CUP workflow

Similar Messages

• How to send the 3rd email in the MSMSP CUP workflow?

  Hello GRC community,
  at first thank you all for your great support during the last months. Four month ago I started the implementation of AC in our department without any GRC experience. But now, four months later we are just about to implement the AC 10.0. Thank you all.
  Now we are working on the following issue, where we need your help. Let me explain what the issue is:
  After the finishing the last step in CUP workflow (WS76300056) the workflow sends out 2 emails: (method CL_GRFN_MSMP_WF_TEMPLATE_BASE --> UPDATE_PATH_FINISHED sends out these 2 emails)
  1.to the USER
  2.to the REQUESTER
  But due to our presystem which is a part of the Access request workflow we want to send out a 3rd email to a 3rd recipient. Getting the 3rd recipient is not the issue. The issue is: where do we have to implement the sending of the notification? Our own Investigation comes up to an enhancement point which seems to be the right place to add ABAP code which sends out the 3rd email.
  Has anybody similar issue or the experience with the following enhancement and could help us? Or maybe there is an alternative solution? Any hints are welcome.
  Package: GRFN_MSMP_WORKFLOW
  Enhancement: GRFN_MSMP_END_OF_PATH_NOTIF
  Thanks, and best regards
  Sabrina

  The send mail function will send mail to the users and or alias in the workflow step where you invoke it. The IDOC script guide will help you with implementing these kinds of things.
  http://download.oracle.com/docs/cd/E10316_01/cs/cs_doc_10/sdk/idoc_script_reference/wwhelp/wwhimpl/js/html/wwhelp.htm
  IDOC script by usage / Workflow
  wfNotify is the one you want to look at specifically.
  Workflow
  The following Idoc Script variables and functions are related to workflows.
  Configuration Variables
  isRepromptLogin
  IsSavedWfCompanionFile
  PrimaryWorkQueueTimeout
  WorkflowDir
  WorkflowIntervalHours
  Global Functions
  getValueForSpecifiedUser
  Workflow Functions
  wfAddActionHistoryEvent
  wfAddUser
  wfComputeStepUserList
  wfCurrentGet
  wfCurrentSet
  wfCurrentStep
  wfDisplayCondition
  wfExit
  wfGet
  wfGetStepTypeLabel
  wfIsFinishedDocConversion
  wfIsNotifyingUsers
  wfIsReleasable
  wfLoadDesign
  wfNotify
  wfReleaseDocument
  wfSet
  wfSetIsNotifyingUsers
  wfUpdateMetaData
  Other Variables
  AllowReview
  dWfName
  dWfStepName
  entryCount
  IsEditRev
  IsWorkflow
  lastEntryTs
  SingleGroup
  wfAction
  wfAdditionalExitCondition
  wfJumpEntryNotifyOff
  wfJumpMessage
  wfJumpName
  wfJumpReturnStep
  wfJumpTargetStep
  wfMailSubject
  wfMessage
  wfParentList
  WfStart

• Need help with a CUP workflow scenario

  Dear Experts,
  I'm sure it is not just me encountered this required scenario (or something similar).  I would like some pointers how to transcript it to a CUP workflow:
  Application admin logs a provisioning request.
  Security creates a user account and provisioning the roles on QA.
  Application admin ensures that the user undergoes training on QA.
  Upon passing the training, security replicates the user account and role assignment on PRD.
  The esoteric solution would be one request, two paths, two provisions. Is it somehow possible?
  Client doesn't use CUA.
  The security requirements are higher on PRD, where SoD handling will be required.
  Kind Regards,
  Vit Vesely
  Edited by: Vit Vesely on Apr 29, 2010 3:29 PM

