Approve Request for GRC

Similar Messages

• Create approval request  for Delete User operati with oim api -11g Release2

  Hi,
  How I can create an approval request for a User Delete operation usin API? Can anyone quide me? Any help is strongly appreciated..
  BR,
  Aliye

  You can use the exact same technique for any of the other requests submissions through APIs that have been posted on this message forum. Just supply the template name for your request template you plan to use.
  Here is a page of sample code for requests. http://java.net/projects/openptk/sources/svn/show/branches/Oracle/OIM11g/examples/java/OIMClient/src/oim/client/request?rev=1402
  -Kevin

• How to trigger approval request for resources after assigning role

  Hi,
  We have a use case where we need to assign resources to user via assigning roles.
  In order to achive this use case
  1. we have created a role and assigned the access policy to it which contain the resources to be provisioned once the role is assigned to the user.
  2. Created a SOA composite having manager approval and assigned this composite to a approval policy of type 'Assign Role'.
  3. I am already having the approval policy for the resources which are present in roles. The approval policy of resources is of type "Provision Resource".
  4. Also the SOA composite for resource apporal is deployed in OIM and assigned to the approval policy.
  5. Now when I am raising the request from OIM of type "Assign Role" the approval defined in the SOA composite for Role approval gets triggered. After approving the role request the role is assigned to the user and also the resources defined in the access policy gets provisioned to teh user account.
  Now I want to trigger the resource approval process after the role approval instead of directly provisioning the resources. So that once the role is approved the individual Approval Process of resources part of roles should also gets invoked. Based on the approval or rejection of resources approval, the resource gets assigned to the user.
  Please let me know how to achieve the above use case.
  Thanks in advance

  Access policy is saying whoever gets xyz role, will get this abc resource. Now once a user gets xyz role, you are stopping to get abc resource? both are contradictory. Don't go through access policy. User is anyway going to request for roles. Modify your flow and make user request for resource. Have your composite and approval policy attached. User will get resource once it is approved.
  regards,
  GP

• IRec : Attachment to the Approval "Request for More information"

  Hi.
  How can we add attachment to "Request for more information" response functionality
  thanks
  siva

  Hi Siva,
  Unfortunately, there doesn't seem to be any such functionality at present. I am also exploring the same option and have a SR running with oracle. Shall update you if I hear otherwise.

• Approval-request for "following other users"

  Hi,
  I would like to implement SP2013 for a more community-like platform. Users that collaborate within this platform do not want other people to follow them unless they have "approved" their following-request.
  Is it possible to hook into the process of adding other people for following purposes?
  Thanks for input
  Sven

  Hi Sven,
  I am trying to involve someone familiar with this topic to further look at this issue.
  Thanks,
  Daniel Yang
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Daniel Yang
  TechNet Community Support

• ESS Workflow 10000015 Approve request for changing address thru Portal ESS

  Hi Experts,
  We want to implement ESS workflow 01000015 u201Cchange (infotype 0006) Address will be blocking until approved/rejected by Administratoru201D. The workflow is trigger OK from R3, user creates a new address and IT0006 is blocking till administrator approve or reject.
  What we want now is to trigger this workflow from Portal, but here is the problem:
  1.-  I do not see any option (button) for creating a new address from Portal iView, what else is missing??? I believe creating new address from Portal could trigger this workflow, but I am not sureu2026
  2.- If the first option does not work I would like to trigger this workflow by the event u201CChangeu201D, so I need to edit the address. From R3 is blocking IT0006 OK, but from portal is not blocking the address at allu2026 What else is missing??? I do not know if this could be an issue from R3 or Portalu2026.
  We already check u201CNote 495971 - Workflow 01000015 is not triggered when changing addressu201D and workflow is working ok only from R3.
  Regardsu2026..
  David Cortes

