on 04-21-2014 3:15 PM
Hi Guys,
Need help in understanding access request workflow. Here is the flow:
Requester submitted access request.
1. Manager stage (010)
2. Role owner (020) - at this stage routing enabled for DETOUR_SODVIOL with standard rule ID by creating detour path with new stage (021).
3. Security Lead (030).
Instead of going to SoD stage (021) request is diverted to MIT_ASSIGNMENT workflow for applying mitigation control with a new number generated.
I am confused with system behavior, Please suggest.
Thanks all for your time.
Thanks & regards
Harry
Hello,
Based on your requirement you need 2 PATH .
PATH A : where you have 3 stages
Manager
Roleowner
Security Lead
and PATHB 2 stages if security Lead is required after SOD Stage.
1)SOD stage
2)Security Lad
Requester submitted access request. nThis is Go in PATHA
1. Manager stage (010): Manager Appoves then goes to Next stage
2. Role owner (020) - at this stage routing enabled for DETOUR_SODVIOL with standard rule ID by creating detour path with new stage (021).: After Role owner approves with check for condition and route mapping based on rule result value
3. Security Lead (030).
Instead of going to SoD stage (021) request is diverted to MIT_ASSIGNMENT workflow for applying mitigation control with a new number generated.
Ensure MITIGATION workflow in not active in Configuration parameter.
Good Luck
Prasant
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Hari
Please let me know did you create 2nd path for SoD or not?
We need to create two paths
1st one for common path --> Manager --> Role owner --> Security
2nd Path for SoD violation --> SoD --> Security Check
Please ensure that three digit numbers (021) should not be repeated at any stage in any of the path.
With Regards
Trinadh Bokka
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.