Skip to Content
avatar image
Former Member

Workflow issue in Access Request for HR OM Objects

Hello All,

Requirement: To set-up 2 stage workflow for Access Request Approval for HR OM Objects

Solution: Created a MSMP using SAP_GRAC_ACCESS_REQUEST_HR with 2 stage

Stage 1: Role owner to review and approve.

Stage Config ID: GRAC_ROLEOWNER Agent ID: GRAC_ROLEOWNER

Stage 2: Security Team to provision.

Stage Config ID: GRAC_SECURITY Agent ID: GRAC_SECURITY

Issue:

The roles are assigned to the position once its approved by the Role Owner at Stage 1 instead of provisioning at the End of request.

Please help me to understand in case I am missing something here ??

regards,

Kamal

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Nov 29, 2017 at 04:41 PM

    Kamal,

    I am not sure I got your question but will try to give a stab at it...Your expectation after stage 1 approval it should go to security to approve before the role is assigned to the position? or you are expecting to provision to backend after stage 1 & stage 2?

    Thanks

    Ramesh

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hello Ramesh,

      Yes you are correct as per the workflow its should go to stage 2 and based on the action (Approve/ Reject) it should assign/ remove roles from the position.

      Thanks

      Kamal

  • Nov 30, 2017 at 03:53 PM

    Hi Kamal,

    Did you maintain the route mapping(step 6) to go to next stage.

    Thanks

    Ramesh

    Add comment
    10|10000 characters needed characters exceeded

  • Dec 07, 2017 at 07:22 AM

    Hello Kamal,

    I tried the same scenario in my system and it is working fine. Could you please let me know:

    1. Is it the same path with two stages (Role Owner and Security)?

    2. Or there are two different paths altogether? If this is the case, you need to ensure the route mapping and the provisioning settings.

    Another question, Does the request gets completed after Role Owner approval, or the provisioning takes place and request goes to security team. Few screen shots of audit log and MSMP config will help.

    Kind regards,

    Yashasvi

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Kamal,

      I see you have some custom code for provisioning which takes place 2 times. First one is, when request enters the ROLE_OWNER stage (here it calls your customer code to provision) , Second is - After the Role owner approved the lineitem from request the same custom code call again. please review the Audit log screen shot you provided and go based on our provisioning time which will explain my points clearly.