on 05-20-2014 3:46 AM
I am trying to add a column "user group" in BRF+ to use in agent rule in UAR workflow. The requirement is UAR request should go to regional reviewer based on user group. Example: Asia region users UAR request will be reviewed by Asia Reviewer. How should I achieve this scenario.
Thanks in advance.
Hi Mohammed,
Here we go:
In MSMP, you have an Agent ID, pointing to BRF rule ID.
In BRF, you will have:
- one DB Lookup expression, lets call it User_group_for_User
In this lookup, you will define the following:
select CLASS from USR02
with condition BNAME is equal to <user id coming from grc>
into <structure for user group>
- in your decision table, you will have one field for the db lookup as one of the condition columns.
Hope it helps?
Let me know!
Thanks
Luciana
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Luciana,
We are trying to achieve the same scenario as described above. When I look at the table USR02 in GRC it doesn't show all the user group information from the back end Production system users, so which table should I use for this? Also, can you explain little bit more detail on creating DB lookup expression as I am new to creating BRF+ rule.
Appreciate your response.
-Raghu.
Hello Luciana,
Since we have a scenario where the UAR request should go to operations manager instead of user manager we are planning to have FM created which will fetch the data for us and use this to create custom agent. Wanted to check if this works and where do you go about calling this FM to create agent in MSMP.
Also, we wanted to make UAR a 2 stage approval. Stage 1 will be Operations Manager and once the approve should go to the Role Owner at stage 2. Is this feasible? If so, how can I achieve that.
Thanks you so much for your valuable inputs.
-Raghu.
Hello Raghu, the above scenario seemingly was for User Group info. stored in the table USR02, so if in your case, if the Ops. Manager is stored in some dictionary table, then you can create a DB lookup similarly via the SELECT as mentioned by Luciana - This is the way for BRF+ rule.
Otherwise, your mention on FM would have to consider writing piece of ABAP code again to write a similar SELECT for the tables - This is the way for Function Module based rule.
Once you have implemented either of the above ways, you can then map the created rule into MSMP under Maintain Agents option and use it further at the stage level.
Hey Luciana, I tried your suggestion, but as soon as you get to the below step, I am unable to select the "user id coming from grc". When you generate a UAR WF MSMP rule, the user id is actual a result field, so how would this work?
"Select CLASS from USR02
with condition BNAME is equal to <user id coming from grc>
into <structure for user group> "
I did use this suggestion for an access request approval and it worked great... any guidance would be appreciated.
Hello Manik,
Thanks for your reply. If I have a developer create a table for user ID and corresponding operation manager in GRC, how do I use this in BRF+. Could you explain in detail how I can use the logic to have this rule created in BRF+ db lookup.
Your help is much appreciated.
Regards,
Raghu.
Please the steps as prescribed in the link below:
http://scn.sap.com/community/grc/blog/2013/03/15/using-brf-db-lookup-to-create-complex-msmp-rules
This should go well. All the best!
Hi,
Go to SPRO>>Governance, Risk and Compliance>>Access Control>>Workflow for Access Control>>Maintain MSMP Workflows
Select SAP_GRAC_USER_ACCESS_REVIEW in process global setting>>Maintain Agents>> and then add agents,
Below is the example for the details to be filled,
Hope this helps.
BR,
Mangesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Alessandro,
Thanks for notifying it, I don't have the access to GRC right now, so I will update the screenshot tomorrow.
but thanks once again
@Mohammad: it is just one example which includes, here are the details given, so you need not to waste time for screenshot.
Agent name: Z_Agent
Agent Description: Agent for user XYZ
Agent purpose: Approval/notification (select as per your need)
Agent type: PFCG user group (Once you select this option will open to mention user group, make sure you already have created this user group in system)
User Group: ZXYZ
BR,
Mangesh
Thank Mangesh,
Your suggestion applies to all roles but in my scenario I have certain roles which should go to particular role reviewer. This can be accomplished by creating a BRF+ agent rule with the following columns:
User group - role name - reviewer
I do not see "user group" as column in BRF+
Regards,
Mohammed
User | Count |
---|---|
14 | |
4 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.