on 03-29-2020 8:16 AM
Hi All,
In user access tab we have ADD button in that we have ROLE and SYSTEM options. our requirements is that end user can only submit a request without adding any role or system. Roles/SYSTEMS will be added by the Managers in the next level.
Can anyone guide me how to do this from ARM request please. I already tried to change the Request Type in SPRO but didn't work.
Appreciate any help.
Hi Maj,
As mentioned earlier, GRC system does not allow submission of request without a system line item. Few options you can explore:
a. Enhance Request Submission webdynpro application and implement logic in Post Exit to proceed for submission even when there are no request lineitems added
b. Another option is to add a dummy role lineitem by default without users adding via default roles functionality so that request gets submitted without any issue
Regards,
Madhu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi majsap,
Well you see its a mandatory to select System for access request submission, otherwise why the request. Anyways coming to role, you can have a role with basic T-codes like SU53 where nothing changes can be done & also a essential for every users. If the manager is selecting the role, then do you mean that the manager is generating another ARM seperate request or modifying the existing request. Trying to Modify a existing request also does not make much sense as in this way chances are there that the request remains open forever until the employee resigns. So that is why the role & System based authorisation process is defined likewise. In you case, I would suggest to inform the other departments manager to request the system & roles themselves to achieve what you are trying to mention for the New Users. I mean that is how in many organisations do
Hope I was able to explain.
Thanks,
Kaushik
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kaushik,
Thank you for your reply.
Managers/Focal point will use the same ARM request submitted by end user to add the roles. So End user will only submit a request with justification without adding any role. As I mentioned to Madhu end users will use the ARM request as a ticketing system.
Best Regards,
Maj
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you Madhu for your feedback.
Our plan is to allow the end users to submit their requests and mention the reason for this access in the DESCRIPTION field (as shown in the attached document) without choosing any role. So for end users you can consider the ARM is a ticketing system. Once the request submitted the next level (say the Manager or the Focal point) will add the required roles and the ARM workflow will continue.
Appreciate if you can explain more regarding your suggestion by maintaining system provisioning configuration.
Maj
User | Count |
---|---|
10 | |
3 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.