cancel
Showing results for 
Search instead for 
Did you mean: 

Configure Agent workflow for different entity

former_member400151
Participant
0 Kudos

Hi all,

We are planning to modify the workflow in our system and I need some help on the correct approach to acheive this.

In our current system the workflow is set as follows.

New or change workflow submitted-->Manager approves-->Role owner approves-->If any unmitigated risk is found-->Routed to local SOX team(Only 1 at thi spoint).If local SOX is unable to determine-->It gets sent to corporate SOX for mitigation of risk-->Gets back to role owner-->Security for closure..

We currently have only 1 entity. But from next month onwards we are adding 2 more entities to GRC AC and hence it is expected the workflow to works as follows

New or change workflow submitted-->Manager approves-->Role owner approves-->If any unmitigated risk is found on a role/user that belongs to Entity1-->Routed to local SOX team of Entity 1 and similarly if the role/user belongs to entity2 it should get routed to Entity2 etc-->If local SOX of any entity is unable to determine-->It gets sent to corporate SOX for mitigation of risk and then  -->Gets back to Role owner stage for approval-->Then security stage for final completion.

My requirement is to modify our currently workflow to enable request to get routed to appropriate local SOX.

1. We are in the process of redoing all of teh security roles build in the past and are re-building it with correct naming conventions. Each role built entity specific is now assigned to respective Entity name in "Project reelase attribute of the role". Also we have users assigned to user groups based on the entity. These are the only 2 object that can be used to distinguish between users and roles.

So I thought of creating a Custom Agent rule. But unfortunately the Project release(attribute of the role) is not available to me as an option for selection in decision table. SO I took the user group as the selection object. If user group is USG1 then route to User 1(local SOX tem). If user group is USG2 then route to User 2.

I am unsure if this is the correct way to do it as I am not happy hard coding the user ID's in decision table.

We are currently in V10/SP15.

Please help with some idea on how to approach this.

Thanks

Lakshmi

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member193066
Active Contributor
0 Kudos

Hello,

if i understand your workflow.

Manager >Approves>Role Owner>SOD risk Analysis> Approves>if SOD Violation > SOD Team> SOD Violation> Corporate Compliance> Role Owner> Security.

in this case Role owner has to approve twice?

this can be achieved.

make risk analysis mandatory at role owner stage and put SOD violation routing rule.

send it to Local SOD team make risk analysis mandatory and put routing rule SOD Violation routing rule.

Regards,

Prasant

former_member400151
Participant
0 Kudos

Hi Prasant,

We already have them configured. I need to achive the following

For now we have only 1 SOX local team configured. But need to have the request routed to respective SOX teams (2 new ones) based on user group of the user or based on some role attribute.

Thanks

Lakshmi

former_member197694
Active Contributor
0 Kudos

Hello Lakshmi,

Did you get chance to check below document

Regards

Baithi

former_member193066
Active Contributor
0 Kudos

OK,

based on user group, u have to use BRF+ Agent rule.

Regards,

Prasant

Former Member
0 Kudos

hi,

could you say, how many entities you have? if you ave less, then hard-coding them is not much of a task

Regards

plaban

former_member400151
Participant
0 Kudos

Hi Plaban,

For now we will have 3 entities  in GRC.

Thanks

Lakshmi

Former Member
0 Kudos

hi,

since your mapping(user group to SOX users) is not captured in any SAP standard table, you can map them in a custom table(with column SOX_USER and USER_GROUP). therafter, use a DBLoopup, to retrieve a SOX user, where Clause is User group from Request is equal to USER_GROUP

So, you have to maintain a Custom table, with appropriate mapping

regards

Plaban