on 03-02-2015 9:14 PM
Hi all,
I using GRC 10.0 SP 13, and setup the notification GRAC_AR_CLOSE with variable %provisioning%, when an access request is oppened with one single role and its approved the notification comes with the message that role was approved, when the role is reject the notification says that it was rejected, however when the access request has 2 roles and the role owner aprroves one and the other is reject on the notification says that both was approved, have anyone has this problem before?
Hi Arivind,
Ideally role owner should not have REQUEST REJECTION access and role owner should be able to reject the role for which he is owner using LineItem level rejection as shown below. To achieve this you should below task settings for your role owner stage.
Now if the role owner changes the LineItem Approval status for the role to "REJECT" and submit the request then the notification triggered is using APPROVED event and REJECTED event triggers only if the role owner has access to reject entire request using OTHER ACTIONS -> REJECT option.
In your scenario if a request has 2 roles and Role owner REJECTS one role and APPROVES one role using Approval Status at LineItem level then at the END OF REQUEST based on your notification settings your notification will be sent to user mentioning the only provisioned role details.
We are also on GRC 10 SP13. Please share your MSMP stage task settings, Audit log of your request and if possible Notification template to assist you further.
Regards,
Madhu.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Arvind,
Role owners should click on "Reject button" Or select "reject" from drop down list in "User access" Tab.
You can also try with administration activity. select CUP request - click on Administartion - select reject from drop down in user access tab- do risk analysis - mitigate - submit.
Thank you
Ranjan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Arivind,
actually this issue has been solved in SP4 -> http://service.sap.com/sap/support/notes/1582572.
aAso consider: http://service.sap.com/sap/support/notes/1960393
Can you show the audit log how the roles have been rejected? What I have seen at some clients is that managers/role owners "reject" the roles by changing the provisioning action to "remove" instead of using "Reject" on line item level.
If it's done wrongly the line item is approved with action remove and hence the notification says it's approved.
Let us know and share some screenshots for better understanding.
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
if the issue comes with business roles see: http://service.sap.com/sap/support/notes/1922082
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.