Mitigation assignment approval in Access Request Workflow

Hi Guys,
I am currently implementing GRC for one of the clients. I have a question with respect to Mitigation assignment approval in Access Request Workflow.
Below is the Scenario,
1) User Submits the request
2) Manager Approves
3) Role Owner runs the SOD & finds SOD violations. Role Owner assigns the mitigation controls & approves the request
Clarification:
Once the role owner approves , depending on the mitigation controls assigned , can this request be routed to the mitigation control owner for approval in next stage? is this configurable with out custom BRF+ rules ? I know there is a workflow separately  (SAP_GRAC_CONTROL_ASGN) for approval of assignment which I suppose is out side of the Access request workflow.
Please suggest.

Pavan,
more or less - as the control assignment workflow is independent the access request doens't wait. So if the role owner set a mitigation the control workflow starts. If you allow the role owner to approve the access request with risks, means if the risk isn't mitigated, then the role owner can proceed.
To have your scenario working you must set the following in Access Request workflow: Role Owners are not allowed to approve as long as there are risks. All risks must either be remediated or mitigated before approval. That means if the role owner sets a mitigation the assignment workflow starts. As soon as the mitigation is valid (final approval) the access request can be approved.
Technically both workflows are independent and don't have a relation to each other. But with some settings you can combine them.
Does this answer your question?
Regards,
Alessandro

Similar Messages

  • Approving the access request gives error in Sharepoint Foundation 2013 / Email notification codepage problem

    Hello
    On our SharePoint Foundation 2013 server approving Access Requests fails with "request approval failed" after pressing the approve button. The user is site administrator, site collection administrator and site owner.
    In the ulsviewer we see the following error:
    System.NotSupportedException: No data is available for encoding 1033.     at System.Text.Encoding.GetEncodingRare(Int32 codepage)     at System.Text.Encoding.GetEncoding(Int32 codepage)     at Microsoft.SharePoint.Email.SPMailMessageHelper.GetSocialNotificationMailMessage(SPWeb
    web, String senderAddress, String senderName, Boolean useSenderAddressAsFromAddress, String recipientAddress, CultureInfo recipientCulture, String subject, String sidebarHtml, String descriptionHtml, String customMessageHtml, List`1 embeddedAttachments)    
    at Microsoft.SharePoint.SPSharingEmailHelper.SendAccessRequestsEmail(SPCachedItemEventProperties eventProperties, SPUser sender, String message, SPUser recipient, String recipientEmailAddress, String strSubject, String body)     at Microsoft.SharePoint.SPSharingEmailHelper.SendRequestorNotification(SPCachedItemEventProperties
    eventProperties, String objRequestedTitle, SPUser reqByUser, SPUser reqForUser, String message, Boolean isMessageUpdate, Int32 status)     at Microsoft.SharePoint.SPAccessRequestsOperationHandler.HandleStatusChangingToApprove(SPCachedItemEventProperties
    properties, Int32 reqByUserId, Int32 reqForUserId, Int32 newStatus, SPUserCollection users, SPGroupCollection groups, IEnumerable`1 roleDefs)     at Microsoft.SharePoint.SPAccessRequestsOperationHandler.HandleRequestStatusChanging(SPCachedItemEventProperties
    properties, SPUserCollection users, SPGroupCollection groups, IEnumerable`1 roleDefs)     at Microsoft.SharePoint.SPAccessRequestsOperationHandler.ItemUpdating(SPCachedItemEventProperties properties, SPUserCollection users, SPGroupCollection
    groups, IEnumerable`1 roleDefs)     at Microsoft.SharePoint.SPAccessRequests.UpdateItem(Int32 newStatus, SPUser reqFor, String convStr, String permType, Int32 permissionLevel, Boolean extendInvitation, String anonLinkType, SPList accReqList,
    SPListItem item, SPUserCollection users, SPGroupCollection groups, IEnumerable`1 roleDefs)     at Microsoft.SharePoint.SPAccessRequests.ChangeRequestStatusCore(Int32 newStatus, SPUser reqFor, String convStr, String permType, Int32 newPermissionLevel,
    Boolean extendInvitation, String anonLinkType, SPList accReqList, SPListItem request)     at Microsoft.SharePoint.SPAccessRequests.ChangeRequestStatus(Int32 itemId, Int32 newStatus, SPUser reqForUser, String convStr, String permType, Int32
    permissionLevel, Boolean extendInvitation, String anonLinkType, SPWeb web)     at Microsoft.SharePoint.SPAccessRequests.ChangeRequestStatus(Int32 itemId, Int32 newStatus, String convStr, String permType, Int32 permissionLevel)    
    at Microsoft.SharePoint.ServerStub.SPAccessRequestsServerStub.ChangeRequestStatus_MethodProxy(XmlNodeList xmlargs, ProxyContext proxyContext)     at Microsoft.SharePoint.ServerStub.SPAccessRequestsServerStub.InvokeStaticMethod(String methodName,
    XmlNodeList xmlargs, ProxyContext proxyContext, Boolean& isVoid)     at Microsoft.SharePoint.Client.ServerStub.InvokeStaticMethodWithMonitoredScope(String methodName, XmlNodeList args, ProxyContext proxyContext, Boolean& isVoid)    
    at Microsoft.SharePoint.Client.ClientMethodsProcessor.InvokeStaticMethod(String typeId, String methodName, XmlNodeList xmlargs, Boolean& isVoid)     at Microsoft.SharePoint.Client.ClientMethodsProcessor.ProcessStaticMethod(XmlElement
    xe)     at Microsoft.SharePoint.Client.ClientMethodsProcessor.ProcessOne(XmlElement xe)     at Microsoft.SharePoint.Client.ClientMethodsProcessor.ProcessStatements(XmlNode xe)     at Microsoft.SharePoint.Client.ClientMethodsProcessor.Process() 449c7b9c-6cec-f09a-9792-3d76c4d7e351
    The server is running on an English Windows 2012 Server and also the English version of SharePoint Foundation 2013 with the June 2013 CU.
    We see exactly the same error when add users to a group with the option "Send an email invitation" enabled.
    Any ideas what could cause this problems?
    Regards,
    Reinhard

