cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

MSMP Workflow configuration issue

Go to solution
santosh_krishnan2
Participant

on ‎05-24-2013 4:40 PM

0 Kudos

I've configured the MSMP workflows according to the slide decks that have been published.  I'm experiencing the following problem.

1. In the case of SPM, when the firefighter logs in, the controller gets notified correctly that the login has occurred.  However, no subsequent workflow notification is sent that the controller can use to audit the usage.  I've checked SOST and there's no email that has been sent.

2. In the case of Access Request, when I place a request, I get an email notifying me that the request has been placed.  If I place the request for someone else, I still get the notification that the request has been placed, but the person for whom the request has been placed doesn't get notified.  The manager in both cases has been manually picked and I've validated that the email address is working.  Yet, the manager never receives any notification.

When I log in as the manager (all these are test accounts), and go and retrieve the request, I'm unable to approve or reject it.  The same is true for the SPM issue in point 1 above.

I've looked at the MSMP workflow configuration but am not clear on where to look to address this issue.  Your help is much appreciated.

Thanks,
Santosh

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-31-2013 3:09 PM
0 Kudos

Hi Santosh

It is a issue of notification settings.Do the Following

1.You need to define the notification settings for submission and closure of the request with proper Agents.I am attaching the example which I have used which will send the notification on every request submission and closure to the user who raises the request.

2.For Manager/Approver  to recieve notifications for every new item in his/her queue again you need to define at each stages the notification settings with proper agents.I have attached the example I used for the Manager at Manager stage.

3.For Controller to receive notifications in his/her mail also you need to set the Notification settings for the workflow.Please check the example I used in my case for Controller to recieve notification.

Here Current Approver will be Controller .As you have already defined Controller as your approver for this workflow.

Hope this will help you.Please let us know how it went.

Regards

Pradeep

Show replies
Show replies

Answers (1)

Answers (1)

Former Member
‎05-29-2013 2:50 PM
0 Kudos

1) Check your emails which are sent out per stage as well as during submission and end of request etc.

2) Have you checked it if a workflow item has been created for the SPM log reviews? If not, you may need to reschedule your SPM log retrieval background job.

3) Double check the agent assignments for the SPM log review within the stage configured in the MSMP process.

Show replies
Show replies
santosh_krishnan2
Participant
‎05-29-2013 4:26 PM
0 Kudos

I've reviewed my MSMP configuration.  When I save and activate the workflow for Firefighter, I get the following warning:

  • No data is maintained in table GRFNMWCNGLBESR for process SAP_GRAC_FIREFIGHT_LOG_REPORT

  • Active version data not stored for table GRFNMWNOTIFRECPT process SAP_GRAC_FIREFIGHT_LOG_REPORT

When I log in as my test ID, I immediately get an email to the controller's email address indicating the the Firefighter has logged in.  The Log and workflow sync background jobs have been set to run every 5 minutes.  After the initial login email, no further emails are being sent out.

I've gone through each step in the MSMP workflow config and nothing seems to be incorrect, except for one thing.

Under step 1 - process global settings, I don't have any entries under Notification Settings.

Thanks a lot,

Santosh


santosh_krishnan2
Participant
‎05-29-2013 9:15 PM
0 Kudos

UPDATE

It turned out that user WF-BATCH didn't have sufficient permissions.  I have currently given SAP_ALL and SAP_NEW, and emails are being sent.  There is still an issue.

In the case of Firefighter:

Once a Firefighter user logs in, a notification is sent to the controller.  When the Firefighter is done, I would expect a notification to be sent from the workflow with a link to the log review screen.  However, the following message is sent from Workflow.

Dear Approver,


There are new workitem(s) in your work inbox . Please perform the necessary actions.


Kind regards,

Access Control Administrator

When I go into GRC and locate the necessary Firefighter request, it shows that it's in Decision Pending, stage is Controller.  I go in as the controller, and check the Instance Status to ensure that the controller is correct.  I'm logged in with the same controller ID as indicated in the Instance Status.

However when I open the request, it says that the controller isn't a valid approver.

When I try creating an access request (I ask for a role to be assigned to an existing user), the Workflow user sends an email exactly as above.

