudos

Hi Kaushal

Thank you for the above information.

Do you have any idea where we could maintain these Controllers? We have about 84 User Groups (On SU01 - Logon Data). Each of these User Groups should have 1 or more Controllers linked so that the Access Request could workflow do these individual Controllers.

Would we use a Rule for this? How do we go about using this Rule?

Is there anything on GRC that can simply this process?

Any help would be appreciated.

Regards

Mustafa

chandani_kaur
Active Participant
‎08-07-2012 7:30 AM
0 Kudos

Hello Mustafa,

I think, you can create a function module based initiator rule . You will be having a user name. you can easily get the usergroup of the user. Now you can maintain rule result for each each user group. Now on basis of the rule result a path will be selected. Each path will have a set of agents assigned according to the usergroup.

Hope the information is useful.

Thanks & Regards,

Chandani

Former Member
‎08-16-2012 11:39 AM
0 Kudos

Hi Mustafa,

Sorry for the late reply. You can maintain the user group owners by actually having them mapped in a Decision table within a custom created BRF+ "Agent rule", which you would assign to the Stage within the Review Path of the workflow.

You basically need to have a column with the conditions (i.e. If User Group = x) and the corresponding Agents in the results as a User ID (Result = USER_AB).

You can have multiple results returned also, i.e. if you require multiple controllers to be notified of the request to approve.

Hope that helps you design your solution.

all the best

Former Member
‎08-30-2012 5:06 PM
0 Kudos

Hi Kaushal

I am also trying to use user group for selecting idfferent path .

But not getting option (|Generate Decesion table and then header to select user group )that u mentioned in  screen shot .

Also Once we et it here how we get in BRF ,deceision table as I dont think it is avaible .

Thanks fpr your help .

Best REgards

Asheesh

Former Member
‎01-30-2013 11:51 AM
0 Kudos

Hi Kaushal,

Need your advice on this.

I have to design a solution with No SoD &  SoD Cases.

We have 4 Locations A,B,C,D.

[This the case where no SoD There so no Location required]

If a request comes for any locations goes to approver here no SoD exists, so approver approve the request then security after then auto provisioning.

[This the case where  SoD exists Then  Location required]


If a request comes for any locations goes to approver here  SoD exists, so approver take risk analysis & approve the request then it goes to Location wise{A,B,C,D} Local Approver after then goes to Security then auto provisioning.

In my case no SoD working fine but how i request decided which location it goes A,B,C,D after taking risk analysis.

So here i am using BRF+ rule for creating Custom Routing rule.I create successfully when i am going to add in Step 2 Maintain Rule it shows Please enter a valid Rule-ID.

New rule id is 005056A47F7A1EE29AD8C785C377BE68 & its active.

Ask a Question