cancel
Showing results for 
Search instead for 
Did you mean: 

Business Role in Access Request

Former Member
0 Kudos

     Hello Gurus,

We are following Business Role concept for provisioning....

Workflow we are maintaining for the New Request is Requestor -> Manager -> Role Owner-> Provisioning

Here Requestor will select the Business Role (Nothing but a Job Position) and submit the request.

After the Manager Approval... Role owner will do the risk analysis and if he wants to remove any technical role in the selected business
role... there is no option for that...

So please suggest.....how to remove a technical role from the selected business role by the role owner

Thanks,

Sriram

Accepted Solutions (1)

Accepted Solutions (1)

former_member193066
Active Contributor
0 Kudos

approver can reject the enitre business role , cannot reject any techinical role .

you need to redisgn business role accordingly.

Answers (2)

Answers (2)

Former Member
0 Kudos

Hello Sriram

You are talking about two process here .

1. Role lifecycle management (adding/removing single role from business role )

2. User access with roles .

and to answer your question you would not be able to reject at single role level in business role as what will happen to other user who have same business role ,they may still need that single role .

So i think thats per design ,

What you can do here is some single role is not required reject that buisness role and either create a new request or in the same request add those techncial roles which are missing .

I think solution need to be more process driven then tool,

Kind Regards

Asheesh

Former Member
0 Kudos

I think the use of "Template based requests" would be sufficient in this scenario rather than creating a request from scratch after rejection of a business role.

Former Member
0 Kudos

HI,

As per our customer, they want end user to select only the job positon and that position should contain all the single roles mapped. And one owner for approving the position so that all the single roles will be assigned.

but if we go for request template it will direct to multiple role owners.

If there is any remidiation required for the business role at the risk manager stage, we have no option to remove the single role from the business role.

so is there any other role type which satisfy my requirment and also please explain me the concept of role mapping.

Thanks,

Sriarm

Former Member
0 Kudos

As I said earlier, you can only approve the Business Role as a container, not the individual roles within etc.

Best thing to do is make your "Job Roles/Business Roles" SOD Free at role level (similar to Composite roles concept) , like any good Risk re-mediation concept. this could involve making your business role small in terms of technical roles assigned.

Former Member
0 Kudos

Thanks..

Former Member
0 Kudos

Hello Sriram,

sub-approval of the technical roles within the Business role is not possible (yet). I have also raised the same question to SAP and I don't think we shall be seeing this option any time soon.

My suggestion for achieving the approval scenario you want is to use the "request template" option (i know this defies the point of business roles, but this will allow you to approve individual technical roles etc).

hope this answers your question.