- SAP Community
- Products and Technology
- Additional Q&A
- GRC 10 Workflow to allow triggering multiple acces...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
GRC 10 Workflow to allow triggering multiple access role provisioning in parallel
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 10-11-2013 9:17 PM
We have GRC 10.0 running, and it currently has three stages for provisioning access requests:
1. Risk Analysis
2. Manager Approval
3. Role Owner Approval
The problem with the Stage #3 is that it could take several days before a user can have access to SAP before ALL role owners to complete their approval/rejection. The approval notification is sent to all role owners simultaneously, but some approvers are quicker to complete their approval request than others. By default, the actual provisioning won't take place until the final approval Stage #3 completes -- meaning all Role Owners have to approve or reject in order for the Stage #3 to complete and the provisioning workflow kicks in.
Is it possible to setup GRC 10 to provision approved access roles as soon as each relevant Role Owner approves at the Stage #3 above?
Basically, the auto-provisioning process would have to be triggered in parallel at the Stage #3 so that those approved access roles can be provisioned as soon as each Role owner approves. This means the auto-provisioning would have to be triggered before the Stage #3 completes as a whole.
This would allow the user can start using the approved access as soon as one of the Role Owners approves.
Accepted Solutions (0)
Answers (6)
Answers (6)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Jae An,
Did you find the resolution to your issue? Since, the system is behaving as designed by SAP.
Let me know if you find the solution for the same.
Regards,
Vandana
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Vandana,
I was the consultant in this requirement later on.
I have configured this.
we need development on standard function module.
you have to reverse the logic of escalation.
you escalate which is not approved to separate path, instead escalate which is approved to different path which does not have any stage.
let me know if u need any details.
Regards,
Prasant
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Jae An,
I have configured the notification of approval for all owners of function simultaneously ships, but it presents a drawback is that the owners mitigate risks that do not belong to them, I can guide how you handle the mitigation on each owner? . Thank You.
Regards,
Freddy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Jae,
you can have Escalation enabled.
Regards,
Prasant..
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
I have the same problem.....
I only can think of to create different routes for each approver or atribute
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
You can set the Provisioning setting to provision "At the end of each path", given the request has been split to go down multiple parallel paths.
However, If all the line items are going down the same single path, you still have your same issue.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Colleen
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Jae An
What setting do you have in IMG for Governance, Risk and Compliance > Access Control > User Provisioning > Maintain Provisioning Settings
There is an option to provision at End of Each Path. What I'm unsure of it the Role Approval is treated as a single path or it's split
Have you also configured reminder/escalation notifications to improve this? As much as you are trying to minimise impact to users, some culture training on the role owners is also needed so they don't let the items sit in their inboxes without action.
Regards
Colleen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- New Machine Learning features in SAP HANA Cloud in Technology Blogs by SAP
- CF Deployment Error: Error getting tenant t0 in Technology Q&A
- SAP Enable Now setup in Technology Blogs by Members
- FAQ on Upgrading SAP S/4HANA Cloud Public Edition in Enterprise Resource Planning Blogs by SAP
- Replication flows: SAP Datasphere to Google BigQuery in Technology Blogs by Members
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.