Skip to Content
author's profile photo Former Member
Former Member

Approving Access Role Request through custom logic

Hi Experts,

I am implementing the approval functionality in my custom program by calling standard methods UPDATE & SAVE.

These methods get called in standard Web Dynpro component GRAC_UIBB_ACCREQ_APPROVAL method APPROVE. Idea is to MIMIC the standard functionality in custom program.

It is not giving me any error but request status is not getting changed. I am also passing details to be updated in audit log through update method, but its not getting updated in the request audit log tab.

lo_session = cl_grfn_api_session=>open_daily( ).

lo_access_request_api ?= lo_session->get(

iv_object_id = l_reqid ).

lo_access_request_api->if_grac_api_access_request~update(

is_request_data = ls_req_data

it_requser = ls_request_data-requser

it_reqlineitm = ls_request_data-reqlineitm

it_reqsys = lt_reqsys

it_audit_trail = lt_audit_log ).

lo_session->save( ).

Could anyone let me know if we can achieve the approval functionality by calling these standard methods in our custom code?

Thanks.

PK

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • author's profile photo Former Member
    Former Member
    Posted on Apr 27, 2016 at 03:28 PM

    Pranshu,

    Please review the document outlining the Minimum Information required in this space and add more details, including, but not limited to, the release and SP you are on and the business case for what you are trying to achieve. What is the problem with the standard approval functionality?

    Minimum information to provide in discussion threads in the GRC space

    Regards,

    Gretchen

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Gretchen,

      Thanks for the guidelines.

      We are working in the system with below components:

      Component

      Release

      SP-Level

      Support Package

      Description

      GRCFND_A

      V1100

      0011

      SAPK-V1111INGRCFNDA

      GRC Foundation ABAP

      GRCPINW

      V1100_731

      0011

      SAPK-11511INGRCPINW

      SAP GRC NetWeaver Plug-In

      As per the standard flow, when a manager approves the access request by pressing 'Submit' button - Approve method of standard webdynpro component GRAC_UIBB_ACCREQ_APPROVAL gets called which in turn call methods Update & Save. We want to achieve this functionality through our custom logic.

      data lo_api type ref to cl_grac_api_access_request.

      lo_api ?= wd_this->mo_session->get( iv_object_id = wd_this->mv_object_id ).

      lo_api->if_grac_api_access_request~update( is_request_data = ls_req_data

      it_requser = ls_request_data-requser

      it_reqlineitm = ls_request_data-reqlineitm

      * it_provlineitm = ls_request_data-provlineitm

      * it_reqowner = ls_request_data-reqowner

      it_reqsys = lt_reqsys

      it_request_omobjects = ls_request_data-hromobjects

      it_ext_risk = ls_request_data-ext_risk

      it_audit_trail = wd_this->mt_audit_log

      it_usergroups = lt_user_groups_api

      it_userparam = lt_user_param_api ).

      wd_this->mo_session->save( ).

      Why custom approval functionality is required?

      • For every role some prerequisites are associated for e.g. user should have completed the mandatory learning for that particular role.
      • Through standard approval functionality, a manager can only approves the access request requesting multiple roles when all the related training have been completed by the requester.
      • Our client wants more flexibility like if the requester has completed the training for one role than he should get access for that role irrespective of the fact that he has not completed the mandatory training for other roles in the request.
      • We have created a custom table which will hold the training completion status for every role in the request. For all the completed status we have implemented the provisioning logic in the custom program which is working fine & is creating the user with the required role in the requested system.
      • Next we want to complete/change/finish the request status through our program if all the roles in the request got assigned to the user.

      We came across certain posts like the below one where these standard functionality has been implemented in custom program. We have coded on same line but its not working. It will be great if anybody can suggest/advice us on how to achieve this standard approval functionality through our custom logic.

      Approbation by Email and Delegation in GRC 10

      Thanks.

      PK

      Access Request.png (50.6 kB)

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.