  Hii Vit,
  If you want to have two paths for a single request than only possible solution will be to create role based initiator's.
  Role Based Initiatator's can be created by following Configuration -> Workflow-> Initiator-> create.
  Here Select the attibute as roles.
  For example create two Initiator
  Intiator1 -> having Role1 attribute -> Path1
  Intiator2 -> having Role2 attribute -> Path2
  Now in the request if u select Role 1 & Role 2, than request will follow the parallel path ( path1 & path 2)
  Else it is not possible to have parrallel workflow path for any other attribute.
  In Case you can have provisioning at end of the paths as well as end of the request.
  Kind Regards,
  Srinivasan

• Provisioning roles in UME with CUP workflow

  Hello,
  to give our users permission to approve requests in CUP we assign them to LDAP groups. These LDAP groups have different UME roles.
  Is there any possibility to request permnissions for UME roles via a CUP-workflow in general?
  We are using GRC 5.3 SP 8.1
  Thanks
  Manuel Kunkel

  There are some pre-requisites - you need portal content on your AS Java, the "plain" AS Java install won't do.
  Here's a detailed guide on how to set this up:
  http://www.sdn.sap.com/irj/bpx/grc?rid=/library/uuid/502a14db-6261-2c10-22b5-95117ab0e5ed
  Frank.

• CUP Workflow issue

  Hi guys,
  First - this isn't my issue but an issue that my colleague is having. 
  Their workflows have been setup and they've been working for sometime now.  I wasn't involved in their setup.  However last week, their BASIS team did some change (details aren't available to me as yet) and now, their CUP workflows are having a specific issue.
  The path that I've examined is as follows:
  Start > Manager > Role Owner > Security > Finish
  The only custom approver is under Security.  The rest are as delivered in CUP.
  What used to happen would be that the manager would get an email with a link that, upon clicking, would go directly into the request.  Now, that link takes them to a login box.  My colleague said that the tool hasn't been reconfigured by him and that the only major change has been some BASIS changes.
  I'm not sure where to tell him to start looking, since everywhere I've looked seems to be ok.
  Thanks,
  Santosh

  Hi Alpesh,
  That's what I had also said, that perhaps the SSO config was broken.  However, my colleague insists that SSO wasn't enabled.  I have my doubts about this but I have no way to validate that it was working prior to this issue.
  I know that when I look at the stages, the email templates for Approved, Rejected, etc., don't have any URL in the template, only the message.  As far as I know, this is how it should be.  Do you agree?
  Thanks,
  Santosh

• CUP 5.3 (SP11) Risk Owner Approval in CUP workflow

  Hello Experts,
  I have a question...
  When you create a risk in RAR, is there any way you can send an approval request automatically to a Risk Owner already set in RAR?
  Unfortunately, there is no such option for risk in the CUP custom approver determinator.
  We want to set risk owners different from business process owners,* and risk owners are the ones responsible for risk approval.
  *We don't want to set the "business process" as an approver determinator.
  I would appreciate your advice.
  HM

  When you create a risk in RAR, is there any way you can send an approval request *automatically* to a Risk Owner already set in RAR?
    - CUP (Page 19/33)?
  Unfortunately, there is no such option for risk in the CUP custom approver determinator.
  There is - Request Type - Attribute
  Please have a look at the following document to create RISK (RAR) approval workflows in CUP (Page 19/33 - CAD):
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/e03cd86c-3aa7-2a10-1aa6-e845902f555d?quicklink=index&overridelayout=true
  Thanks
  Himadama

• Integration of IDM with CUP workflow/

  can CUP and IDM be integrated with to have same workflow?
  Thanks,
  derek

  Hi Derek,
  Access Control supports following three ntegrations with IDM.
  - Using the IdM system as the leading provisioning system where requests are submitted to Access Control for SoD compliance and provisioning to one or more ERP systems.
  - Using Access Control as the leading provisioning system where requests are submitted to the IdM system for provisioning to one or more non-ERP systems.
  - Using Access Control as the leading provisioning system where requests are submitted to other supported systems via SPLM SOAP provisioning requests.
  For more details on how to configure, please refer to "Configuration Guide" of AC 5.3 at the following location.
  https://websmp103.sap-ag.de/~form/sapnet?_SHORTKEY=01100035870000718172&
  Click on Access Control --> SAP GRC Access Control 5.3
  Hope this helps.
  Best Regards,
  Sirish Gullapalli.

