cancel
Showing results for 
Search instead for 
Did you mean: 

Superuser Workflow not working

Former Member
0 Kudos



If you look at the Super User Access request 657 it is not assigned to FF owner.

It is taking Escape_Path and getting assigned to GRAC security.

How can we assign it to the FF Owner.


Accepted Solutions (1)

Accepted Solutions (1)

Colleen
Advisor
Advisor
0 Kudos

Hi Venkat

What was your configuration for the GRAC_DEFAULT_PATH/GRAC_DEFAULT_STAGE? What was the Agent?

Regards

Colleen

Former Member
0 Kudos

Hi Colleen,

Thanks for your help.

Attached the requested screenshots.

Regards,

Venkat

Colleen
Advisor
Advisor
0 Kudos

Hi Venkat

What is your custom rule for Z_GRAC_POC_DEFAULT? How is that determined?

If your ARQ workflow is for User Access Request and Firefighter you might need an initiator rule to split based on request type so you can direct FF requests down a different path for a different agent.

Regards

Colleen

Former Member
0 Kudos

Thanks

Hi Colleen,

What is your custom rule for Z_GRAC_POC_DEFAULT? How is that determined?

Our custom rule for GRAC_MSMP_DETOUR_SODVIOL is If SOD's are found the request will be routed to local controller for Mitigating controls.

If your ARQ workflow is for User Access Request and Firefighter

Yes we are using the same ARQ workflow for User Access Request and Firefighter

You might need an initiator rule to split based on request type so you can direct FF requests down a different path for a different agent.

How to create a new initiator rule for FF

Regards,

Venkat

Colleen
Advisor
Advisor
0 Kudos

Hi Venkat


Our custom rule for GRAC_MSMP_DETOUR_SODVIOL is If SOD's are found the request will be routed to local controller for Mitigating controls.

I meant - what is the Agent Rule for Agent Id Z_GRAC_POC_DEFAULT? Go to the Agents tab and see what has been defined there. That tells the MSMP which approver to send the request to?


How to create a new initiator rule for FF

Search SCN and you will find a heap of articles on that. Go to GRC documents and check the list. there are heap that explain initiator rule and BRF+

This will depend on your Agent Rule and intention for Z_GRAC_POC_DEFAULT. If you need to handle FF requests differently to other access requests then you need to send them down different paths.

Regards

Colleen

Former Member
0 Kudos

Hi Colleen,

Thanks

I meant - what is the Agent Rule for Agent Id Z_GRAC_POC_DEFAULT? Go to the Agents tab and see what has been defined there. That tells the MSMP which approver to send the request to?


Attached the screenshot.


Regards,

Venkat

Colleen
Advisor
Advisor
0 Kudos

Hi Venkat

Your agent is the GRAC_MSMP_ROLEOWNER_AGENT

This will only work for typical UAR when user is requesting a role and in BRM the role owner for approval has been assigned

You need to do an initiator rule to split requests based on request type so that you can send FF requests to a different path and choose a more appropriate agent.

Multi Step Multi Process – GRC’s an... | SCN

As mentioned, SCN has a heap of questions on initiator rule using request type as well as wiki articls such as the one below:

BRF plus Flate Rule - GRC Integration - Governance, Risk and Compliance - SCN Wiki

Regards

Colleen

Former Member
0 Kudos

Hi Colleen,

Thanks

Created a new Initiator Z_BRF_FF_INITIATOR for Super user access and

assigned Rule_Result to INIT_2

and Maintained Rules/Maintained Paths but can't generate the version

attached the screenshots.

Colleen
Advisor
Advisor
0 Kudos

Hi Venkat

Every configuration step needs to be mapped fully or removed. Last screen shot tells you the error:

Routing Result xxxxx GRAC_MSMP_DETOUR_SODVIOL used in DEFAULT_PATH_1/001 not mapped

You either need to map it or go to Stage 001 in DEFAULT_PATH_1 and remove it

Looks like you are getting there

As a side note, in BRF+ decision table for Z_BRF_FF_INITIATOR you have only accounted for request type 006 (FF). If someone lodged a request for other access like Create User they will get an error message. You need to add at least one more entry (in the document I wrote I mentioned as the catch all): Add entry for reqtype <>006 to cover normal UAR or you will get error on submission

include that result in MSMP as well

Regards

Colleen

Former Member
0 Kudos

Hi Colleen,

Thanks for your help.

I configured successfully the SuperUser Provisioning.

I need help with the FF Log Notification we are receiving E-mails when the Firefighter logs in and log Notification.

I created two Notifications for Return and Forward event in workflow. We are receiving E-Mails also but the Subject is  New Work Item - Log Report Review for Forward or Return.The subject should be  FireFighter ID Forward Notification and the content should be

Dear Controller,

There are new FF Logs in your work inbox. Please perform the necessary actions.

How does the subject and body which is updated in the SE61 will be sent to the controller when forwarded.

Attached the screenshots.

Colleen
Advisor
Advisor
0 Kudos

Hi Venkat

would you please close those this thread now that you are on a new topic

Before opening a new one, please search SCN, Wiki, etc as notifications have been discussed. You will get a starting point and then if necessary,  open the new thread with your question

Regards

Colleen

Answers (0)