on 09-11-2015 5:24 PM
Hi all,
We are planning to modify the workflow in our system and I need some help on the correct approach to acheive this.
In our current system the workflow is set as follows.
New or change workflow submitted-->Manager approves-->Role owner approves-->If any unmitigated risk is found-->Routed to local SOX team(Only 1 at thi spoint).If local SOX is unable to determine-->It gets sent to corporate SOX for mitigation of risk-->Gets back to role owner-->Security for closure..
We currently have only 1 entity. But from next month onwards we are adding 2 more entities to GRC AC and hence it is expected the workflow to works as follows
New or change workflow submitted-->Manager approves-->Role owner approves-->If any unmitigated risk is found on a role/user that belongs to Entity1-->Routed to local SOX team of Entity 1 and similarly if the role/user belongs to entity2 it should get routed to Entity2 etc-->If local SOX of any entity is unable to determine-->It gets sent to corporate SOX for mitigation of risk and then -->Gets back to Role owner stage for approval-->Then security stage for final completion.
My requirement is to modify our currently workflow to enable request to get routed to appropriate local SOX.
1. We are in the process of redoing all of teh security roles build in the past and are re-building it with correct naming conventions. Each role built entity specific is now assigned to respective Entity name in "Project reelase attribute of the role". Also we have users assigned to user groups based on the entity. These are the only 2 object that can be used to distinguish between users and roles.
So I thought of creating a Custom Agent rule. But unfortunately the Project release(attribute of the role) is not available to me as an option for selection in decision table. SO I took the user group as the selection object. If user group is USG1 then route to User 1(local SOX tem). If user group is USG2 then route to User 2.
I am unsure if this is the correct way to do it as I am not happy hard coding the user ID's in decision table.
We are currently in V10/SP15.
Please help with some idea on how to approach this.
Thanks
Lakshmi
Hello,
if i understand your workflow.
Manager >Approves>Role Owner>SOD risk Analysis> Approves>if SOD Violation > SOD Team> SOD Violation> Corporate Compliance> Role Owner> Security.
in this case Role owner has to approve twice?
this can be achieved.
make risk analysis mandatory at role owner stage and put SOD violation routing rule.
send it to Local SOD team make risk analysis mandatory and put routing rule SOD Violation routing rule.
Regards,
Prasant
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi,
could you say, how many entities you have? if you ave less, then hard-coding them is not much of a task
Regards
plaban
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi,
since your mapping(user group to SOX users) is not captured in any SAP standard table, you can map them in a custom table(with column SOX_USER and USER_GROUP). therafter, use a DBLoopup, to retrieve a SOX user, where Clause is User group from Request is equal to USER_GROUP
So, you have to maintain a Custom table, with appropriate mapping
regards
Plaban
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.