    Hi Reinhard ,
    According to your error message, it says that no data is available after  encoding the social notification mail message. It  should be caused by the E-Mail encoding setting.
    For troubleshooting your issue, please check the character set of your E-Mail Settings:
    Verify that the user account that is performing this procedure is a member of the Farm Administrators group.
    On the Central Administration Home page, click System Settings.
    On the System Settings page, in the E-Mail and Text Messages(SMS) section, click Configure outgoing e-mail settings.
    On the Outgoing E-Mail Settings page, make sure
    Character set setting is  65001(Unicode UTF-8).
    Best Regards,
    Eric
    Eric Tao
    TechNet Community Support

  • GRC 10.0 Access Request workflow error

    Hi,
    While creating change request in AC10 to assign roles I get task errors (see example in attachment) and request does not appear in approver`s (manager stage) work Inbox.
    Can anyone help and advice what can be missing and what should be checked additionally?
    I`ve checked all configuration settings as described in Post-Installation and Pre-Implementation docs but still get the same error and request does not appear in work Inbox.
    WF-BATCH user has assigned in GRC system roles as below:
    SAP_BC_BMT_WFM_SERV_USER
    SAP_GRC_FN_ALL
    SAP_GRC_FN_BASE
    Thanks a lot for advice!
    Aga

    Hi
    yes it helped. Now no errors on this stage and request appeared in manager work inbox. I`ve only assigned recommended roles as first. It looks like I need to look for additional roles for both users or authorization objects which are missing for SAP standard roles to avoid assignment of SAP_ALL.
    Thanks a lot!!!
    Regards,
    Aga

  • Need multi level approval for Leave request workflow in ESS

    Hi All,
    Our requirement is for 5 levels of approvals for the leave request raised in ESS  means After employee raises leave request ,it has to be approved by 5 managers one after the other. In standard system only 1 level of workflow and approval  is available so please anybody suggest the solution . Thanks in advance.

    in addition to the above content your workflow consultatn have to create this ask him to
    refer this document
    http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCBMTWFMDEMO/BCBMTWFMDEMO.pdf
    for multiple level of aproving the leave reqest and  and orgstructure have to be well formed
    ravindra

