cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Approver cannot modify/Edit User group in "User System Details" Tab while approving access request

Go to solution
sreekanth_sunkara
Active Participant

on ‎05-10-2018 12:57 AM

0 Kudos

Hi,

we have a requirement to change the "user group" in "User System Details" tab in GRC access request before approving the "lock account" request. Basically this is to move the terminated user to a diff group. Similarly for a new user account the approver should add the new user group for the user based on the user location or some other criteria.

In the approval screen we can see the System entry in "User System Details" tab but cannot modify the "User group". please let me know how approver can modify the "user group" in Access request before approving the request.

Please also find the attached screen shots.user-group.pnguser-logon-data.png

Thanks,

Sri.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎05-10-2018 2:46 PM
0 Kudos

Hi Sri,

SPRO>GRC>Access Control>User Provisioning>Define Request Type - and check which actions are assigned to the "Lock Account" request type. For your scenario, you will need "Change User" action assigned to this request type in addition to "Lock user".

If that isn't the solution, check the configuration of "Maintain End User Personalization" for the EUP template that you are using in MSMP workflow (defined in MSMP Stage Task Settings). There is an entry for User Group that should be set to "Editable".

If these don't resolve it, check your MSMP configuration for the Approval Stages and "Change Request Details" should be enabled for the Lock Account path.

Let us know if these don't resolve the issue and we can continue to brainstorm.

-Ken

Show replies
Show replies
sreekanth_sunkara
Active Participant
‎05-10-2018 7:11 PM
0 Kudos

Thanks a lot Ken,

I did set up all the configurations you mentioned above. Now i am able to Enter/select the user group in "User Details tab" in the approval screen and user group successfully updates in the user master record (SU01).

Thanks,

Sri.

former_member1007829
Discoverer
‎05-28-2021 1:10 AM
0 Kudos

Hi Ken thank you for the solution, however I have only one issue on my system. How do I activate the user group element on the EUP as it is greyed out, so I can't change it to "editable" for me to be able to assign user groups. see below

former_member1007829
Discoverer
‎05-28-2021 1:15 AM
0 Kudos

here is the EUP screen

Answers (2)

Answers (2)

shaun_kitching
Active Contributor
‎02-16-2021 4:13 AM
0 Kudos

Resurrecting this thread...

We are able to maintain/change User Group with no issues before submitting a GRC request.

However, is there a way to limit who can do this. If we have this enabled, will everyone be able to do this? (if they have access to raise that request type). Or can we limit the "User System Details" tab to display somehow, for certain users only? I had a look at auth object GRAC_REQ but it appears this is not possible?

Thanks
Shaun

Show replies
Show replies
Former Member
‎05-10-2018 4:12 PM
0 Kudos

Hi Sri,

In addition to what Ken mentioned, you can change the action to "Change & Lock User"(Instead of maintain to actions separately).

Just curious to know why you have the approver stage for lock account?You can add the usergroup(INACTIVE or LOCK etc) to the lock request type before submitting the access request.

Thanks

Ramesh

Show replies
Show replies
sreekanth_sunkara
Active Participant
‎05-10-2018 7:14 PM
0 Kudos

Ramesh,

approver team need to perform some other manual activities(non-SAP) before locking account.

you mean setup the Default User group based on the request type? is that through BRF+? or through User Defaults configuration? Also, when user selects a particular req type can we configure so that it automatically adds a particular system for those request types.

Thanks,

Sri.

Ask a Question