Skip to Content
avatar image
Former Member

GRC - Restricting owners and controllers from approving own requests

Hi Everyone,

We are implementing GRC 10.1. I have the SAP_GRAC_ACCESS_REQUEST and SAP_GRAC_FIREFIGHT_LOG_REPORT workflows working as expected except for one issue.

I am unable to restrict users from approving their own requests and FF id activity.

I wanted to create a condition in the workflow to cancel whenever approver = user but couldnt figure out how to add the user value to the condition.

I have an option to add the workflow initiator but if i do that this will fail when we have someone else requesting a ff id for the user who is also the approver for a ff id.

Any ideas?

Please advise.

Sushni

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

4 Answers

  • Best Answer
    avatar image
    Former Member
    Sep 28, 2014 at 04:49 PM

    Hi Sushni,

    You might want to try controlling this through the field 'Approve/Reject Own Requests' in the EUP from SPRO. Maintain the value as NO for this.

    You might want to create EUPs for FF owners and controllers with this field as NO. And then maintain the EUP number in the stage task settings of the MSMP workflow.

    Thanks

    Sammukh

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Sammukh and Neeraj,

      Thank you for that information!! That fixed my issue when I entered the EUP value in the access request workflow.

      Is there anything that can be done to restrict controllers from approving their own FF id activity?

      Sushni

  • avatar image
    Former Member
    Sep 26, 2014 at 11:51 PM

    Hi Everyone

    Also, does any one know how to prevent Controllers from approving their own FFid activity.

    Thank you.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 26, 2014 at 06:56 PM

    Hi Sushni,

    You can refer note# http://service.sap.com/sap/support/notes/1659219

    Kindly let us know whether or not this helps to meet your needs.

    Regards,

    Ameet

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Ameet,

      No this will not help our situation because we want to approvers to be able to submit FF id requests for the Ids they own but we want only their delegates or backup approvers to be able to approve it.

      Thank you

      sushni

  • Sep 29, 2014 at 12:20 PM

    Use BRF+ that might solve your issue.

    There is similar thread hint is for managers .

    you can use same logic creating DBlookup and achieve it.

    Regards,

    Prasant

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi All,

      I have a similar requirement for SPM Log Review workflow in GRC 10.1

      If the controller is the Firefighter, then system should not allow him/her to approve/reject the Log.

      Please help me to achieve this.

      Regards,

      J