This is clearly an MSMP workflow issue but I've configured it like it's been described in the PDF for workflow config.

Can you help?

Thanks!

Former Member
‎05-30-2013 8:36 AM
0 Kudos

Hello Santosh,

Can you verify that all the Post Installation tasks have been performed ?

In the document "GRC 10.0 - Post-Installation" (http://scn.sap.com/docs/DOC-1595), please verify that everything is set up and more especially the "Perform Task-Specific Customizing" part.

Regards,

Benoît

santosh_krishnan2
Participant
‎05-30-2013 2:54 PM
0 Kudos

This message was moderated.

santosh_krishnan2
Participant
‎05-30-2013 10:36 PM
0 Kudos

One more thing.  When I go into NWBC as the user who is the approver, the system says that the user is not a valid approver.

I go into NWBC as the user who is the approver.  I locate the Firefighter log request, which is in Decision Pending status.  I look at the Instance Status and confirm that the approver is correct.


I then open the request, but across the top, it says, User xxxx is not a valid approver.

The user has all the GRC roles assigned at this point.

Thanks,

Santosh

Former Member
‎05-31-2013 9:09 AM
0 Kudos

AC Owner table configured correctly?

santosh_krishnan2
Participant
‎05-31-2013 3:20 PM
0 Kudos

Within NWBC, the AC Owners table has been configured correctly (as far as I can tell - it's how I've done it in the past and it's worked properly).

On the backend, the owners, controllers and firefighters have been assigned the appropriate roles, and the user role sync program has been run.

The users show up in the appropriate lists for owners, controllers, firefighters, etc.  No errors in any of the assignments.

I have one firefighter ID assigned to an owner.

That firefighter ID has two controllers, one of whom is set up as email and another as workflow.

Both receive emails when the firefighter logs in.

HOWEVER NOTE: the emails with the URL for the log hasn't been going out, instead an email has been going out informing the controller that there are items to review.  Today, however, one of my test controllers on the workflow said that he got the URL email.  Since we have 4 test requests, I'd expect 4 emails notifying the controller that the logs should be reviewed.

Is there a PDF that specifically discussed configuring MSMP for the Firefighter workflow?  I have the PDF that covers general MSMP config and MSMP config for user provisioning.

Thanks,

Santosh

Former Member
‎06-03-2013 1:32 PM
0 Kudos

Hi Santosh

When you have workflow for FF Log is activated you can't use both the options email and Workflow for the controller.

Activate the Workflow for FF log and use the option 'Workflow' for controller and no other options.

Also for Error message you need to change the task settings at the stage level due to which you are receiving the above error message.

Let me know how it goes.

Regards

Pradeep

santosh_krishnan2
Participant
‎06-05-2013 5:06 PM
0 Kudos

UPDATE

I've gone through and updated the MSMP workflows and now, emails are being sent out.  However, the default message in GRAC_MSMP_LOGRPT_NEWWORKITM, which can be edited from within SE61, is very basic and only informs the approver that new work items are waiting.

There is a different message, GRAC_SPM_LOG_NOTIFICATION, which does have a link, but this message is not getting sent out.

If I modify the GRAC_MSMP_LOGRPT_NEWWORKITM to include the %LINK_WORKITEM% variable, it does include a link, but that always results in an error when I try to click on it.

That's where I'm presently stuck.

Thanks,

Santosh

Former Member
‎06-13-2013 2:50 PM
0 Kudos

Hi Santosh,

Sorry for the belated response. Can you check what Variables are registered against the EAM log review workflow? Make sure that the variable is typed in correctly.

Former Member
‎07-10-2013 3:45 AM
0 Kudos

Santosh,

I have noticed that your issue in setting up the workflow for FF log review in GRC 10, pretty much we are having the same issue. Did you resolved the issue..

santosh_krishnan2
Participant
‎07-10-2013 9:53 AM
0 Kudos

Hi Kesavan,

The Firefighter log review workflow hasn't been an issue.  The issue was with provisioning Firefighter IDs. 

The solution to that was to setup the escape routing for the workflow, and then to maintain the path that applied to the escape route.  Once that was done, the Firefighter auto provisioning worked fine.

Santosh

Ask a Question