• Error in CUP Workflow

  Hello,
  when i am creating the request i am getting the following request Error Creating Request.
  There is a Two Stage Workflow for which i have configured the following steps:
  1) created a Initiator with Attributes like Functional area with Condition OR.
  2) created a CAD with attributes Functional area and assigned the approvers For Eg: Role Owners (SAP ECC User ID)
  3) Created a STAGE in which i have selected the CAD which i have created and also created a Stage for IT Security       and   Approver Determinator for that stage is Security Lead
  4) Finally i have created a Workflow path and assigned the INITIATOR & STAGES to that workflow path.
  So when i try to create a request by selecting the Functional area (which is the initiator in my case) it is giving the error error creating request
  Did i miss any configuration?
  Regards,
  Kumar Rayudu

  Hello,
  Please find the below answers:
  1) Have you configured number range and activated it?
  YES
  2) Have you associated stage with path and initiator with path?
  YES
  Now it is working fine but with the same configuration settings!!!!!!!!!!!!!
  How is it possible?
  Regards,
  Kumar Rayudu

• CUP Workflow - Approval on role level

  Hi Community,
  I have a question regarding the design/capabilities of CUP.
  Scenario:
  Stage 1 - based on Functional Area --> approval on request level
  Stage 2 - based on organisational area of role --> approval on role level
  ===========================================
  In stage 2, the person A receives the request with all the roles (let's say 10). Out of these 10 roles, there are 3 within his area. I understand that 7 are greyed out and therefore only approval for "his" 3 roles is required.
  Here come the questions:
  - If I set the stage to "mitigation enforced", a risk analysis needs to be performed. That Risk Analysis will deliver risks that derive from all 10 roles or only the 3?
  - Since approval needs to be given for the other 7 roles as well by person B, the request is forwarded to person B once the person A approves. What is the order that CUP applies here? Who gets the request first? I know that the request is not split and parallel processing does not take place since I do not use different initiators... so it must be some kind of order that is applied.
  Any help on this is greatly appreciated.
  Mo

  Mo,
     The risk analysis is always performed on full CUP request. It does not care @ who is the approver at that point.
  Also, role owner level approval always happens parallely. You should try this and you will see it. There is no order. Both person A and person B can approve the request at same time.
  Regards,
  Alpesh

• Problem in CUP workflow-Stage configuration

  Dear all,
  We are facing a problem in workflow path. The workflow for create user has got 2 stage approval. In the first stage the approval type is "All approver" and the CAD for this stage is defined on the basis of business process of the role. So if few roles are added to a user belonging to different business process, the request is forwarded to all the approvers of stage 1. However even if all the approvers of that stage has approved the request, but still the request is showing as "pending for other approvers" and not getting forwarded to the next stage. But if I change the configuration to "Any one approver", the request is forwarded to next stage after approval by any one approver.
  Please suggest
  Regards,
  Nitin

  Hi Nitin,
  I guess you have made CAD on the basis of business process of role.
  Check that one again that all approvers are approving the request.
  if in the request has two role Role 1, Role2
  Role 1 has Business Process BP1,
  Role 2 has Business Process BP2.
  BP1 in CAD has APP1, APP2 approvers
  BP2 in CAD has APP3, APP4 approvers.
  Then for that CAD stage with setting all approver's.
  APP1, APP2, APP3, APP4 has to approve the request.
  Please make sure all approvers are approving.
  Also try to change the setting for Approval Level ( Role/Request ) in the stage.
  Hope it helps.
  Kind Regards,
  Srinivasan

• CUP Workflow without Stages

  Dear Experts
  I have Created a Wokflow with out stages for locking userId
  Selected condition at initiator as request type = lock account
  There is stage with only start and stop
  But when I tried to create request for locking userId, it saying no stages exist?
  Let me know your valuable suggestions.

