on 07-13-2015 4:42 PM
Hi All,
Can you kindly help me to understand the purpose/details of the below points to implement UAR?
1.Risk and Compliance > Access Control > User Provisioning > Define Request Type Customizing activity.
What is the purpose?do we have to assign any action to the request type?If yes,then which actions are recommended?
Why a request type is needed to be created?
2.Governance, Risk and Compliance > Access Control > User Provisioning > Maintain Priority Configuration Customizing activity.
Where it is useful in whole process?
3.Governance, Risk and Compliance > Access Control > User Provisioning > Maintain Review Rejection Reasons for Provisioning Requests Customizing activity.
Any example what we can maintain here?
4.Create a new Service Level Agreement using SAP_GRAC_USER_ACCESS_REVIEW as the Process ID.
What is the purpose of this?
5.Run the Update UAR workflow job to generate the UAR requests
What is the purpose of this JOB?At which step this should be run?
We had to implement SAP note to resolve the issue.
Thanks a lot for all your help and support.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Somik,
regarding your questions:
1. required for the requests to be created. SAP delivers reqtype 011 with action retain.
2. This is used to classify the requests dependend on their priority. I have seen such set ups in environments where you run UAR for productive system and also others (development, test, quality, etc.). Different landscapes used different priorities.
3. Rejection reason: e.g. "User does not belong to me", "User account is not required any longer", etc.
4. SLAs are used as a management instrument to report the UAR (it also helps to identify long runners, etc.).
5. Failed to search.
Please check:
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks as always.
1.I had seen 010 is present in my system w/out any action attached.
Any other action to be added except RETAIN.
Why a request type is needed to be created for UAR?
Once I understand the above question I may be able to add proper actions.
5.I still need to understand the purpose and timing for the JOB before I run it
What exactly this does and if it's needed to be scheduled on periodic basis?
I had read that link and the document which indeed was the reason of my questions.
I am still trying to understand if that the JOB creates all UAR requests and sends to review/approve?
Then again why a request type needs to be there with actions?
I am a bit confused till now and had not seen a clear step by step guide to implement UAR.
Hi Somik,
each request requires a request type. Therefore it is recommended to create a dedicated req type for UAR requests. Within the request types you can define which action should be executed. Also request types are used within BRF+ and in BRF+ they can be routed differently based on your requirements.
The update job starts the UAR requests if they are in admin review which can be set (parameter 2007). Admin review gives the admin the opportunity to review and validate the requests before they are sent out (with the update job).
Generally you need to decide whether you plan an admin review prior to sending out the workflows. Personally I recommend to validate the requests before sending. Therefore set parameter 2007 (Admin review) to YES. After that you first need to generate the data for UAR, then review them as admin, after that send out the workflows with the update job.
Hope this helps.
Regards,
Alessandro
Hi Somik,
you can customize the actions that you might want to take on UAR request. So, first you create a Request type. Then assign it to actions, as required. Then map this request type to UAR option in Maintain Configuration settings
So, customization of Actions justifies the request type availability for UAR
regards
Plaban
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.