Skip to Content

Need an idea to resolve split procedure

Dear all,

I have the following approval procedure:

  • Manager creates request with roles and systems
  • Approvers make decisions
  • User gets roles and systems (or doesn’t get)

As soon as I use the rule based on functional area of a role, to determine the approver, my line items with systems are also checked by the rule. And here is the problem:

If role approvers confirm role assignment, but system approvers don’t confirm the system where the role exists, then we get a conflict between role approvers and system approvers. To resolve the problem I would like to split the procedure into two stages:

  1. System approval procedure
  2. Role approval procedure

I found a post by Madhu Babu where he describes similar procedure for initiator, but even in this case I get the same problem (system approvers working in parallel may decline system assignment, while role approvers may not).

If I create two stages and assign approvers for the system on the first stage then while doing analysis BRF will not find agent for role line items and fall with a workflow error. And vice versa: I get the error on the second stage but for system line items.

Customizing for agents, where I can set approval level, contains only the following entries:

  • Request
  • Role
  • System and Role

So, I can’t resolve my requirement using this option.

Could anyone please give an idea how to resolve my issue?

Regards,

Artem

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

2 Answers

  • Best Answer
    Posted on Apr 09, 2015 at 11:46 AM

    Hi everyone!

    I'm again fighting with this problem. To determine the problem in details I've changed rule for agent determination.

    I've created a simple path with two stages:

    the second stage contains function ZAGRUL_SYSTEMS (generated as a flat rule) which has decision table:

    As you can see I expect to get the same approver for the systems and roles.

    Then I create a request with the following line items:

    Role ZRISK_ROLE_GRC10 has System:SSDCLNT001, so role connector is not initial.

    Despite the simplicity of the rule and the request conditions I get error:

    WF-BATCH APPL_DEBUG GRFNMW MSMP Approval status sync. (LineItem Key , Line Items 00002, Type ONE)

    WF-BATCH MSMP_DEBUG GRFNMW Failed to determine agent

    In message log I see the following:

    Approver '101DTI00037' for line item '0001' is not valid

    Approver '101DTI00037' for line item '0002' is not valid

    Roles and profiles for WF-BATCH are assigned (SAP_GRAC_ALL, SAP_ALL, SAP_NEW)

    I don’t know why the user is invalid… I could find any information regarding this message, neither in notes nor in Google,

    Please help me out with this issue.

    Regards,
    Artem


    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Apr 02, 2015 at 01:58 PM

    Dear Artem,

    Your idea about splitting into 2 stages is appropriate. You should only add one condition in your BRF agent rules. It is check if role name is initial. Role name has to be initial in BRF agent rule that is used to define system approver. And otherwise role name has not to be initial in BRF agent rule that is used to define role approver. Could you please try adding this condition?

    Add a comment
    10|10000 characters needed characters exceeded

    • Dear Marina,

      Unfortunately, it doesn't work...

      On the second stage I get "No agent found", it happens because there is no condition for role line item.

      A request hangs in status (Running), and no one is able to confirm it. Only reject via administration is allowed.

      It's really a serious problem for the product that is branded as very flexible in comparison with GRC 5.3 😊

      Regards,

      Artem

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.