  • MSMP Access request and mitigation assignment workflows

    Hi Guys,
    Need help in understanding access request workflow. Here is the flow:
    Requester submitted access request.
    1. Manager stage (010)
    2. Role owner (020) - at this stage routing enabled for DETOUR_SODVIOL with standard rule ID by creating detour path with new stage (021).
    3. Security Lead (030).
    Instead of going to SoD stage (021) request is diverted to MIT_ASSIGNMENT workflow for applying mitigation control with a new number generated.
    I am confused with system behavior, Please suggest.
    Thanks all for your time.
    Thanks & regards
    Harry

    Hello,
    Based on your requirement you need 2 PATH .
    PATH A : where you have 3 stages
    Manager
    Roleowner
    Security Lead
    and PATHB 2 stages if security Lead is required after SOD Stage.
    1)SOD stage
    2)Security Lad
    Requester submitted access request. nThis is Go in PATHA
    1. Manager stage (010): Manager Appoves then goes to Next stage
    2. Role owner (020) - at this stage routing enabled for DETOUR_SODVIOL with standard rule ID by creating detour path with new stage (021).: After Role owner approves with check for condition and route mapping based on rule result value
    3. Security Lead (030).
    Instead of going to SoD stage (021) request is diverted to MIT_ASSIGNMENT workflow for applying mitigation control with a new number generated.
    Ensure MITIGATION workflow in not active in Configuration parameter.
    Good Luck
    Prasant

  • HOW TO CONFIGURE MANAGER or APPROVER USER IN ACCESS REQUEST MANAGEMENT TO APPROVE OR REJECT REQUEST

    hi sap gurus,
    i configured grc 10 system successfully. I created one user: GR_AR_APP001 and assign following roles:
    SAP_GRAC_ACCESS_APPROVER
    SAP_GRAC_ACCESS_REQUEST_ADMIN
    SAP_GRC_FN_BASE
    SAP_GRC_FN_NUSINESS_USER
    and I maintained GR_AR_APP001 in access control owners as "POINT OF CONTACT", "SECURITY LEAD" and "WORKFLOW ADMINISTRATOR"
    but when i am creating access request for new user and defining MANAGER under user details tab as GR_AR_APP001.
    the user GR_AR_APP001 is not receiving any request for APPROVE or REJECT in his WORK INBOX.
    can u please guide me how to configure APPROVER or MANAGER to approve or reject request.
    I will be very much thankful if you guide me successfully.

    Hi Colleen,
    thanks a lot for your time.
    PIC1: I created one user: GR_AR_APP001
    and assigned all the GRC ROLES.
    PIC2: I assigned owner type to GR_AR_APP001 user : POINT OF CONTACT, SECURITY LEAD and WORKFLOW ADMINISTRATOR in NWBC ACCESS CONTROL OWNERS
    PIC3: I created one EUP 980 (copied from default EUP)
    PIC4: I maintained default manager as GR_AR_APP001 user in 980 EUP
    PIC5: I selected SAP_GRAC_ACCESS_REQUEST process id
    PIC6: I created one agent id as ZGRAC_MANAGER11 in which I added approver user id: GR_AR_APP001
    PIC7: I saved agent id
    PIC8: I added agent id as ZGRAC_MANAGER11 in stage5 in manager stage.
    PIC9: I saved
    PIC10: I maintained EUP 980 (in which I configured manager as GR_AR_APP001 user) in stage 5 task settings
    PIC11: Maintain Route Mapping, I clicked on next
    PIC12 and PIC13: I saved and activated.
    After this process I created one request for new account and selected the manager as GR_AR_APP001 and one request is created with request no 9000000030.
    now I logged into system by user GR_AR_APP001 and checked, there is no request under his work inbox.
    please guide me at least one procedure, how to receive request in approver work inbox so that I can learn other procedures to configure approver as per our organization requirement.
    thanks for your support Colleen.

