cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

MSMP Access Request Approval condition

Go to solution
Former Member

on ‎02-10-2014 2:19 PM

0 Kudos

Is there an easy way to differentiate between approval workflows based on request types?

Basically I would like to keep standard access request approval workflow SAP_GRAC_ACCESS_REQUEST with the manager, role owner and security stage for most of the access request types. However in case of an emergency access request type I would like to involve the SPM Owner as well as a step after the Manager approval and ignore the role owner and security stage

Normal Access Request: Manager – Role Owner – Security

EAM request: Manager – SPM Owner

In case I will need to create a BRF+ rule a little help is much appreciated.

Thanks!

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member192837
Participant
‎02-10-2014 2:24 PM
0 Kudos

Hi,


You need to create BRF Initiator and decision can be made using request type in BRF Decision table to decide path upon submission.

For BRF below link will help you.

http://wiki.scn.sap.com/wiki/display/GRC/BRF+plus+Flate+Rule+-+GRC+Integration


Regards

Dilip

Show replies
Show replies
Former Member
‎02-11-2014 2:47 PM
0 Kudos

Thanks Dilip. I am getting closer.

Does anyone have any idea whether the decision table has been configured correct? See snapshot. I did not add the priority, employee number etc. since (I think) I do not require this.

Then in the MSMP workflow configuration I am not able to select a new path in the maintain path stage and that probably has to with my rule configuration in the maintain rules stage.

Basically what I want to achieve is to keep the default access request creation intact with the exception of emergency user requests (req. type 006). Any help is much appreciated

former_member192837
Participant
‎02-11-2014 4:30 PM
0 Kudos

Pls follow the link properly

Colleen
Advisor
Advisor
‎02-12-2014 12:51 AM
0 Kudos

Hi T.

Please remember you will also have to configure a scenario for Request Type <> 006 to capture all other scenarios.  If you do not manage the other scenarios you will get errors on your MSMP for all other scenarios.

Your MSMP return values should have two return options: EAM_PATH and <whatever you create for rest - e.g. NON_EAM_PATH)

These two then need to be in the Rule Results table (like you've done for EAM_PATH) as well as defined in the Maintain Route Mappings

Regards

Colleen

Former Member
‎02-14-2014 4:00 PM
0 Kudos

So basically I will need to configure the standard scenario again as well. I will dive into it next week, but personally I think it is design fault of SAP to combine the EAM with UAM access requests in the first place.

Possible workaround would be to assign the SPM owner as FF (business) role owner and mitigate all violations at FF role level to achieve a two stage approval workflow with the standard access request approval workflow. Is this correct?

Colleen
Advisor
Advisor
‎02-17-2014 2:19 AM
0 Kudos

Hi T

Unless you only have one request type (EAM) then you do need to cater for all scenarios

You could test the workaround but consider if maintenance of FF Owners versus role owners. What if you happen to have a role owner who is not the FF Owner. You are now giving them additional approval rights.

When you design your MSMP and BRF+ consider future usage. if you don't, you may have to later rebuild the MSMP paths/stages/routes/etc to factor in different scenarios.By spliiting at Request type straight up you can keep your paths and stages separate between EAM and non-EAM requests



I think it is design fault of SAP to combine the EAM with UAM access requests in the first place.

Yes, it would have been nice if EAM was its own MSMP path and form to keep separate. You could raise this to the SAP Ideas place for future release if enough users out there agree with you.

Regards

Colleen

Former Member
‎02-18-2014 1:58 PM
0 Kudos

Thanks for your help Colleen and Dilin. I succeeded in creating the EAM and NON EAM PATH.

Answers (1)

Answers (1)

former_member193066
Active Contributor
‎02-12-2014 5:58 AM
0 Kudos

logic is very simple create a brf+ initiator rule select request type for input parameter

2 line items if request type is = Super user access take path X

if request type is not equal to super user take PATHY

Regards,

Prasant

Show replies
Show replies
Former Member
‎02-13-2014 10:56 AM
0 Kudos

Can you add a snapshot?

Ask a Question