cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BRF+ DB Lookup No Role Approver Issue

Go to solution
former_member230677
Explorer

on ‎06-07-2015 6:44 PM

0 Kudos

Hi All,


I have referred the blog on BRF+ DB lookup for routing result on no role owner:


http://scn.sap.com/community/grc/blog/2013/03/15/using-brf-db-lookup-to-create-complex-msmp-rules


I am on GRC 10.1.


I am able to create the db lookup successfully but unable to achieve the result in simulation mode. I have attached screenshot of the same.


My ultimate goal is to configure the following scenario:


While raising access request I have configured default role (General / Common role) which are without Role Approvers.In Access Request I don't have manager stage, directly the request  would move to Role Owner stage. I need to take care of the roles without the owner which is why I have taken the help of DB Lookup to move the roles without role approver to No Stage path.

Any help is highly appreciable.

Screenshots:

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎06-08-2015 4:05 AM
0 Kudos

Hi Harris,

could you provide the decision table. From your DB lookup config., TRUE value(Role which has owner) should lead to 'Role Owner' stage. So, you should also include a row for FALSE, which should direct to a path having no stages. But this will also, direct other roles(apart from Default), for auto-approval. So, you need to include ROLE_NAME as a column in your decision table. i assume, there are specific name for default roles

Req. type     <DBLookup_name>          Role_Name                     Rule_Result

001, 002          TRUE                        <Default_Role Name>           DEFAULT_ROLE_PATH

001, 002          TRUE                     <><Default_Role Name>          NEW_CHANGE_PATH

001, 002           FALSE                   <><Default_Role Name>          NO_ROLEOWNER_PATH


The DEFAULT_ROLE_PATH should have no stages.

NO_ROLEOWNER_PATH should be sen to Security team/Lead/PoC, for review of roles.

Regards

Plaban

Show replies
Show replies
former_member230677
Explorer
‎06-08-2015 6:38 AM
0 Kudos

Thanks Plaban for your quick response.

I have done the simulation in my decision table as well and its fetching the wrong result.

As requested, I have attached screenshot of decision table for your further understanding.

I have NO_ROLE_OWNER path and CREATE_USER path. So as per DB Lookup logic and decision table the New user request without role owner should move to NO_ROLE_OWNER path and New User request with role Owner should move to CREATE_USER path but the same is not happening in simulation. Both request are moving to NO_ROLE_OWNER path.

former_member230677
Explorer
‎06-08-2015 10:18 AM
0 Kudos

Hi Plaban / Everyone,

I have resolved the issue.

I wrote 2 DB Lookup, one for determining the Role ID and other to determine Role assignment approver for the Role ID then I used the same in decision table.

Finally I got the results as expected and my access requesting is also behaving as per expectation. The access request is moving the role with no role owner to a path with no stages and roles with role owner are moved to path with role-owner stage. Post role-owner approval the user is provisioned in the system.

Answers (0)

Ask a Question