We are currently implementing position based security and were looking to use GRC 10's Org Assignment request to approve access to positions. We are using SAP GRC 10 SP11. I had some questions regarding the approval workflow:
1) Is it possible to set the approver as the role owner? We have tried mapping roles who have owners to positions, however, when we submit the request it does not seem to recognize the role as input and goes on directly to our security detour stage. Is there any way to fix this problem?
2) We have another problem, when the ZGRAC_SEC_DETOUR is taken, or when you assign a direct approver for this path, missing user detail error occurs when trying to approve the request. It is as though because we are using the SAP_GRAC_ACCESS_REQUEST MSMP Process ID for HR org assignment request, that the system is expecting user details to exist as part of the request even though this does not really apply to the type of request and is not even part of the request template. The error looks like this:
I have also tried to create an initor rule using SAP_GRAC_ACCESS_REQUEST_HR, it takes the connector as input. I can simulate the rule in BRF+ and it gives the correct result "ZROLE_OWN_APRV" which is what I have mapped in MSMP, however when I try to submit the request it gives me a "cannot resolve path" error (as a side note, SLG1 does not give me any further information). Again, your help is much appreciated.