Skip to Content
0

Workflow issue in Access Request for HR OM Objects

Nov 28, 2017 at 05:08 AM

111

avatar image
Former Member

Hello All,

Requirement: To set-up 2 stage workflow for Access Request Approval for HR OM Objects

Solution: Created a MSMP using SAP_GRAC_ACCESS_REQUEST_HR with 2 stage

Stage 1: Role owner to review and approve.

Stage Config ID: GRAC_ROLEOWNER Agent ID: GRAC_ROLEOWNER

Stage 2: Security Team to provision.

Stage Config ID: GRAC_SECURITY Agent ID: GRAC_SECURITY

Issue:

The roles are assigned to the position once its approved by the Role Owner at Stage 1 instead of provisioning at the End of request.

Please help me to understand in case I am missing something here ??

regards,

Kamal

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

3 Answers

Ramesh Vithanala Nov 29, 2017 at 04:41 PM
0

Kamal,

I am not sure I got your question but will try to give a stab at it...Your expectation after stage 1 approval it should go to security to approve before the role is assigned to the position? or you are expecting to provision to backend after stage 1 & stage 2?

Thanks

Ramesh

Show 1 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Hello Ramesh,

Yes you are correct as per the workflow its should go to stage 2 and based on the action (Approve/ Reject) it should assign/ remove roles from the position.

Thanks

Kamal

0
Ramesh Vithanala Nov 30, 2017 at 03:53 PM
0

Hi Kamal,

Did you maintain the route mapping(step 6) to go to next stage.

Thanks

Ramesh

Show 1 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Hello Ramesh,

Yes all the path and stages are defined, please find the screenshot for your reference. Do let me know in case I miss any.

route.pngpath.png

route.png (20.4 kB)
path.png (39.0 kB)
0
Yashasvi Sanvaliya Dec 07, 2017 at 07:22 AM
0

Hello Kamal,

I tried the same scenario in my system and it is working fine. Could you please let me know:

1. Is it the same path with two stages (Role Owner and Security)?

2. Or there are two different paths altogether? If this is the case, you need to ensure the route mapping and the provisioning settings.

Another question, Does the request gets completed after Role Owner approval, or the provisioning takes place and request goes to security team. Few screen shots of audit log and MSMP config will help.

Kind regards,

Yashasvi

Show 6 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Hello Yashasvi,

Oh thats strange, yes its a single path with two stage workflow, please find attached.

No the request does not complete at the first stage, The role is provisioned/ removed to the position after first stage once its approved/ rejected however the request moved to stage two for action and once actioned the request gets completed.

Please find audit log, can you please also share your Audit log for the successful request executed.

best Regards,

Kamal

path.png (39.0 kB)
auditlog.png (49.9 kB)
0

Hi Kamal,

I see you have some custom code for provisioning which takes place 2 times. First one is, when request enters the ROLE_OWNER stage (here it calls your customer code to provision) , Second is - After the Role owner approved the lineitem from request the same custom code call again. please review the Audit log screen shot you provided and go based on our provisioning time which will explain my points clearly.

0

Hello Kamal,

Could you please verify that its getting provisioned even without role owner approval? It looks so by the audit log that its getting provisioned without even role owner approval.

Here is the audit log of my system.

Kind regards,

Yashasvi

capture.png (46.7 kB)
0
Former Member

Hello Yashasvi,

Thanks for your quick response.

To answer your question, the roles are assigned, when the request is submitted at stage one.

let me check with my developer in a debug mode, anyways thanks again for all your help and efforts

regards,

Kamal..

0

Hello Kamal,

you're welcome. Please let us know of findings as it seems there is some customization which is causing this provisioning.

Kind regards,

Yashhasvi

0

Hello Kamal,

I just looked at your audit log and it says custom development? What's the custom development you did, can you elaborate.In general there is no custom development involved for assigning roles to position using organization request.

Thanks

Ramesh

0