cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Simple MSMP workflow for Emergency Access Management

Go to solution
Former Member

on ‎04-21-2014 6:07 PM

0 Kudos

Hi,

I am not able to get the EAM to work in Access Control 10. The user is able to successfully place a access request for FFid but there is a error in the workflow logs. I have not done any customization of the MSMP for GRAC_DEFAULT_PATH and other similar stages, as I am not aware of the the specific values that need to be maintained.

I want to avoid customizing as much as possible and use what SAP offers by default. The workflow steps I am looking for is : user places a request for FFid and the request is received by the FFid Owner (Manager) and approved by him, Once approved, the FFID is provisioned automatically and the user can login to tcode GRAC_SPM and use his FFid, and the Controller gets alerted about the log.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Colleen
Advisor
Advisor
‎04-22-2014 3:52 AM
0 Kudos

Hi Veera

The SAP default offering for GRAC_ACCESS_REQUEST does not work for EAM access as there is no role owner

You need to look at creating a custom initiator rule based on the Request Type. Former Member has provided some details. You can have a look at the following thread

This thread had similar issue - they used a default MSMP but it did not work for FF Access Requests.

I want to avoid customizing as much as possible and use what SAP offers by default.

You may want to reconsider this approach the default is there to show very basic examples. SAP have provided IMG configuration to assist in building your own. There is a wealth of knowledge on SCN that now shows you how to do this configuration.

Here's an article I wrote explaining the logic of the MSMP to help understand how to map your scenarios. MSMP - Multi Step Multi Process – GRC&#82... | SCN

Regards

Colleen

Show replies
Show replies
adesa28
Explorer
‎05-01-2014 10:14 PM
0 Kudos

Hi Veera:

I believe you just need a ONE stage approval path for FF workflow - than you need to create your own AGENT rule. If you want 2 stage, you may use SAP Provided path which actually make more sense.

You need to work with AUDIT team and your company's procedures and do the needful. I can provide you detail steps on how to create Agent Rule OR - how to use SAP provided workflow if you don't find any document referred by Madhu and Colleen. ( i have read some excellent notes from both and especially - Colleen. I will definitely follow her comments)

Thanks and Hope your issue is resolved.

Regards

Ashish

Former Member
‎05-14-2014 11:28 PM
0 Kudos

Ashish,

Thank you for the reply. Would you be able to provide me with steps to configuring the workflow for the EAM access request. I have gone through the documentation but I am still not very clear about the workflow configuration steps.

Regards,

Colleen
Advisor
Advisor
‎05-15-2014 11:32 PM
0 Kudos

Hi Veera

Which part are you still unclear about? Steps have been provided or are on SCN/wiki/saphelp already.

If something is unclear you may benefit more from explaining where you have got up to and which part you are having trouble with. One of us may then be in a position to clarify and point you in the right direction.

Regards

Colleen

Former Member
‎05-17-2014 9:51 PM
0 Kudos

Hi Colleen,

Thanks a lot for your help. I am able to configure the BRF+ configuration as per the document and it is successful.
But I am facing 2 issues:

1. I have made some changes in the decision table(after successful testing), these new changes are not reflecting in MSMP configuration even though I have regenerated the MSMP configuration. How to bring BRF+ changes in MSMP.

2. What is the best way to setup escape condition for no role owner and in SoD scenario? Is the method described in Notes# 1765630 is good or develop a custom rule in BRF. My requirement is whenever there is no role owner/SoD after manager approval it should directly go to Security stage.

Please let me know, what is the best way to deal with this situation?

Colleen
Advisor
Advisor
‎05-18-2014 4:45 AM
0 Kudos

HI Ravi

when you added an additional scenario (I.e rule_result) did you update the maintain rule in MSMP to add the scenario and then map it under routing to a path?

best scenario depends on what you want to achieve.

regards

Colleen

Former Member
‎05-18-2014 8:43 AM
0 Kudos

Hi Ashish,

For FF ID approval, I have used one stage wf.

But you have updated "If you want 2 stage, you may use SAP Provided path which actually make more sense."

Please let me know which SAP provided path I can use. It will help me, when I will discuss this issue with Audit team.

Former Member
‎05-18-2014 8:49 AM
0 Kudos

H Colleen,

Thanks a lot. I am able to resolve the first issue.

For 2nd issue: My requirement is whenever there is no role owner/SoD after manager approval it should directly go to Security stage and Security team will fix those issues and then approve it.

We don't want auto provisioning in the case of "NO ROLE OWNER"

Need your expert advice for the same.

Colleen
Advisor
Advisor
‎05-19-2014 12:14 AM
0 Kudos

Hi Ravi

you can look in MSMP after activating BC Sets to see SAP baseline examples

However, what you use is completed determine by your business process - how do you want the requests to route to approvers and how many approval steps do you want?

Regards

Colleen

Answers (1)

Answers (1)

madhusap
Active Contributor
‎04-22-2014 3:19 AM
0 Kudos

Hi Veera,

Did you define a condition in your initiator decision table in BRF+ to route your EAM requests to firefighter path.

Do you have stage called FF Owner?

Did you create a Firefighter path in MSMP configuration with FF Owner stage in it?

Did you maintained route mapping in your MSMP workflow configuration?

Please share your BRF+ initiator decision table and MSMP workflow config screenshots to help you further.

If you are new to MSMP and BRF+ config, please check this link for understanding the concept.

MSMP - Multi Step Multi Process – GRC&#82... | SCN

Regards,

Madhu.

Show replies
Show replies
Ask a Question