on 02-10-2014 2:19 PM
Is there an easy way to differentiate between approval workflows based on request types?
Basically I would like to keep standard access request approval workflow SAP_GRAC_ACCESS_REQUEST with the manager, role owner and security stage for most of the access request types. However in case of an emergency access request type I would like to involve the SPM Owner as well as a step after the Manager approval and ignore the role owner and security stage
Normal Access Request: Manager – Role Owner – Security
EAM request: Manager – SPM Owner
In case I will need to create a BRF+ rule a little help is much appreciated.
Thanks!
Hi,
You need to create BRF Initiator and decision can be made using request type in BRF Decision table to decide path upon submission.
For BRF below link will help you.
http://wiki.scn.sap.com/wiki/display/GRC/BRF+plus+Flate+Rule+-+GRC+Integration
Regards
Dilip
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Dilip. I am getting closer.
Does anyone have any idea whether the decision table has been configured correct? See snapshot. I did not add the priority, employee number etc. since (I think) I do not require this.
Then in the MSMP workflow configuration I am not able to select a new path in the maintain path stage and that probably has to with my rule configuration in the maintain rules stage.
Basically what I want to achieve is to keep the default access request creation intact with the exception of emergency user requests (req. type 006). Any help is much appreciated
Hi T.
Please remember you will also have to configure a scenario for Request Type <> 006 to capture all other scenarios. If you do not manage the other scenarios you will get errors on your MSMP for all other scenarios.
Your MSMP return values should have two return options: EAM_PATH and <whatever you create for rest - e.g. NON_EAM_PATH)
These two then need to be in the Rule Results table (like you've done for EAM_PATH) as well as defined in the Maintain Route Mappings
Regards
Colleen
So basically I will need to configure the standard scenario again as well. I will dive into it next week, but personally I think it is design fault of SAP to combine the EAM with UAM access requests in the first place.
Possible workaround would be to assign the SPM owner as FF (business) role owner and mitigate all violations at FF role level to achieve a two stage approval workflow with the standard access request approval workflow. Is this correct?
Hi T
Unless you only have one request type (EAM) then you do need to cater for all scenarios
You could test the workaround but consider if maintenance of FF Owners versus role owners. What if you happen to have a role owner who is not the FF Owner. You are now giving them additional approval rights.
When you design your MSMP and BRF+ consider future usage. if you don't, you may have to later rebuild the MSMP paths/stages/routes/etc to factor in different scenarios.By spliiting at Request type straight up you can keep your paths and stages separate between EAM and non-EAM requests
I think it is design fault of SAP to combine the EAM with UAM access requests in the first place.
Yes, it would have been nice if EAM was its own MSMP path and form to keep separate. You could raise this to the SAP Ideas place for future release if enough users out there agree with you.
Regards
Colleen
logic is very simple create a brf+ initiator rule select request type for input parameter
2 line items if request type is = Super user access take path X
if request type is not equal to super user take PATHY
Regards,
Prasant
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.