on 02-11-2014 5:00 AM
Hi Consultants,
So far i have created all my workflows with roles as lineitems and since roles are assigned to the system based on that all provisioning and de-provisioning used to happen.
Now client wants that access request should also have system lineitem to be included. In that case my workflow should validate system lineitem separately and roles line items separately. In this case do we need to go for FM based BRF+ rules ? I have not worked on them. If anyone implemented this scenario?
If this can be achieved by BRF+ rules let me know. Assume that at my first stage manager i have a routing rule to divert lineitems with no approvers to no approval path. So will system lineitem also will be considered as lineitem with no approver and go to that path? In that case all roles flow through normal path and will this scenario works ? To divert system lineitem to different path, condition should be defined at what level in decision table? Client asked to include system lineitem in order to maintain system validity.
If anyone has implemented this, Kindly provide your inputs or suggestions.
Thanks in advance.
Regards,
Sai.
Hi Sai,
I'm also in similar situation. I'm not giving any solution here but will list what are the things I have tried so it saves you some time.
1. If you add both role and system as line item in access request, both has to have the approvers defined (custom agent or standard agent) otherwise the request goes to "Approver Missing" path
2. If you add approver to the system line item and when it is approved the whole request moves to next stage (it doesnt wait for the role line items to be approved)
3. Even if you add a routing rule to split the system line items from the request, the whole request is getting routed to the detour path
So in essence if you mix system and role in the line items, the system takes precedence and the whole request follows suit.
The workaround or the way it works,
- Dont mix the system and role in access request. Extension of validity has to be change account with the system line item (separate workflow approval)
- if its a new account, you may or may not add the system in the request. Give the validity dates to the role line items and that will be set as validity for the user (multiple roles with different validity, system will take the one which is lesser)
I'm also looking for a better solution, hope somebody in this forum have "been there and done that".
Thanks.
Regards,
Muthu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Muthu,
Thanks for your inputs. I also tried detour scenario and yeah i also faced the same issue where entire request is going to detour
As of now we are also using the process by not mixing both roles and systems in a access request. But we need to update our workflows with this requirement. I already went through forum if there has been already any disucssions on this but couldn't find any
Hopefully someone should share their inputs if they have come across this scenario.
Thanks a lot for your inputs and suggestions once again. We also raised this to SAP for suggestions, i will keep you posted about this.
Regards,
Sai.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.