on 03-21-2014 1:16 AM
Hello,
I want to set up a workflow where any Single Role assigned to a Business Role requires an approval of the Single Role Owner.
The thing is that my customer doesn't have a Security Administrator, so what they want is that each Single Role Owner could be aware when their roles are assigned to a Business Role, especially when the Business Role Owner is another person.
Once the Business Role is created, the provisioning would be in charge of Business Role Owners.
Do you know any way to configure this?
Thanks,
Fernando
Hi Fernando
You Single Role Approval would be again the BRM approval process - approving role content. You would need an initiator rule to split out role type to send to different path and then do line-by-line for single roles in the business role to the role owner.
Your Business Role Approval would be against CUP/ARQ - when a user request access you would just do Role owner approval for the business role being requested.
Curiosity - if you don't have a Security Administrator who does Security?
Regards
Colleen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Colleen,
Thanks for your prompt reply.
My question is focused on the Business Role Approval process in BRM methodology. I need that any single role assigned to a Business Role requires an approval.
For example, if I create this Business Role: ZB_AP_ANALYST and assign these single roles:
ZS_AP_CREATE_VENDOR -> Workflow to AP Data Owner
ZS_GL_POST_DOCUMENT -> Workflow to GL DataOwner
So what I would like to find is any way to control single role assignments.
SAP Security is decentralized in Functional Analysts and Basis Administrators.
Thanks again!
Fernando
Hi Fernando,
Like Collen said, you can make your own initiator rules in order to split your approval process. For example:
Single role -> path A
Derived role -> path B
Business role -> path C
Then you need to create the approval agent (role owners) for your business role approval step. You can make it throught BRF+ or using a function module (SE37).
Regards,
Hi Claudio - thanks for breaking it down
@ Fernando - for the Role Approval Methodology you need to split your approval out to be based on request type. Claudio has shown this up above already. In continuing his example, where the business role goes to path C - you would then have Path C do a line by line approval based on the single role owners
By using this role approval methodology your single role approvers are indirectly allowing any user who are approved the business role via an access request and that request is approved by business role owner (which is role owner).
As mentioned - you are using two different workflow process ids
Regards
Colleen
Hi All,
My requirement is also similar to Uma. Client requirement is to have role owners based on the individual roles inside the business roles. Please advice.
Thanks and Regards,
Zarina
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
13 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.