  • Workflow for Approval of Appropriation Request

    Dear experts,
    I have been working on Workflow for Approval of Appropriation Request.
    Even after carrying out all the required configuration, the process is not working. Following are the symptoms:
    When appropriation request is submitted for Approval, I am maintaining user ids of approvers in the Partner field.The moment I click For Approval status the Approve Button is deactivated.Even when I log in from the Approver's user ID the button is Deactivated. 
    When I check the Business Workplace Inboxes of Approvers there are no Workflow related mails.
    please help me out
    Regards,
    srikanth

    srikanth,
    Have you maintained all the configurations related to Work flow in IMG? like activating event linkage, assigning agents, approval schema etc...
    Also, have you maintained the workflow automatic configuration in transaction SWU3,
    you have to maintain the following:
    1. create a user id WF-BATCH, user type system and maintain a password for this user (seek BASIS team help for doing this)
    2. Assign SAP_ALL & SAP_NEW in user profile tab.
    3. in SWU3, under Maintain Runtime Environment --> Maintain Workflow System Administrator , select line and click on execute button, select user - WF-BATCH, save and back.
    4. then in the same screen select *Configure RFC Destination * click on execute, system prompts with the user id mentioned in the above step, you enter the password mentioned in the first step, click OK.
    5. now select *Maintain Runtime Environment * click on perform automatic configuration button (f9).
    6. Ensure that the option Maintain Runtime Environment turns to Green tick mark.
    7. select Classify Tasks as General click on perform automatic configuration button (f9).
    8. Ensure that the option Maintain Runtime Environment turns to Green tick mark.
    Now can go to transaction SWDD, on the left side of the screen, in the field WORKFLOW enter this value* WS00300022* press enter. Click on test (F8) button.
    In the Test Work flow screen select BUS2104 line, it shows a new line at the bottom of the screen with the following options:
    Object type:  BUS2104, Key:
    You enter the appropriation request number in the  field key (you cannot directly enter value here, choose drill down option (f4) then a new window pops up, enter the approp request number, click ok.
    then click on execute (f8).
    Now you can check in the approver's business work place under Inbox - workflow.
    Praveen

  • Is it possible (and if so, how) to automatically approve Access Requests

    SharePoint 2013 (we are using SP 2013 On-Prem.) provides the ability for users to "request" access to a site, or for Site Members to "share" content with users outside of the current site users.  In both cases, however, the request
    for access/sharing is added to the hidden list Access Requests, and a notification sent to the Site Collection Owner/Administrator, who must then "approve" the request before access is actually granted to the outside user.
    We have a use case where we would like to have any access requests (specifically those initiated by Member users to share content with non-site users) automatically approved.  We still want the Access Request list to track all the requests, but we want
    to somehow set all requests to Approved as soon as they come in, so that the Site Owners/Admins do not become a bottleneck where it takes time for access to be granted.
    Is there any way to accomplish this without the need for custom code? 
    I tried leveraging a SPD-based workflow, but there are not properties on Access Request that seem to represent the Approved/Declined selections available in the Request user interface, so there does not appear to be a way (at least via workflows) to set
    a request  to approved.
    Any ideas/thoughts on how to maybe accomplish this? 

    Don't think there is a way to do this OOB.
    --Cheers

  • How to assign approver to missing approver of workflow

    We have defined approval group on specific employee so when every user create their leave then it go to specific user for approval. Now the issue is, approver has been terminated and the dynamic query is getting no record. Due to this neither approver information is appearing nor it’s not going to notification user.
    Now we have updated approver name with the new, but how to assign approver to those leave request which have no approver defined.
    Pls advice

    I am bit confused, when i assigned from one user to another user by selecting notification and press reassign button on the main page instead of inside the request where is the same re-assinge button beside approval.
    Now problem is that system has assigned all notification to new user instead of two particular record which i selected.
    pls advice.

  • SAP GRC AC ARM -Access Request approval

    Dear Community Members,
    my question relates to practice advise in respect to risk analysis type on access request.
    Can anybody share experience with type of analysis on access request.
    According to SAP HELP we have: In the Analysis Type dropdown list, select the relevant analysis type.
    You use Risk Analysis to determine violations pertaining to the authorizations assigned to the role. For example, when the authorizations result in segregation of duties violations.
    You use Impact Analysis to determine authorization violations pertaining to other roles. That is, the authorizations for the selected role, in combination with authorizations for another role, result in violations
    In particular I am interested when I have requested Role A and Role B with both creates SoD risks, would this be catch by access risk analysis during request creation? Assuming user have no role at backend.
    Thanks,
    Filip

    Hi Filip,
    Yes, your understanding is correct.
    Risk analysis in the access request is intended to find out any sorts of risks associated to the roles in the request inaddition to the roles assigned to the user already.
    When Risk analysis is performed, it will take into account all roles which are added to request and show the correct results.
    You can also run the simulation to see what will happen if the role is assigned to user beforehand.
    Regards,
    Shweta
    SAP - GRC

  • Access request number pending with which approver in backend?

