cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC 10.0 Firefigher Log Review: How does 2nd controller see request?

Former Member

on ‎09-10-2012 11:17 PM

0 Kudos

We are testing "Fire Fighter Log Report Review Workflow" (GRC 10.0 SP08) and have a scenario with two controllers.   If Controller#1 gets to the request first and approves it, then how is Controller#2 supposed to see this?   When he clicks the link in email for the work item after Controller#1 has approveid, GRC says "Controller#2 is not a valid approver".  That's obviously not true, and we think a better message would be "request has changed status" or "been approved".   But if Controller#2 wants to see the request and what Controller#1 did, which report should he view?  I can see it as an administrator under NWBC=>Access Mgt=>Access Request Admin=>Search Requests.   But the controllers do not have this menu.   I may just need to grant some additional security in SU01, but don't know how to figure out what role or authobj would provide that report.  I also would rather not give them more access than necessary (e.g admin).  

Thanks!

Heraleen Bowers

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎01-08-2014 9:23 AM
0 Kudos

Hi

Can anyone tell me if it is Ok to both have the Approver role and the Controller role in GRC

for the FF part

Show replies
Show replies
Former Member
‎01-09-2014 2:46 PM
0 Kudos

You mean you have the role for the Approver in the FF part of GRC? along with the Controller?

chandani_kaur
Active Participant
‎09-18-2012 11:29 AM
0 Kudos

Hello Heraleen,

As one of the controllers have approved so the workitem has been completed, that's why for second

controller the error message is coming. This is valid scenario.This mail is just a notification that some session has been performed. But if the second controller wants to see the logs he can go to Consolidated log report and see the logs executed.

Also if you want you can use delivery option as Email, then controller can view the logs by clicking on link.

Hope it answer's your query.

Thanks & Regards,

Chandani

Show replies
Show replies
Former Member
‎04-17-2013 1:57 PM
0 Kudos

Hello Chandani,

I am facing the same issue, no matter if approver 1 or 2 checks the log it shows the message "Approver1# is not the correct approver".

I ahve SAP_ALL assigned to approver 1 and approver 2.

Regards,

Rajesh

Former Member
‎08-30-2013 7:51 PM
0 Kudos

We were facing the same issue, applied the following SAP note to correct it.

SAP Note 1858555

Former Member
‎09-18-2012 11:21 AM
0 Kudos

Hello Heraleen,

there is a possibility to change stage settings from Any one approver to All approvers. It means that all assigned approvers (controllers) have to approve the workitem to be finished.

If this is not suitable you need to add to the controllers roles tab Access management o (if they do not already have it). Requests should be controlled by object GRAC_REQ (ACTVT 03). You can use authorization trace in ABAP - transaction ST01 - but carefully not all controlled objects are always needed.

regards

Igor

Show replies
Show replies
Ask a Question