Skip to Content
author's profile photo Former Member
Former Member

Access Control 10.1 approval workflow query

Hi all

I'm hoping that you can assist with a query i have on the AC 10.1 ARM approval workflow process. I'm fairly new to this so please bare with me.

We are currently implementing the ARM module at a client, who has the following workflow request for new/change/unlock user account:

- User submits access request in GRC AC

- First level approver - Line Manager (risk analysis not mandatory)

- Second level approver - Business Process Owner (risk analysis mandatory)

- Third level approver - Authorizations/Security

The request is successfully submitted and is directed to the LM as 1st level approver. The LM approves the request and it's supposed to then be directed to the BPO for the 2nd level of approval, but it does not reach the BPO.

I’ve created a decision table in BRF+ to say if “Basis” is selected as the Business Process on an access request, it must go to the Basis BPO for approval. I've run a simulation on this table and the output results are correct. The table was checked, saved and activated.

I then used this tables Function ID to create a new Agents rule in MSMP (step 2 maintain rules) for the SAP_GRAC_ACCESS_REQUEST workflow process.

In step 3 maintain agents, I've created a new Agent ID called Z_BPO, as an approval purpose and GRC API type, and assigned the Agent Rule ID from step 2.

In step 5 maintain paths, I've created a "New User Account" path with 3 stages of approval - Z_BPO being the second level of approval.

When i try to Save/Simulate in step 7, a version cannot be generated as the IMG Configuration Tables contains errors. When the workflow starts checking the definition of Agent "Z_BPO", the following error is outlined: ABAP dictionary data object binding is out of synchronization.

I've checked the internet for assistance on this error to no avail. I think that i'm not defining the BRF+ decision table correctly within MSMP.

I've followed the documents on the below link that relate to BRF+ and MSMP extensively but i am still stuck.

SAP Access Control - Useful Documents, Blogs, Resources, etc.

Your urgent assistance and guidance on this is greatly appreciated.

Kind regards,

Neresha

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

4 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Sep 09, 2015 at 08:02 AM

    Hi all

    After all the assistance and guidance from everyone, I managed to successfully set up the BRF+ table and the MSMP workflow.

    After further investigation on why my access request was taking the escape route, I found that I should not have selected a "System" on the access request because when you select a "Role" to assign to the user, the System is automatically detected. I came across the following statement on another discussion:

    "First of all adding system information is not required if you are not using business roles,or you are expecting a routing futher in the workflow or you have to set system validitiy for the user. System information is automatically picked by GRC as soon as you add single or composite role (not in case of business roles) ."

    Once I only selected a role, the access request followed the workflow which I had configured.

    Kind regards,

    Neresha

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Aug 11, 2015 at 11:09 AM

    hi Neresha,

    can you show screenshot of the BRF+ function/decision table. Data dictionary binding is related, to BRF+, and not error in MSMP.

    regards

    Plaban

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      HI Mohana & Naresh

      I am also facing similar issue with Role approval workflow BRF+ agent rule for role approver.

      But i am unable to change Result data object to GRFN_MW_T_AGENT_ID . As it is not popping out from selct option.

      Kindly assist,

      Thanks!

      Kapil

  • author's profile photo Former Member
    Former Member
    Posted on Aug 11, 2015 at 09:13 AM

    Hi Neresha,

    Have you checked, saved and activated the Function in BRF+ Agent Rule Application? I guess you have only activated the Decision Table. Please check, save and activate the function too.

    Let me know if it works.

    Regards,

    Fazil

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Aug 12, 2015 at 06:26 AM

    Hi Neresha,

    Can you please attach Screen shot of the function?

    Regards,

    Fazil

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.