cancel
Showing results for 
Search instead for 
Did you mean: 

GRC AC 10 - Risk Analysis mandatory for scenarios wherein all roles rejected by an Approver.

Former Member
0 Kudos

Hi,

We have got a request from couple of client to implement a scenario wherein:

In case all roles rejected by role owner then risk analysis is not forced for user, as of information received its not possible to implement same set up in GRC AC 10(was possible in 5.3) but would like to comment if anyone have solution or have a comment from SAP directly.

Reject role is done at line role level but not at request level.

Its slightly difficult to explain customer wherein system is forcing risk analysis for cases wherein requestor have reject all role for which he/she is an approver.

Regards,

Nishant

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Nishant,

I believe that if the setting "Risk Analysis is Mandatory" is set to "Yes" within the stage setting, then in GRC 10.0 it forces you to perform the risk analysis before accepting the click of the "Submit" button. If one is not performed, then you get a message on the screen stating it is mandatory.

If you are rejecting the whole request, then by pressing the "Reject" option from the "Other" option in the header, I don't think the system forces you to perform the risk analysis, but if you are rejecting the items at line level, then you have to press "Submit" button to proceed (hence it forces you to perform a risk analysis).

I think this is why you are experiencing this behaviour. The Submit button is seen as a progression within the workflow (even if all items are rejected at line level), whilst the "Reject" option at the header level simply kills off the request.  I have not seen or found a way round it, apart from not making the risk analysis mandatory at a stage within a workflow (which I believe is not a good idea to do in your case, or in any other workflow design where risk analysis should be double checked in a access request). Hope that helps.

Former Member
0 Kudos

Hi Harinam,

Thanks for the response.

Reject done at reject level(via "Other" option in the header) is not intended since it rejects whole request.

Let say a request is having multiple approver and one rejecting all is not intended hence we have removed the possibility to reject whole request at role owner stage itself.

I would like to get some picture on SAP reply on this kind of request. It was possible in 5.3 hence client is requesting for same. If someone can share experience on SAP response then will be great.

Regards,

Nishant

Former Member
0 Kudos

I fully agree with your response above and it has caused a headache for many clients who have moved from 5.3 to 10.0. It would make more sense if the "Reject" button rejected only the specific role owners bunch of approvals and not the whole request in the same stage (as you have described). 

Most clients have decided to "Live with it" and not really chased SAP up with a OSS message, but I would strongly suggest that you/your company/client raise a call to SAP and get their Developer team to look at the issue (not their 1st line support). This will be the only way to receive a SAP reply on the matter. With some persuasion they may even make a fix

Not the definitive answer you are looking for, but I hope that this spurs you on in getting the answer directly from SAP by raising a OSS call for your company/customer.

Hope that helps/helped.

Former Member
0 Kudos

Hi,

Will wait for few days to get some more view over this thread, after that will create OSS (asking to provide feature as its in 5.3  or letting us know why cannot be implemented).

@All : Whoever going through this discussion,please share your experience.

Regards,

Nishant

Answers (0)