cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AC notification show to all aprroved even if 1 role was reject

former_member205095
Participant

on ‎03-02-2015 9:14 PM

0 Kudos

Hi all,

I using GRC 10.0 SP 13, and setup the notification GRAC_AR_CLOSE with variable %provisioning%, when an access request is oppened with one single role and its approved the notification comes with the message that role was approved, when the role is reject the notification says that it was rejected, however when the access request has 2 roles and the role owner aprroves one and the other is reject on the notification says that both was approved, have anyone has this problem before?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

madhusap
Active Contributor
‎03-03-2015 12:15 PM
0 Kudos

Hi Arivind,

Ideally role owner should not have REQUEST REJECTION access and role owner should be able to reject the role for which he is owner using LineItem level rejection as shown below. To achieve this you should below task settings for your role owner stage.

Now if the role owner changes the LineItem Approval status for the role to "REJECT" and submit the request then the notification triggered is using APPROVED event and REJECTED event triggers only if the role owner has access to reject entire request using OTHER ACTIONS -> REJECT option.

In your scenario if a request has 2 roles and Role owner REJECTS one role and APPROVES one role using Approval Status at LineItem level then at the END OF REQUEST based on your notification settings your notification will be sent to user mentioning the only provisioned role details.

We are also on GRC 10 SP13. Please share your MSMP stage task settings, Audit log of your request and if possible Notification template to assist you further.

Regards,

Madhu.

Show replies
Show replies
former_member205095
Participant
‎03-03-2015 12:58 PM
0 Kudos

Hi Madhu,

I just configured the notification on step 1, on global setting,

Former Member
‎03-03-2015 6:32 AM
0 Kudos

Hi Arvind,

Role owners should click on "Reject button" Or select "reject" from drop down list in "User access" Tab.

You can also try with administration activity. select CUP request - click on Administartion - select reject from drop down in user access tab- do risk analysis - mitigate - submit.

Thank you

Ranjan

Show replies
Show replies
alessandr0
Active Contributor
‎03-02-2015 9:33 PM
0 Kudos

Arivind,

actually this issue has been solved in SP4 -> http://service.sap.com/sap/support/notes/1582572.

aAso consider: http://service.sap.com/sap/support/notes/1960393

Can you show the audit log how the roles have been rejected? What I have seen at some clients is that managers/role owners "reject" the roles by changing the provisioning action to "remove" instead of using "Reject" on line item level.

If it's done wrongly the line item is approved with action remove and hence the notification says it's approved.

Let us know and share some screenshots for better understanding.

Regards,

Alessandro

Show replies
Show replies
alessandr0
Active Contributor
‎03-02-2015 9:35 PM
0 Kudos

if the issue comes with business roles see: http://service.sap.com/sap/support/notes/1922082

former_member205095
Participant
‎03-03-2015 12:22 PM
0 Kudos

hi Alessandro,

the role owner is rejecting the line item of the request, maybe with the screenshots we can get some idea

Former Member
‎07-29-2016 3:20 PM
0 Kudos

This message was moderated.

Ask a Question