  I didn't know  you could create a path without stages
  OK - add a stage, make the approver "No Stage" and it should work.
  Please be aware that anyone who can access the system can then lock any user! - No authorizations needed.
  Frank.

• CUP workflow error

  Hi  ,
  Ive done the follwing config successfully:
  1) Creat Initiator ,
  2)Create CAD
  3)Create stage & assign CAD
  4) Create Path
  But when we create an request for an role to be assigned , i get the following error :
  " Error creating request. Approver not found for the following : "
    ( BPS200  -  ZALL_PROJ_DEVELOPER  )
  Can anyone perhaps point out what the problem could be ?
  Any feedback will be greatly appreciated....
  regards

  Hi,
  I think you have selected the Business Process under 'Select Attributes', of CAD.
  Select the CAD and click on Change and in the resulting screen, click on Approvers.
  In the resulting screen, click on Add.
  Select the business process, you are going to select in the request and select an Approver and click on Save.
  Click on Save.
  Please try to submit a request after doing these steps and let me know if its not fixed.
  Thanks & Regards,
  Venky.

• GRC CUP workflow

  Hi,
  We want  request from security stage to forward request to  next stage specific SOX approver.i saw forward request is allowed only with in the stage.Is there any option for one stage to forward request to next stage specific approver.
  Thanks
  Yakoob.

  Hi Chinmaya,
  Reroute option only work for previous stage,not for next stage.Reroute only go for 2nd stage to 1st stage(previous one).I want 2nd stage to 3rd stage,forward request to particular approver.
  Thanks and Regards
  Yakoob

• CUP 5.3: risk analysis in workflow impossible due to web service performance?

  Hello experts,
  We are facing a huge challenge within a AC 5.3 implementation.
  Here, AC has been used successfully with CUP and RAR for quite some time now. However, the RAR analysis has not yet been integrated into the CUP workflow. We would like to integrate the RAR analyis in CUP now.
  Based on the existing role concept (that uses functional master roles and derived roles per company code, with ca. 30 company codes in place) and the shared service operations in some areas such as FI, there is a large number of users with many roles and consequently, many SoD risks (of course, they are all "repeat" risk per company code).
  This leads to a long RAR analysis run time, but it's still acceptable. Analysis on permission level for such "power users" runs about 1 minute, on action level about 5-6 seconds.
  However, the web service between RAR und CUP is a problem and cannot cope with our violations. We have currently set the threshold to 75000. In this case, the analysis + web service runs 1-2 minutes. However, we have some users with 200-300.000 violations. In this case, if we deactivate the threshold, we will experience a web service time-out eventually, even with analysis on action level because the amount of violations the web service has to process is the same (or even higher with some false positives).
  We also have compensating controls in place for these power users, which will of course reduce the web service run-time considerably. However, this is not applicable to NEW user requests because for those, the compensating controls will be assigned only AFTER the risk analysis has taken place and the risk manager receives the workflow item.
  Has anyone experienced this in the past and found a viable solution or work-around? We are basically short of options and considering dropping the project.
  Note: An upgrade to 10.X is not (currently) a solution because this upgrade is scheduled and budgeted only for later.
  Thanks a lot and best regards
  Patrick

  Any opinions on this?
  Cheers and thanks
  Patrick

• Problem with workflow to control mitigating RAR to CUP

  We have configured in RAR, the workflow to send request for approval of Mitigation Owner using CUP Workflow. For Mitigation Control Using RAR  work fine, but unfortunately when we mitigated the Risks through the CUP request,  the workflow of Mitigation Control was not started.
  Workflow: USER > MANAGER > ROLE OWNER.
  Workflow with risk: USER>MANAGER> MITIGATION OWNER> ROLE OWNER (We have problem to send the request for Mitigation Owner).
  In the attached file has the details of this problem.
  Let me know if you need any other information.
  Best Regards,
  William Pantaleao

  Yes, it is configured correctly misc.
  Thanks
  William Pantaleã