on 10-09-2013 12:52 AM
Hi Experts
I am trying to create Business Role in BRM. I configured MSMP workflow SAP_GRC_ROLE_APPR as suggested in "AC 10.0 - Business Role Management" guide in this SCN.
Issue is that worflow approved at first level. But then it just stays in Pending mode. When I open Business role on BRN it says that
Error: Role xxxxxxxxx is in locked mode
Warning: Role xxxxxxxxx is pending approval
I can not find where the workflow is gone and what it is pending on. Any help will be greatly appreciated
Hi Masood
How many levels of approval do you have? Also, did you try to push the WF through as I can see detouring, etc?
The lock status will not release until the outsanding WF is completed. There were issues with BRM around SP9/10 where the final task was not completing to close it out.
Have a look at following KB to fix lock status 1796774 - BRM role is locked or in Pending Status
What MSMP Stage configuration do you have and Agents to fix root cause?
Regards
Colleen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Colleen
Thanks very much for such a quick help. We are on SP9 and hopefully very soon we will be going to SP12. Surely I will look at SAP note you advised.
In BRM at Define Role tab under Owners/Approvers, I have only one approve and that is myself. I did receive approval request in my Inbox and I have approve it already but after that not sure where it is gone. SAP Note may fix this.
I am not really sure where to check "MSMP Stage configuration".
If it is MSM Instance Runtime Monitor (the transaciton which you gave me few months back) under Runtime and tab Data Log it says Stage Seq. No 001.
In Notification tab it say NEW_WorkITem.
Once again thanks very much for sharing your knowledge and helping to fix this issue.
Hi Masood
Oh I meant a screen shot in MSMP configuration for the Steps (how many approvers)
The latest screen shot for Notification are the email sent depending on the event. Transaction SOST should show those
MSMP Instance Runtime is great - I usually focus on Approvers, Routing and Workflow tabs. In noticed one of the had ERROR. You might be able to check SLG1 logs to see if any further information on the error. Also try selecting the tnry to see if further information is provided
You can look at the WF transaction - SWIA to see if the tasks have closed out execept for the overall complete. if the approval step is completed, etc and only the Close event is outstanding then the KB article I mentioned may help. However, MSMP Instance Runtime is usually more helpful that the SW* transactions (in GRC AC situation).
Again, check the note and see how you goes.
Hi Masood
Have a look at:
IMG Navigation Path: “Governance, Risk and Compliance > Access Control > User Provisioning > Define Request Type”
In the Request Type (I had 21 in my system) it mentions the MSMP Process Id SAP_GRAC_ROLE_APPR. This may be related to issue and has a box for description.
Configuration parameter 3022 should then be the same Request Type Value (21)
Regards
Colleen
Hi Colleen
Once again this is new for me and it is so nice that you are sharing your great insight and knowledge. Does these request type populated by BC sets? I have not created any of these.
From my screenshot below: should I create new for MSMP Process Id SAP_GRAC_ROLE_APPR or should I just change "Request type 123" - "Role Approval" to SAP_GRAC_ROLE_APPR
Also Config parameter 3022 is not set yet. Once you advise I will try accordingly.
Regards
Masood
Hi Masood
Yes it is initially populated by the BC Set GRAC_ACCESS_REQUEST_REQ_TYPE
I recall having issues when I applied SP (can't remember which one) where the Request Type values got a bit mixed up (there were a few threads on this)
I recommend you go to BC Sets and compare the original against what you have to see differences. I think you can modify them directly in SE16 to avoid the IMG logic that stops you from editing them (that is if you need to revert them back).
If you did not have a Role Approval MSMP entry in here it may be causing the null issue.
Whatever value you have in the Request Type you need to match it in the configuration parameter. Also, ensure you flag the Request Type to Active. You only need one for Role Approval.
Regards
Colleen
Ps - refer to http://scn.sap.com/thread/3328789 as the example - same values with Request Type 21 and parameter 3022
Message was edited by: Colleen Lee Added SCN URL link
Hi Colleen
Thanks a lot for your help. We applied SAP Note and it fixed error message and Warning.
I setup config settings and now role status is complete.
I created Business Role in BRM and put some composite and single roles in side it.Role Status of my Business Role is "Production". I am trying to do user provisioning in development system and it is not working. For some reason AuditLog is saying thay "RFC destination PARCLNT100 does not exist". First of all PARCLNT100 is our production system and I do not want it to do user provisioning in that system. While creating Access Reqyest for Business Role it did not let me select system.
When I assign single role or composite role in User Access Request, they get provisioned correctly in my development system.
Please advise what I am doing wrong.
Regards
Masood
Hi Masood
In the Single/Composite roles for the mappings, etc do you have the Provisioning Setting for that system switched off?
Role > Additional Details > Provisioning > System - Provisioning Allowed set to No?
If this doesn't help, I recommend you create a new thread and post this question so the entire community can assist as it is a new topic.
Regards
Colleen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.