on 01-14-2013 7:57 PM
Hi,
Has anyone configured GRC where Requestor is prevented from approving own request? The scenario steps below is not working in our system not sure what i am missing. Any faced this issue please provide any guidence on fixing this
Requester = UserA
Enduser = Enduser1
1. UserA submits the request for ENDUSER1
2. UserA being Manager of ENDUSER1 approves the request as Manager
3. UserA is also the role approver for the roles requested
4. UserA approves the request\roles as the role approver
5. Request is closed and roles are provisioned
The problem in this request is there is no 2nd person involved between creating the request and approving at both the stages which is an issue for Audit
PS: System prevents the approver from approving the request if the request is for the approver itself
Thanks
Hi Sid,
Currently it is not possible to restrict requestor to approve request created by him/her . Based on EUP value 'Approve Own Request', system currently checks that user of request should not be approver of the request. But there is no check for requestor .
I think SAP is working on a fix where you can restrict User , User and Requestor to approver their own request using EUP value.
Best Regards,
Aman
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sid,
From an audit perspective I don't have any issues with above scenario as long as a valid request reason is documented. However it is not the common practice that the manager decides to grant the enduser more authorizations from nothing. If the request popped in to the requestor by email, then just export the email as a pdf and attach it to the request. Do challenge your auditors on this.
To get to the root of this problem please consider to change the organizational setup. Workflow is about segregation of duties, hence not a one-man-show.
Kind Regards,
Vit
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.