on 12-22-2014 4:52 PM
Hello all!
When I create a request for multple users (with various managers) if only one of the managers reject the request it is rejected for all users (even those where the manager approved the request). Is there a way to approve the roles from those manager who approved the request? And ignore the rejected ones.
Regards,
Pedro
Hi Pedro,
make sure your rejection level is set to ROLE on stage task settings.
Other options are described below as per SAP HELP. Allows approvers to reject requests for the following levels:
Where to find it?
next here
Let me know,
Filip
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Filip,
Thanks for your prompt response. Unfortunately I changed the configuration and still with the problem. Bellow the configuration done:
I have one request with one role for two different users, the users have different managers. When one of the managers reject the request it is finished. Do you know what should I do?
Regards,
Pedro
Hi Pedro,
make sure you activate workflow after done. Also new request need to be created as your workflow does not allowed run-time changes.
Thanks, Filip
ps. If you consider may input as helpful, good practice is to mark as such for other users to see what helped you, also it is a good motivation for everybody to continuously contribute to forum knowledge.
Hi Filip,
Now the request is going to the Role Owner Approval Stage, unfortunately it is being rejected automatically as soon as it arrives.
1 - The first manager rejects the request.
2 - The second manager approves the request.
3 - The request goes to the RO approval step as is cancelled automatically by the system.
I did the same thing with both managers approving the request, then everything worked fine.
Can you help?
Regards,
Pedro
Hi,
I believe you are using three step approval process. If any one the approver rejects request, it will be cancelled automatically.
For ex.in first stage manager approved, in second stage manger rejected request. In this case, Request wont trigger to third stage.
There is one more settings particularly related to approvals by different persons in same stage.you can review under path settings.You can use Any one approver rather than all Approvers option.
Thanks
Mohan
Hi Pedro,
keep settings for approval type : All approves, as otherwise - multiple user access request will not work as expected - single approval will be sufficient to push request to next stage.
How did you reject the request?
If you did this on header level - please remember - this is valid for entire request - even for users which are not on the visible list (are hided). You reject the request on header level by one manager - and entire request will be rejected.
This is how rejection works.
Please try to - on line item level - role on access request 'not accept' and submit request with decision not to approve on single line item - then it should work as expected- this will not go to Role Owner
Filip
Hi Mohan,
Bellow the screens requested:
RO Stage configuration (the fields pointed by the red arrow where blank, I changed them but no luck):
Additional information:
When all the manager Approve the request the RO Stage works fine. This issue happens only when one or more Manager reject the request.
Thanks in advance,
Pedro
Pedro,
happy 2015!
Configuration looks good. Are you sure role has role owner assigned?
Tell me how exactly do you reject the request? Maybe here is a problem...Manager stage can reject entire request while doing it on header level, as this is how it works by standard in SAP.
Did u try to create request with 3 users and 3 diff managers.
F.
Hi Filip,
Thanks for your reply an happy 2015 for you too!!!
Well, here we go.
The request has two users. UserA and UserB.
UserA is linked with ManagerA
UserB is linked with ManagerB
The request is to concede the Role "Role123" for both. This means the Role Assignment is made by the same user.
If ManagerA and ManagerB approve the request, everything goes fine, including the Role Owner stage.
If one of the Managers reject the request the problem happens as bellow:
ManagerA rejects.
ManagerB approves.
Request goes to the RO stage and a few seconds after the request is ended without providing the access or requesting the Role Owner approval.
Very strange.
Regards,
Pedro
This is what I understand from previous discussion. I have 2 questions.
(Q1)
Has this role123 have role owner assigned? Can you make sure - approve user assignement check box has been selected.
(Q2)
How do you do rejection? SAP GRC works in a way - when request is splited per user in fact still this is the same request - but each manager can only see his own's users, but in fact can reject entire request in the sense that if you go to 'other actions' - -> reject request - it will reject entire request and it will never go to role owner.
I do not see from Audit log that request actually went to Role Owner stage, as no exact role owner
F.
Filip,
You made me work in a double check to see if all the Post Installation steps where really ok. I found two BC Sets from AC that were not enabled.
GRAC_SPM_CRITICALITY_LEVEL
GRC_MSMP_CONFIGURATION
Can this be the issue? Is it ok for me to activate them? If yes, I will loose the MSMP configuration?
Regards,
Pedro
Hello Filip,
This note solve the problem:
1950981 - Problems with multiple requests in GRC AC
Thanks to all for the help in special to Filip!!!
Regards,
Pedro
Hi Pedro,
I am very glad to hear that.
I have seen that note, but the description does not correspond to problem you had.
Lucky you, that you tried to check it.
Please close the thread, so it is easier for others to see problem was solved, otherwise it is pending as open. Also if you believe some of my posts were helpful to final solutions you can mark them as such to speed up problem solving process for others users of our community,
Regards,
Filip
Hi Pedro,
Nice to know that your problem is solved. After seeing this thread I tried to replicate your scenario.
I had taken two users with different managers and submitted the request with single role assigned.
User1 -> Manager1
User2 -> Manager2
I logged in as Manager1 and can see both the users in the same request. I would like to see only the User1 which i had not. On line item I choosed Reject and clicked on Submit.
Now I logged in as Manager2. This time I choosed Approve and clicked on Submit.
My path has 2 stages only. In first stage goes to 2 manager's approval and in second stage goes to Security approval.
Now the request is closed without going to second stage as in first stage, the first manager had rejected the request.
However, If both the managers are accepting, it is going to second stage and users are created and roles are provisioning properly.
I taken care of:
a. In MSMP, the Approval type is "All Approvers".
b. One User per Request per System" to "NO" (As per SAP note 1950981)
c. Provisioning option: Auto provisioning at the end of each path (Global and System)
Regards
Raj
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.