cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to Set "RETAIN" provisioning action as default???

former_member184114
Active Contributor

on ‎07-07-2014 7:53 AM

0 Kudos

Hi All,

I would like to  keep "RETAIN" provisioning action as default in ARQ while "adding" a role.

Actually, there is one configuration parameter "2045" which will make it possible. But this is ONLY applicable to the situation where a role is selected from existing assignment by clicking on "Existing Assignment" button.

As soon as a role is selected from the existing assignment automatically the provisioning actions is set to "RETAIN" (due to the config. parameter 2045).

But what I want is, whenever a user adds a role to a user in access request form, the default provisioning action should be set to "RETAIN". I could not find any suitable configuration parameter for this.

Has anyone set this before? Or does any one know how to set it?

Please advise.

Regards,

Faisal

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎07-25-2014 10:27 PM
0 Kudos

Only way to get 'retain' is when you select a role from "existing assignment" option within the Access Request submission form.

Show replies
Show replies
former_member184114
Active Contributor
‎07-07-2014 5:35 PM
0 Kudos

Any help please?

Show replies
Show replies
alessandr0
Active Contributor
‎07-08-2014 7:25 AM
0 Kudos

Hi Faisal,

I am not sure whether there is an option to set retain as default parameter as it doesn't make sense from my point of view.

What was your motive to have retain as defualt option? In case of a new assignment in my opinion it is correct with assign option.

Maybe if I understand the situation I can give you some input.

Looking forward to hear from you.

Best regards,

Alessandro

former_member184114
Active Contributor
‎07-08-2014 8:38 AM
0 Kudos

Hi Alessanrdo,

Thanks for your reply.

Actually the motive behing this option is to cover the "loop hole" of ARQ application. If you notice, we can "keep" adding the same role which is already assigned with different validity dates. ARQ does not control this!

Eventually, what happens that in the back end system, the user master record is overwhelmed with the same role entry with different validity dates!

Unfortunately, application does not have any control over this. Therefore, at least making "RETAIN" as the default provisioning action, we can have a "sort" of control over this. What happens is, if I add a role which is already assigned to a user and change the validity dates, there will not be any new entry in the back end system with the same role.

Hope this will help you understand the requirement and advise me.

Regards,

Faisal

alessandr0
Active Contributor
‎07-08-2014 8:50 AM
0 Kudos

Hi Faisal,

great consideration - you are absolutely right. In such situation it would make sense to have retain as default option.

Can you please post your idea on the idea place?

https://ideas.sap.com/ct/ct_list.bix?c=4F27C74D-5330-4569-8199-D69072C0D4AE

Thanks and regards,

Alessandro

former_member184114
Active Contributor
‎07-08-2014 11:31 AM
0 Kudos

I have done it.

alessandr0
Active Contributor
‎07-08-2014 11:42 AM
0 Kudos

great 🙂 hope to see a solution asap 🙂

Former Member
‎07-08-2014 9:21 PM
0 Kudos

Hi Fasal,

did you get any way around to achieve this unique way..?

Would you mind sharing the solution with us

Regards,

Ameet

former_member184114
Active Contributor
‎07-09-2014 7:09 AM
0 Kudos

Not yet. Looking for the solution.

former_member204479
Active Participant
‎07-09-2014 9:58 AM
0 Kudos

Hi Faisal

Although not a GRC solution, but to solve your specific issue you can have the program PRGN_COMPRESS_TIMES run periodically as a background job. It will compress all the duplicate assignments.

Thanks

Sammukh

former_member184114
Active Contributor
‎07-09-2014 4:17 PM
0 Kudos

Sammukh,

Thanks for sharing this

I believe this has to be run in GRC system (front end system). Secondly, How does it compress the duplicate assingments?

I mean for example, let say:

Role1: valid from=01.07.2014;valid to=31.07.2014

(Again) Role1: valid from=01.08.2014;valid to=15.08.2014

Now lets say I ran this job today, what will happen?

Or lets say I run this job on 16.08.2014, which entry will be removed? And on what basis this program decides this? What is the parameter it considers?

I would like to understand the behavior of this program.

Regards,

Faisal

former_member204479
Active Participant
‎07-09-2014 4:23 PM
0 Kudos

Hello Faisal

This needs to run on the system where you want to reduce the user records in assignments. So if you want for ECC then it needs to run there.

The start validity is chosen as the earliest and the end validity is chosen as the last date. So basically the validities from different records are merged.

There is a simulation option in the program. You can run it from SE38 and test it understand the results better. Check the simulation checkbox below in the screen and it will only show you the analysis without making any changes. Hope this helps.

Thanks

Sammukh

alessandr0
Active Contributor
‎07-09-2014 4:23 PM
0 Kudos

Faisal,

you need to start this program in your central user master if you are using CUA or otherwise once in each system.

In the program you have two options available. First you can run the program in simulation mode to see what will happen (very useful if you are not aware). Second you can also delete expired assignments which is also helpful if you wanna delete them all in one shot. Be aware that sometimes it is very nice and helpful to have the history of already expired roles in the user master.

See the following example:

If you run the program it checks for validity dates as you can see in the picture. The system picks the earliest start date and the latest end date for the new validity.

Does this answer the question?


Regards,

Alessandro

former_member184114
Active Contributor
‎07-09-2014 5:21 PM
0 Kudos

Alessanrdo,

From the screen, please let me know if my below understanding is correct:

Role : C:S_GLGL_CRE_GRC-GRC_CF001 having 12.08.2013 as the old start date will be removed

Role : C:S_GLGL_DSP_SBA-SCA_CA001 having 12.08.2013 as the old start date will be removed

Regards,

Faisal

alessandr0
Active Contributor
‎07-09-2014 7:09 PM
0 Kudos

correct - in the end you have one assignment per role with the earliest from and the latest to date.

Ask a Question