We have 30 business roles ( Composite roles ) in our landscape and 20 other non-SAP application roles (Shell roles created to leverage in MSMP workflow approval process). I would want to see that, when a new user request is raised with one of the business roles we have, the default applicable non-Sap roles be included directly in the access request at the time of submission.
I would want to tie up the business roles with applications roles using an 'identifier', so that application roles are added automatically in the request.
I would like to have these configured through parameters 2011,2012,2013. Awaiting your valuable ideas.
Thank you in Advance. :)
2 Answers
-
Feb 09, 2018 at 03:08 PM
Hi Siva,
Can you clarify what you intention is for the 20 other non-SAP application roles? It sounds like you want to populate a request with composite role A, which would then bring in shell-role B automatically using default role logic, and then route the request to a specific workflow path based on role B. Is that correct?
In this case, I would recommend building your initiator rule decision table logic around the composite roles themselves, instead of relying on the shell-default roles, because the shell roles are simply identifiers with no authorization within (and would not be needed for any other purpose). You can work out the decision table logic to evaluate the composite roles and point to the correct workflow path.
Give us some more context of your workflow path requirements and we can help think of the best solution.
-Ken
Add comment
-
Feb 09, 2018 at 09:14 PM
Siva,
I support Ken's statement. In case you need a solution to what you are trying to achieve, rather than using default roles you can start looking into Role Mapping as this might solve your problem as well.
Regards, Alessandro
Add comment
Add comment