on 06-07-2015 6:44 PM
Hi All,
I have referred the blog on BRF+ DB lookup for routing result on no role owner:
http://scn.sap.com/community/grc/blog/2013/03/15/using-brf-db-lookup-to-create-complex-msmp-rules
I am on GRC 10.1.
I am able to create the db lookup successfully but unable to achieve the result in simulation mode. I have attached screenshot of the same.
My ultimate goal is to configure the following scenario:
While raising access request I have configured default role (General / Common role) which are without Role Approvers.In Access Request I don't have manager stage, directly the request would move to Role Owner stage. I need to take care of the roles without the owner which is why I have taken the help of DB Lookup to move the roles without role approver to No Stage path.
Any help is highly appreciable.
Screenshots:
Hi Harris,
could you provide the decision table. From your DB lookup config., TRUE value(Role which has owner) should lead to 'Role Owner' stage. So, you should also include a row for FALSE, which should direct to a path having no stages. But this will also, direct other roles(apart from Default), for auto-approval. So, you need to include ROLE_NAME as a column in your decision table. i assume, there are specific name for default roles
Req. type <DBLookup_name> Role_Name Rule_Result
001, 002 TRUE <Default_Role Name> DEFAULT_ROLE_PATH
001, 002 TRUE <><Default_Role Name> NEW_CHANGE_PATH
001, 002 FALSE <><Default_Role Name> NO_ROLEOWNER_PATH
The DEFAULT_ROLE_PATH should have no stages.
NO_ROLEOWNER_PATH should be sen to Security team/Lead/PoC, for review of roles.
Regards
Plaban
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Plaban for your quick response.
I have done the simulation in my decision table as well and its fetching the wrong result.
As requested, I have attached screenshot of decision table for your further understanding.
I have NO_ROLE_OWNER path and CREATE_USER path. So as per DB Lookup logic and decision table the New user request without role owner should move to NO_ROLE_OWNER path and New User request with role Owner should move to CREATE_USER path but the same is not happening in simulation. Both request are moving to NO_ROLE_OWNER path.
Hi Plaban / Everyone,
I have resolved the issue.
I wrote 2 DB Lookup, one for determining the Role ID and other to determine Role assignment approver for the Role ID then I used the same in decision table.
Finally I got the results as expected and my access requesting is also behaving as per expectation. The access request is moving the role with no role owner to a path with no stages and roles with role owner are moved to path with role-owner stage. Post role-owner approval the user is provisioned in the system.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.