cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Need help to understand this standard SAP BRM Workflow???

Go to solution
former_member184114
Active Contributor

on ‎02-11-2015 1:43 PM

0 Kudos

Dear All,

This thread may cause some one of us to think that how a simple workflow can not be understood!

Please bear with me.

Below picture is taken from BRM document from SCN and I think most of us have already followed it. I have configured the basic BRM workflow and it worked fine.

However, I was pondering on this attached workflow and suddenly some doubts started coming to my mind which might be silly.

Below are my doubts:

1. The first action of "Role Design Team": Business Need identified and communicated, who it is being communicated to? I guess it is Security Analysis. Please correct me, if need be.

2. The second action of "Role Design Team": Evaluate need and approach. It is not that clear to me. May anybody help me understand this?

3. The first 2 actions on Security Analyst are spanning across Role Design Team also. Is this the drawing issue? Please advise.

4. How 'Manage Risk' action of Security Analyst is triggering 2 actions: "Role Owner Approval" and "Generate Results"?

5. How "Role Owner" Approval again triggering "Generate Results" action for Security Analyst and then again "Perform testing a document results"

    action for Role Design Team?

I configured below simple Role Methodology:

(1) Role Definition->(2) Analyze Access Risk->(3) Maintain Test Cases->(4) Request Approval->(5)Generate Roles

This triggered actions one after the another. However, I am not able to understand how "Approval" action is again triggering "Generate Results" action, unless it is defined in the methodology. But do we define "Generate Roles" actions after approval again? What significance it has?

Please help me understand above figure in detail.

Regards,

Faisal

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

alessandr0
Active Contributor
‎02-11-2015 2:06 PM
0 Kudos

Hi Faisal,

the flow as shown on your picture follows the procedure that if the role itself has a risk it is sent to the role owner for approval. After approval the roles are generated so that they can be tested/used. In situations where the role doesn't have risk, it is generated without approval.

That's how I understand the workflow shown on your picture.

Hope it helps.

Regards,

Alessandro

Show replies
Show replies
former_member184114
Active Contributor
‎02-11-2015 3:52 PM
0 Kudos

Dear Alessandro,

Thanks for your input. It is very long since we interacted .

If I follow your logic, then this picture must be modified and 'Decision' Box must be placed. This will be a complete picture without any ambiguity.

Also, is there any 'decision' available in BRM role methodology? I think it will straight follow the defined methodology whether it has any risks or not!

Do you agree?

Regards,

Faisal

alessandr0
Active Contributor
‎02-11-2015 6:40 PM
0 Kudos

Hi Faisal,

has been a while 🙂 good to see you back! Hope you are doing well 🙂

Fully agree - in the standard MSMP workflow there is nothing defined to take another path based on SOD violations. But as a detour path is available in access request workflow I am sure based on this example you can define your own for role approva with BRFplus.

I also agree that decision boxes are missing. From my point of view this is a "sales presentation" and hence on a very high level 🙂

Regards,

Alessandro

former_member184114
Active Contributor
‎02-12-2015 1:42 PM
0 Kudos

Dear Alessandro,

Your reply has opened a new question: MSMP

I was referring to "Role Methodology" in SPRO where we define the steps for Role Definition and its approval. There I have not see any step triggering more than 2 actions.

Secondly, I have not used MSMP for Role Approval workflow since, Role Methodology sufficed the requirement.

Do you look at this picture from MSMP point of view or Role Methodology? Because, I was looking at this picture from Role Methodology angle and this served the purpose.

I am yet to understand MSMP angle. Can you please help me understand how MSMP will  help? Also, can you please differentiate between the intended purposes of MSMP Role Approval and Role Methodology?

Hope, I am not asking to much

Regards,

Faisal

former_member204479
Active Participant
‎02-13-2015 9:04 AM
0 Kudos

Hi Faisal

The diagram is more from the methodology perspective.

in the role methodology there is a step defined for approval. During usage, when this "approval" step is encountered and the role change requester submits the role change for approval, the MSMP workflow is triggered. This MSMP workflow then can have multiple stages as in AR workflow. Once the entire MSMP workflow is completed the control returns to the next step of the methodology.

I hope I was able to answer your question. Do let me know in case further information is needed.

Thanks

Sammukh

former_member184114
Active Contributor
‎02-15-2015 6:44 AM
0 Kudos

Dear Sammukh,

Thanks for your reply.

Now I can understand the connection between these two.

However, I still need some help to understand the picture.

1. The actions of 'Role Design Team' are of course out side of GRC system. It just represents the logical flow of Business and Technical coordination

2. I am a bit confused after 'Manager Risk' action of Security Analyst. Lets discuss a simple scenario. If a role definition does not have any risks and then security analyst submits the role for approval (logically this should be sequence). Then how flow is going to 'Generate Results' and from there 'Perform Test and Document Result' Action of 'Role Design Team'?

If I follow you, when a request is submitted for Role Approval, then it should go to 'Role Owner' for his approval/rejection then it should come back for 'Generate Results' (Is this action similar to 'Generate Roles').

If taken that a Role Methodology works sequentially, how this is generating two actions at the same time?

Can you please help me understand what might be happening after 'Manager Risk' Action of Security Analyst?

I really appreciate if you can share possible scenarios.

waiting for your kind inputs.

Regards,

Faisal

former_member204479
Active Participant
‎02-15-2015 1:22 PM
0 Kudos

Hello Faisal,

1. Yes the design teams actions, designing the role in on paper and outside the GRC system.

2. Putting it simply, I assume the diagram you show provides the "possible" activities and does not give it as a "flowchart", where it depicts a sequential path.

However, the usage in BRM is sequential as you rightly understand. Let me put scenarios as follows, this is just an example though. It would depend on the methodology that you have active in the BRM.

     a) Security Analyst performs risk analysis.

     b) Security Analyst submits for approval. MSMP workflow is triggered here. The methodology remains at "Approval" step till it is actioned on the MSMP request

     c) Role Content Approver approves the role change.

     d) Once approved the methodology moves to next step for generation.

     e) Security Analyst generates the roles here. Yes. Generate results in the diagram is equal to generating the roles

     f) Once generated the methodology moves to the testing step

     g) The design team performs the test and uploads the test cases to the methodology step confirming that the role performs as designed

     h) The methodology is closed

This ideally is the same even if the risk is there or not. If you wish to differentiate the flow based on whether risk is there or not. You might want to do that during the MSMP workflow, where if there is no risk you only send it to the role content approver (1 stage approval). And if risk is present you move it through a 2 stage workflow, role content approver and then the BPO / risk manager for handling the risk.

Let me know in case you have further questions.

Thanks

Sammukh

former_member184114
Active Contributor
‎02-15-2015 4:00 PM
0 Kudos

Dear Sammukh,

Thanks again for your kind input.

We share the same thinking. However, this picture (taken from BRM Configuration guide from SCN) caused lots of confusion. I think we can not relate this to the behavior in which BRM works. This is simply a sales presentation (as rightly pointed by you and Alessandro). It does not seem to represent the 'actual' working of Role Methodology and MSMP Role Approval Process.

May I get to know what 'Role Methodology' you follow at your end? This might help me in designing my own.

Regards,
Faisal

former_member204479
Active Participant
‎02-16-2015 4:59 PM
0 Kudos

Hi Faisal,

I have used the standard methodology in past. It is simple and fits fine for most environments.

Thanks Sammukh

Answers (0)

Ask a Question