cancel
Showing results for 
Search instead for 
Did you mean: 

GRC 10.0 - Activate "Remove" Button

Former Member
0 Kudos

Hello,

Could someone please tell me how to activate the "Remove" button for a workflow?  I found the "add assignment" option in MSMP.  But, I have not been able to find the "remove assignment" option.

Thanks and best regards,

Phil

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Philip,

'Remove' button in the Access Request form appears inactive during any of the approval stages for the roles which have already been added to the request since as per design it does not allow Removal of these roles.

The 'Remove' button will appear active in the following cases:

1. While creating the request(before submission) when the roles are added as
assignment.

2. If new Role is added by the approver and he wants to remove it before
approving the present stage

For detail info you can refer: http://service.sap.com/sap/support/notes/1790662

Hope this answers to your query.

Regards,

Ameet

Former Member
0 Kudos

Hi Philip,

Hope you got all the answers you needed.

Let us know if it helped and you can close this thread unless you have any other questions on the same.

Regards,

Ameet

Answers (2)

Answers (2)

Former Member
0 Kudos

Hi Phil,,

"add assignment"  option has been given to approver allowing role addition.  Using this approver can add any role which requester have not requested.

Same is regardless of user already having it or not having it.(For User already having it case, even "Existing Assignment" can be used and validity change can be requested. But this scenario doesn't help in adding a new role to user which resulted in new configuration item like allow "ADD Assignment").

For Remove case, approver need to click on "EXISTING ASSIGNMENT" and select the role which need to be removed. Since removal can be only done if user already have the access hence "EXISTING ASSIGNMENT" option is enough and holds good.

(Change request detail need to be activated for same to work and also you can have a look at 2045).

Another case of removal can be wherein user requested in the request form, need to be marked rejected by approver for log purpose.

Let us know if this gives relevant information.

Regards,

Nishant

Former Member
0 Kudos

Hi Nishant,

Thank you for your reply.  We are actually trying to activate the "Remove" button, at the Security stage, for line items requested in error.  When users submit a request via the "Model User" option, they often select the systems as well as the roles.  We do not have owners/approvers for our systems, which causes the request to error out and kick out to the Security stage of the workflow.  Currently, we have no way to fix the request, by removing those line items. Rejecting is not an option either. Our only option is to cancel the request and submit a new one for the user or ask the user to submit a new one.  We thought that activating the "Remove" button would allow us to remove the line items (in this case the systems) that were requested in error so that the request could progress to the next stage in the workflow.

If the "remove" button is not the correct method for addressing the issue we are facing, is there a way to remove line items that should not have been requested?

Thanks,

Phil

Former Member
0 Kudos

Hi Phil,

We got exactly similar situation for one of the client where we wanted to allow both role addition and validity change from same request type/template.

Sharing you the analysis, hope you get some view to the issue you facing in.(for sure steps to correct each request is time taking, hence if can be handled automatically will be good).

Actually the request errors whenever a line item is found with system as entry, this is not because system shall have approver but its because the whole request goes to a stage like Role Owner. Let say a role and system is added in request, and we have stage as ROLE OWNER then role entry does find an approver but not system since the API agent ROLE owner is not relevant.

For this one, we have changed the decision table of BRF Line by Line(not sure which one you are using). In our decision table we have created a scenario, so that system entry gets routed to a path AUTO_APPROVAL (without agent, you can always add one stage as well if you want).

Feel free to let me know if you are not able to send the request entry system to another path.

Case which we handed we have added All the system(Role Connector) for routing to different paths and we have created not equal to Value of Role connector(this was able to handled system since when you add system as entry then role connector is not a value since no role-associated system)

*NOTE : You will find two entry while preparing decision table, ROLE CONNECTOR AND CONNECTOR. One means SID of role requested and other means of system.

We came to this solution since our decision table had lot of complexity, if its not clear let me know.

For your scenario, we may find a easy solution. if you need info, share decision table logic details.

Request,

Nishant

Former Member
0 Kudos

You can also use role name(in my case role name was used for some other purpose).

See below thread

http://scn.sap.com/thread/3634908

madhusap
Active Contributor
0 Kudos

Hi Philip,

As per my understanding Roles requested by User should not be removed from Access Request by the approver, Instead he should Approve/Reject them accordingly.

If we enable "ADD ASSIGMENT" at stage settings in MSMP, then approve of that stage can add the assignments and only those assignments will have REMOVE button, but line items those were added while creating request should not be removed.

Regards,

Madhu.

Former Member
0 Kudos

Hi Madhu,

Thank you for your reply.  We are actually trying to activate the "Remove" button, at the Security stage, for line items requested in error.  When users submit a request via the "Model User" option, they often select the systems as well as the roles.  We do not have owners/approvers for our systems, which causes the request to error out and kick out to the Security stage of the wokflow.  Currently, we have no way to fix the request, by removing those line items. Rejecting is not an option either. Our only option is to cancel the request and submit a new one for the user or ask the user to submit a new one.  We thought that activating the "Remove" button would allow us to remove the line items (in this case the systems) that were requested in error so that the request could progress to the next stage in the workflow.

If it's not possible to activate the "remove" button for line items that have not been added using the "add", is there a way to remove line items that have no approver?

Thanks,

Phil

madhusap
Active Contributor
0 Kudos

Hi Philip,

If the request contains SYSTEM lineitem route it no stage path. You can understand about this and how to use it in your initiator rule using below link.

Regards,

Madhu.