on 07-04-2014 11:49 AM
Dear experts,
We have an issue regarding Access Request Creation. We have configured the New/Change Account workflow with Role Owner stage, the problem appears when the user sets the system. The following screenshot shows the MSMP configuration:
I will try to explain this issue with two examples:
Example 1: Only roles are selected, the workflow works properly:
Acces Request Creation: Two roles (with Role Owner) was selected:
The request is splitted and sent to the two role owners:
Role Owner 1:
Role Owner 2:
This is the desired scenario.
Example 2: System and roles are selected, the workflow do not work properly:
Acces Request Creation: Two roles (with Role Owner) and system was selected:
The request is sent to detour stage No Role Owner because the system have not Assignment Agent:
No Role Owner stage:
I was searching this issue in forums and internet, but i did'n find anything.
Could you help me to find the solution for this problem? The system have not Role Owner but rules are detecting this field empty.
Thanks & Regards.
Hi Jose,
did you find a better solution, than creating a dummy path with the automatic approval of the system?
I think this is a gap in the design of msmp, because the role owner is able to reject the request. In this case the roles aren't provisioned but the user is created on the target system. (system line item in request)
Thanks for your answer.
Regards,
Manuela
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear José,
as the system does not have an approver the request is routed directly without approval. You can create an exception that in case an owner is missing the workflow gets routed to a pre-defined stage.
Instead of adding the system with "create user" parameter in the request you can also enable that a user gets created if he doesnt exist. This can be configured in the global provisioning configuration.
Hope this helps.
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
The workflow is behaving as per the design. If you want your system line item to get approved without any system/role owner assigned then create a path with no stage and in your route mapping send the NO_ROLE_OWNER result to that dummy path, then the request which will have no role owner or system owner for the role/system will be approved automatically and the rest will continue the normal path.
Regards,
Neeraj
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.