    Hi All,
    Is there a way to see particular Access request numbers are pending with which approver in BACKEND grc system?
    Thanks for any inputs

    Dear Sush,
    as Suvonkar mentioned you can use Search Request screen to find pending approval requests. If you press Instance Status button you can see approvers for each path/stage.
    Instance Status:
    Also it is possible to see in the Audit Log.
    Regards,
    Alessandro

  • Access Request list "Request For" Workflow

    We are looking at ways to use the current access request functionality.
    If we use the default view, pendingreq.aspx, for the Access Requests list, there is a column we are especially interested in "Request For".  This column, a hyperlink, tells you the level at which users are requesting access...and if approved,
    the level at which the SCA is about to give permission.
    If we create a new view on the Access Requests list, this "Request For" column isn't available anymore.
    I've tried to pull the list in to look @ all the available fields via:
    1. Report Builder 
    2. http://mySharePointSite.com/_api/lists/getbytitle('Access%20Requests')/items
    ...and can't find this "Request For" field.
    Any ideas?  Separate or linked list elsewhere?

    Hi Eric,
    I can now see the column via:
    http://mySharePointSite/_api/lists/getbytitle('Access%20Requests')/items?$select=ObjectRequestedTitleDisp
    Looks like from Report Builder {download here} if you select "Show Hidden Fields" @ the top of the modal window when building the query, you'll see the
    "Request_for" ...or this ObjectRequestedTitleDisp field.  Only bummer is it's just the name/title...there is no file extension or anything at the end of the string value.  So, if the name isn't "smart" coded/listed, you won't
    know if it's library, folder, document or site level...there is no ".docx" or ".xlsx" @ the end of the "Request_for" string.  At least, I haven't found a way to decipher that yet.
    In SharePoint Designer, I see the following View code which could lead to helping get to the right place, but I'm not familiar with this code just yet:
    <FieldRef Name="ObjectRequestedTitleDisp"/></ViewFields><RowLimit Paged="TRUE">15</RowLimit>
    <JSLink>accessrequestscontrol.js|mquery.js|callout.js|accessrequestsviewtemplate.js</JSLink>
    <XslLink Default="TRUE">main.xsl</XslLink><Toolbar Type="None"/></View></XmlDefinition>
    </WebPartPages:XsltListViewWebPart>
    Creating a view to enable access request delete functionality
    Open the site in SharePoint designer 2013 and click the “All Files” node
    Notice the right side shows the “Access Requests” list
    Right click the “Access Requests” list and select “Properties”
    On the Views panel click New
    Enter a name for the new view such as "showallitems"
    Click “OK”
    Navigate back to the original “Access Requests and Invitations” page
    Current URL is containing page name of “pendingreq.aspx”
    Change the URL to “showallitems.aspx”:
    The view will have no columns
    Click the ellipses and “Modify This View”
    Add at least the 2 columns with edit options
    Make sure if you select multiple columns (good practice so you can see the full scope of the request such as status and person), use the right side “Position from Left” ordering to have your edit item links located on the left side of the request row
    Click “OK” in upper right of page, and now you can see the view which contains the edit links to allow deletion of the item

  • Provisioning log is not available on Access request type Change Account

    Hi,
    So I have and issue when I try to submit a request to add a role to a user and I'm trying to understand what could be the reason for it.  Basically I have a workflow that works perfectly for a "Change Request".  I can see that all the steps are executed and then at the end of the request when is suppose to do the actual role assignment I see the message "Provisioning log is not available" then the approval path is finish and the request is closed but when I take a look at the user in the back end the role is not assign.  In terms of access I have try giving SAP_ALL to WF-Batch, nothing shows in Yellow or Red on SLG1 and in SPRO->AC-> User Provisioning -> Define request Type I see "Change Account" with SAP_GRAC_ACCESS_REQUEST.  What else can I do to troubleshoot this error?
    Note: I when back to the  to the AC 10.0 Pre-Implementation From Post-Installation to First Access Request and everythings looks right in terms of the AC Configuration settings.

