cancel
Showing results for 
Search instead for 
Did you mean: 

No Approver found in the Access request for Risk owners?

Former Member
0 Kudos

Hi Team,

We have defined ABAP Class based for Agent Rule ZCL_GRAC_WFA_RISK_OWNER, and the Risk owners are also maintained in the AC table in Set-up, but after submitting the access request there are SOD voilations,Detour condition GRAC_MSMP_DETOUR_SODVIOL is satisfied , so the request is routed to ROLEAPP_SOD_PATH and parallely routed  SODVIOL_DETOUR_PATH6,

Once the role owner approvers the request, and escape route applied at SODVIOL_DETOUR_PATH6  as  No approver found.

But the Risk owners are defined in the AC Owner table.

Can anybody help with this, as why escape path is applied even after maintaining Risk owners?

Regards,

Sindhu

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
0 Kudos

Hi Sindhu,

Please check for the agent rule whether it is defined properly and picking the agent or not,normally this issue happens if the agent is not defined properly and system could not find the agent.

Also activate the workflow which is also sometimes a reason for the issue.

Additionally make sure the agent is defined both at the stage default settings and optional settings.

Regards

Pradeep

Former Member
0 Kudos

Hi Pradeep,

Thank you for the response.

Issue is resolved for us, we checked the logic of our agent rule "ZCL_GRAC_WFA_RISK_OWNER" and made changes and seems to work fine now in the access request.

Regards,

Sindhu

ying_ye
Explorer
0 Kudos

Thanks Sindhu and Pradeep. We applied note 1670504 in 2013 when it is in version 2 and it works fine in our old GRC system since old system only has single SoD logical group. Below is how risk owner table be loaded in different version of this note.

Version 2

LOOP AT MT_SOD_RISKS INTO ls_sum_viol_det WHERE connector = is_line_item-connector.

Current version

LOOP AT MT_SOD_RISKS INTO ls_sum_viol_det WHERE connector = is_line_item-connector and role = is_line_item-role_name.

Attachment of current version

LOOP AT MT_SOD_RISKS INTO ls_sum_viol_det ."WHERE connector = is_line_item-connector and and role = is_line_item-role_name.

Now SAP seems remove all the restriction when loading risk owner table in ZCL_GRAC_WFA_RISK_OWNER.

We fixed the issue in our new GRC system by re-setup SoD for each of the goup.

former_member251910
Discoverer
0 Kudos

This message was moderated.

former_member251910
Discoverer
0 Kudos

This message was moderated.

former_member193066
Active Contributor
0 Kudos

Hello,

Risk owner has to be maintained in risk id under owner tab for that risk.

then your agent rule will work.

Regards,

Prasant

ying_ye
Explorer
0 Kudos

Thanks for reply Paichha. Risk owner do exist in owner tab of related risk when checking nwbc -> access rule maintenance -> access risks. We also check if risk owner exist in SU01 and they are all there. We have tried to re-run full sync for GRC box itself also but still, it doesn't pick up by agent rule.

Former Member
0 Kudos

Hi Ying,

Please check your Risk owner agent rule "ZCL_GRAC_WFA_RISK_OWNER" and look for the logic used for routing to the correct SOX coordinator.

You can also debug the session and check for the routing of the request.

Regards,

Sindhu

Former Member
0 Kudos

Hi Sindhu,

Please check the SoD violations in your request are coming from the roles present in the request or are from existing assignment of user.

Note 1670504 provides 2 different risk owner agent ( lineitem level and request level ) . If your SoD violations are coming from existing assignment then you need to implement the second logic ( request level risk owner ) 

Best Regards,

Aman

Former Member
0 Kudos

HI Aman,

Thank you for the reply.

Here we are creating a new account assigning a Firefighter role, which has wide access, so the SOD violations are from the roles.

Can you please elaborate on request level risk owner.

Appreciate your reply.

Thanks,

Sindhu

ying_ye
Explorer
0 Kudos

Sindhu,

We have similar issue for approver not found when SoD detour for new user. It is routed to escape route instead to risk owner for approval. All the risk owners do exist in table GRACSODRISKOWN and all the risk owner alos shows up in user table GRACUSER. We have checked WF-BATCH user access and it looks OK.

Can you share the solution if any?

Thanks,

Ying Ye

Former Member
0 Kudos

hi Yen,

if it is only for new user, then could you check your new user path/stage. provide screenshot of your routing rule and the agent id of the path, it is routing to

Regards

plaban

ying_ye
Explorer
0 Kudos

Thanks for reply Sahoo.

We have tested both new user and existing user and SoD route to escape route with approver not found message.

Simulation on BRF rule route to Z_ASSIGN_ROLES path. If there is SoD detected in Z_ASSIGN_ROLES path, it will map to Z_SoD_Detour then send to agent Z_AR_RISK_OWNER_APPROVER for approval.

Any suggestion where should we check further?

former_member193066
Active Contributor
0 Kudos

In AC Owner you have Risk owners,

after that for each risk maintain risk owner,

when it goes to that path, it will go to Risk owner for that particular risk id.

Regards,

Prasant