Workflow issue in Access Request for HR OM Objects

Former Member

Workflow issue in Access Request for HR OM Objects

Nov 28, 2017 at 05:08 AM | 133 Views | Last edit Nov 28, 2017 at 05:12 AM 2 rev.

Hello All,

Requirement: To set-up 2 stage workflow for Access Request Approval for HR OM Objects

Solution: Created a MSMP using SAP_GRAC_ACCESS_REQUEST_HR with 2 stage

Stage 1: Role owner to review and approve.

Stage Config ID: GRAC_ROLEOWNER Agent ID: GRAC_ROLEOWNER

Stage 2: Security Team to provision.

Stage Config ID: GRAC_SECURITY Agent ID: GRAC_SECURITY

Issue:

The roles are assigned to the position once its approved by the Role Owner at Stage 1 instead of provisioning at the End of request.

Please help me to understand in case I am missing something here ??

regards,

Kamal

SAP GRC Access Enforcer for SAP NetWeaver

Add comment

3 Answers

Sort by:

Votes

Newest

Oldest

This answer has been deleted.

This answer has been undeleted.

Ramesh Vithanala

Nov 29, 2017 at 04:41 PM

0
Kamal,

I am not sure I got your question but will try to give a stab at it...Your expectation after stage 1 approval it should go to security to approve before the role is assigned to the position? or you are expecting to provision to backend after stage 1 & stage 2?

Thanks

Ramesh
- Share
Add comment

10|10000 characters needed characters left characters exceeded
1 Comment
- Former Member
  
  Nov 29, 2017 at 10:22 PM
  
  Hello Ramesh,
  
  Yes you are correct as per the workflow its should go to stage 2 and based on the action (Approve/ Reject) it should assign/ remove roles from the position.
  
  Thanks
  
  Kamal
  
  0
  
  Share
Comment
This answer has been deleted.

This answer has been undeleted.

Ramesh Vithanala

Nov 30, 2017 at 03:53 PM

0
Hi Kamal,

Did you maintain the route mapping(step 6) to go to next stage.

Thanks

Ramesh
- Share
Add comment

10|10000 characters needed characters left characters exceeded
1 Comment
- Former Member
  
  Dec 10, 2017 at 11:07 PM
  
  Hello Ramesh,
  
  Yes all the path and stages are defined, please find the screenshot for your reference. Do let me know in case I miss any.
  
  route.png path.png
  
  route.png (20.4 kB)
  
  path.png (39.0 kB)
  
  0
  
  Share
Comment
This answer has been deleted.

This answer has been undeleted.

Yashasvi Sanvaliya

Dec 07, 2017 at 07:22 AM

0
Hello Kamal,

I tried the same scenario in my system and it is working fine. Could you please let me know:

1. Is it the same path with two stages (Role Owner and Security)?

2. Or there are two different paths altogether? If this is the case, you need to ensure the route mapping and the provisioning settings.

Another question, Does the request gets completed after Role Owner approval, or the provisioning takes place and request goes to security team. Few screen shots of audit log and MSMP config will help.

Kind regards,

Yashasvi
- Share
Add comment

10|10000 characters needed characters left characters exceeded
6 Comments
- Vijayakumar Suthanthiran Former Member
  
  Jan 18, 2018 at 10:43 PM
  
  Hi Kamal,
  
  I see you have some custom code for provisioning which takes place 2 times. First one is, when request enters the ROLE_OWNER stage (here it calls your customer code to provision) , Second is - After the Role owner approved the lineitem from request the same custom code call again. please review the Audit log screen shot you provided and go based on our provisioning time which will explain my points clearly.
  
  0
  
  Share
Comment