on 04-21-2014 6:07 PM
Hi,
I am not able to get the EAM to work in Access Control 10. The user is able to successfully place a access request for FFid but there is a error in the workflow logs. I have not done any customization of the MSMP for GRAC_DEFAULT_PATH and other similar stages, as I am not aware of the the specific values that need to be maintained.
I want to avoid customizing as much as possible and use what SAP offers by default. The workflow steps I am looking for is : user places a request for FFid and the request is received by the FFid Owner (Manager) and approved by him, Once approved, the FFID is provisioned automatically and the user can login to tcode GRAC_SPM and use his FFid, and the Controller gets alerted about the log.
Hi Veera
The SAP default offering for GRAC_ACCESS_REQUEST does not work for EAM access as there is no role owner
You need to look at creating a custom initiator rule based on the Request Type. Former Member has provided some details. You can have a look at the following thread
This thread had similar issue - they used a default MSMP but it did not work for FF Access Requests.
I want to avoid customizing as much as possible and use what SAP offers by default.
You may want to reconsider this approach the default is there to show very basic examples. SAP have provided IMG configuration to assist in building your own. There is a wealth of knowledge on SCN that now shows you how to do this configuration.
Here's an article I wrote explaining the logic of the MSMP to help understand how to map your scenarios. MSMP - Multi Step Multi Process – GRC&#82... | SCN
Regards
Colleen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Veera:
I believe you just need a ONE stage approval path for FF workflow - than you need to create your own AGENT rule. If you want 2 stage, you may use SAP Provided path which actually make more sense.
You need to work with AUDIT team and your company's procedures and do the needful. I can provide you detail steps on how to create Agent Rule OR - how to use SAP provided workflow if you don't find any document referred by Madhu and Colleen. ( i have read some excellent notes from both and especially - Colleen. I will definitely follow her comments)
Thanks and Hope your issue is resolved.
Regards
Ashish
Hi Veera
Which part are you still unclear about? Steps have been provided or are on SCN/wiki/saphelp already.
If something is unclear you may benefit more from explaining where you have got up to and which part you are having trouble with. One of us may then be in a position to clarify and point you in the right direction.
Regards
Colleen
Hi Colleen,
Thanks a lot for your help. I am able to configure the BRF+ configuration as per the document and it is successful.
But I am facing 2 issues:
1. I have made some changes in the decision table(after successful testing), these new changes are not reflecting in MSMP configuration even though I have regenerated the MSMP configuration. How to bring BRF+ changes in MSMP.
2. What is the best way to setup escape condition for no role owner and in SoD scenario? Is the method described in Notes# 1765630 is good or develop a custom rule in BRF. My requirement is whenever there is no role owner/SoD after manager approval it should directly go to Security stage.
Please let me know, what is the best way to deal with this situation?
H Colleen,
Thanks a lot. I am able to resolve the first issue.
For 2nd issue: My requirement is whenever there is no role owner/SoD after manager approval it should directly go to Security stage and Security team will fix those issues and then approve it.
We don't want auto provisioning in the case of "NO ROLE OWNER"
Need your expert advice for the same.
Hi Veera,
Did you define a condition in your initiator decision table in BRF+ to route your EAM requests to firefighter path.
Do you have stage called FF Owner?
Did you create a Firefighter path in MSMP configuration with FF Owner stage in it?
Did you maintained route mapping in your MSMP workflow configuration?
Please share your BRF+ initiator decision table and MSMP workflow config screenshots to help you further.
If you are new to MSMP and BRF+ config, please check this link for understanding the concept.
MSMP - Multi Step Multi Process – GRC&#82... | SCN
Regards,
Madhu.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.