    Hi Jonathan,
    In my question I was referring to SPRO - GRC/access control/user provisioning / maintain provisioning settings. Those need to be setup (min. global provisioning settings) in order to have role being assigned to user at the end of path.
    Change account option you can see under request type is referring to change user master data(e.g. password/ account validity / details).
    Is this system maintain by CUA? If so settings have to be different (see CUA settings in SPRO)
    I would recommend moving to SP14 as in SP13 there were many bugs, by the way I believe the worst SP ever since beginning of AC is SP13 (maybe due to number), as it destroys many working functionality.
    Filip         

  • GRC 5.3 CUP auto provisioning of Mitigation Assignment in RAR

    Hello,
    Is there any other workflow that needs to be triggered for the auto provisioning of the Mitigation control id assignment to the userid in RAR system from CUP,  upon request completion?
    I created a request that after the final stage of sox approver, got auto provisioned roles assigned to the user id in the SAP system , but it also stated that auto provisioning failed and got re-routed to the detour path of the security admin as I configured in case of auto provisioning failure. When I look at the error log, it states:
    User Provisioning failed for System(s) : XYZ. Error Message : User type TE is unknown
       Role: ROLEA assigned to user: TESTER1 in System(s): XYZ.
    1). So, even though the approved role is being assigned to the user in the backend system, some other stuff is failing at auto provisioning. And I thought it might be the mitigation control assignment to the userid in RAR. I have the mitigation fields/objects active. But how do I ensure the auto-assignment of mitigation control ids also gets assigned on the same request upon sox approval?
    2). The other question is where is the value of the 'controller' stored when configuring a stage for workflow approver determinator in the sox approver stage? Where is this value picked up from? We don't want to use the RAR mitigation approvers or monitors, we want to use a custom approver id from CUP and then the control id to be assigned upon approval automatically to the userid in RAR via CUP request completion during auto provisioning. Is this possible? The only thing failing for us is trying to determine how to create the custom approver determinator for SOX approver in CUP since it asks for 'attribute' value for workflow type 'Compliant User Provisioning' which doesn't make sense for this.
    And then the above error even though the user role assignment is auto provisioning already but still giving the error as I listed above and re-routing to detour path instead of completing the request. Is it due to auto provisioning failure of mitigation control assignment in RAR?
    Thanks in advance,
    Alley
    Edited by: Alley1 on Sep 20, 2011 1:15 AM

    Hi Karell,
       Here is response to your questions:
    I can use the following CAD in an AE workflow: web service to fetch role approvers. I question this as it is merely a RE workflow service : No. As far as I know the web service is only for RE/ERM.
    Can the Risk Analysis be initiated in stage x automatically once stage (x-1) was completed. So no person involved, it is mandatory however, in my opinion there should be no extra person involved to actually press the button "Risk Analysis" : No. There is no way to automate the risk analysis part. Someone will have to click on the button to check for SoD violations. You can configure to run automatic risk analysis when the request is submitted but this is not 100% perfect. If someone adds or removes role during approval phase, it will invalidate the risk analysis which was run during request submission.
    Can somehow the Risk Owners defined in the RAR componed be asked to approve/reject risk that came out of the Risk Analysis described in my previous point. They should only be contacted when there is a risk indicated. : This is possible by following Babak's workflow.
    Regards,
    Alpesh

  • No Approvers visible on Access Requests

    Hi Everyone
    I am currently experiencing a problem on Access Request Management, on all my request types no Approvers are visible after submission of a request. Checking the request under Instance Status it shows no Approvers, the Approvers have been assigned on the Roles for Assignment approval and Content approval and also have been created on NWBC front-end as Role Owners. On MSMP GRAC_ROLEOWNER Agent has been assign to ROLEOWNER stage and also the stage task settings maintained, On the GRC system the Role Owner/Approvers have also be created and given the proper access including SAP_GRAC_ACCESS_APPROVER role.
    I am not sure where I am going wrong on the Workflow, I have checked and verified also the settings under SPRO - Maintain Configuration Settings and Perform Task-SpecificCustomizing.
    Your assistance in this is highly appreciated
    Regards
    George

    Hi Lentobo,
    As Dilip suggested ,please ensure that role owner is set-up in NWBC. Define role owner  in , Access Control Owner hyperlink ,under Set up tab of NWBC.
    Also make sure that you have checked the checkbox "Assignemnt approver" under Owner tab of  that role.
    Thanks,
    Mamoon

Maybe you are looking for