cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Auto Approve Default Roles in GRC 10.1

pavan_muthyala
Explorer

on ‎12-10-2014 12:48 PM

0 Kudos

Hi All,

I have a scenario where the Common / Default roles which will be provided to all the end users should be auto approved through access request.

I know, there is one way where the Roles without role owners can be routed for auto approval by defining an empty stage.

But, We have configured to route the roles with no role owners to GRC admin. So the above option is ruled out.

Can you suggest me how can this be achieved.

Regards,

Pavan Muthyala

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member485656
Explorer
‎07-12-2016 10:54 PM
0 Kudos

Hi Pavan,

I am having the exact same issue. Did you find any solution for this?

Thanks

Show replies
Show replies
former_member185447
Active Contributor
‎07-13-2016 2:16 AM
0 Kudos

Hello Ram krishna,

Please check the following

Did you maintained the Default roles in NWBC?

Did you maintained the parameter 2038 with value YES?

Did you maintained the parameter 2009 with value YES?

Please post the screenshot of the values you maintained for parameters 2010 – 2013

Regards,

Rakesh Ram M

Former Member
‎07-13-2016 10:44 AM
0 Kudos

Hi Ram,

Kindly note the following cases

First Stage is Manager

1. If your first stage is "Manager" then you can enable routing on line item level using the standard Rule ID "GRAC_MSMP_ROUTE_NO_ROLEOWNER" and route all the lineitems without approvers to No stage Path

2. Map the Routing Rule ID to No stage path in "Maintain Route mapping"

3. Maintain No stage Path under "Maintain Paths"

No Manager Stage


1. Create an Agent ID of type directly mapped user (ex : Z_AUTO_AGENT) with WF-BATCH maintained as the approver User in "Maintain Agents" as shown below

2. Create a dummy stage in "Maintain Paths" as your first stage and maintain Z_AUTO_AGENT as the Agent ID. Enable routing on Line item level using the standard rule ID GRAC_MSMP_ROUTE_NO_ROLEOWNER . Set the escalation type to "Skip to Next Stage" and specify the escalation time as 1 min.

The request will stay here for a minute and all your line items without approvers will move to No stage path and after a minute it continues with the next stage(ex : Role owner) in your standard path.


3. Maintain the route mapping and define the No stage Path

Also do the following

1. Maintain parameter 2038 to YES

2. Maintain all the required config parameters for Default Roles(2009 - 2013)

3. Maintain the default roles in NWBC

Also share the screenshot of the values maintained for 2010 - 2013 as suggested by Rakesh.

Let me know if you need any other details.

Regards,

Manju

former_member485656
Explorer
‎07-14-2016 5:07 PM
0 Kudos

Hi Rakesh,

I don't want to have the auto approve request for roles without role owners though.

I just have one general user role with(SU3/su53...) which should be assigned by default without requiring role owner approval for this particular role.

Thanks

former_member485656
Explorer
‎07-14-2016 5:08 PM
0 Kudos

Thanks Manju. I think creating a separate path for general user role will work.

Former Member
‎07-15-2016 4:34 AM
0 Kudos

Hi Ram,

If you are using Default roles functionality it is a pre-requisite to enable 2038(Auto approve roles without approvers) to YES.

Make sure your general user role is maintained as default role in NWBC.

In case you have any other roles imported to BRM without approvers ensure to maintain the owners as per the BP as a best practise.

Only the default roles should not have approvers.

Let me know if you need any other details.

Regards,

Manju

former_member485656
Explorer
‎07-20-2016 3:48 PM
0 Kudos

Hi Manju,

Sorry for the delayed reply.

Yes that can be done. But if i do not maintain the role owner for some roles by mistake or error while uploading. Then those role would be auto provisioned in that case.

I think, we need to create a BRF+ routing rule to create a separate path for only the general user role and map it to a path which do not have any stages.

For all other roles it would be provisioned though normal msmp  path.

Thanks,

Former Member
‎07-20-2016 5:22 PM
0 Kudos

Hi Ram,

Apart from the general user role if you have any roles in BRM without an assignment approver and if these role(s) are available for selection and provisioning in an access request the WF goes into error and you will get a "No Agent Found Error" at the role owner stage as the application validates each line item to have an assignment approver at this stage.

If you still want to have such roles then route them to the GRC Admin before them come to the role owner and you can have only the general role auto approved.

Regards,

Manju

Ask a Question