  Hi Swamy,
  I am a little confused of you requirement. The scenario here is that Person A (Any person using ESS) must not change any of his/her own personal data until Person B Approve/Reject the new Data. For example: if a user A want to change his/her address, personal data etc. must be approve or reject for another person B. This is a validation that most of the companies want to have in order to validate this information. Employees may change their personal data, but how HR area validates if this new information is real or not...  One way to verify this new information is a validation for a Person B who will be to approve or reject this information. Now if you do not have this scenario I believe you will not have to do this implementation class because ESS do not have this scenario. The standard ESS functionality is available for change any data without validation and this should be working right now on your Enterprise Portal.
  If you want to have a validation for a third User, Person B, you may check these points:
  1. Edit 2. New Permanent address
  Edit - Will change the record irrespective of dates. This will modify the current record which is valid as of today.
  New Permanent address - This will create a new record effective today and previous record will be delimited.
  If I use lock functionality in Edit scenario, then in the portal it will dispaly previous record which is not the correct data.
  For 2nd case, this will insert the new record, so Lock may work in this case. I will check this.
  I believe you will work most of the time with "Edit" button. If Person A edit address, the new register will be created and locked in PA30 Infotype  6 until person B Approve/Reject. How Person B knows if someone has edit his/her address?? You may achieve this using Universal Work List and notification. You may have to create a task for person B with email notification, so person B will be enter into Portal and check his/her new task from the UWL. This task will be ITS UI front end and from here person B decide if approve or reject. If Person B approve, the new register will be unlocked and replace the last one (Also in Portal). If person B reject, the register blocked will be gone and the last one remains.
  This should work for any infotype . Check only the type of event generated for any of them in order to trigger the workflow.
  Do you have any idea how to achieve this for Personal details where the Lock/Unlock functionality is not available.
  Standard ESS works without any lock/unlock functionality. remove the current workflow if you have used any.
  Regards
  David Corté

• HR Trigger request with a approval workflow in GRC AC 10.0

  Hi Friends,
  Is it possible that a HR triggered user creation request in GRC follow a stage approval based workflow ? Something like MSMP workflow ? Or can we route the HR triggered requests to MSMP worflows someway ? if yes, please help me with the details of the same.
  Thanks in advance for your guidance

  Hi Prashant,
  Refer : Understanding HR Triggers in Access Control 10.0 - Governance, Risk and Compliance - SCN Wiki
  Also search on GRC community there is lot of material available.
  BR,
  Mangesh

• Error in raising ESS requests for an Approver

  Hello Experts,
  We have implemented standard claims workflow WS18900023 and have implemented BADI to get next approver.
  Everything is working fine except one case when an Approver of certain claim type is raising request for himself. Then we are getting error while saving the claim: Approver can not raise claim.
  I checked the documentation of BADI and found that we should return Person No and Group or Group in case we have multiple approvers but if we return null Group or null person no and group badi will go into error.
  Can you please help me with a possible solution to this issue? How can I enable the approver to raise claim for himself??
  Best Regards,
  Deepak

  in that BADI method GET_NEXT_APPROVER.
  Make sure your passing the values for export parameters EFD_APGRP and EFD_APERN based on no.of approval levels.
  For EFD_APGRP, you can pass value 'ADMIN' as default.
  When it's final level don't pass any values to these parameters.

• GRC AC 10 Show approved requests in work inbox

  Hello,
  Is it possible to show approved requests in work inbox?
  Denis.

  Hi Victor,
  No, there are no such tables which could give the relations between the ARM requests and the corresponding violations.
  You have only one option; like Neeraj suggested, run the reports for this need.
  Regards,
  Ameet

• GRC AC V10 - one approval step for manager and role owner

  Hello Community,
  I have one, perhaps easy, question. Where is it possible to maintain the solution of one approval step for manager and roleowner, if both are unique.
  E.g.:
  simple approval workflow: manager stage afterwards roleowner stage afterwards auto-provisioning
  So if the request is routed to the manager and the manager is also the roleowner of the requested authorization role (same UserID). The user has to approve one and the same request twice.
  Is it possible in V.10 to change the config that the user has only to approve the request once? And then to decide on which relevant stage settings are valid for this process.
  Thanks,
  Alexa

  Hi Alexa,
  We have had a similar questions raised in a project. In an ideal world, a single "Sign-off approval" would be a great functionality where the same user has to approve the same consecutive stages, but the reason for different stages would entail that the responsibilities entailed per stage differ, e.g. Line Manager would just check the over request, and the role owner etc may be reviewing the elegibility of a specifc role etc.
  If it is likely to be the same person reviewing the 2 consecutive stages, maybe a single stage workflow would be sufficient to cover this scenario.
  I think the logic you are trying to configure in the workflow is possible but will require alot of work with knowing how to create a clever custom workflow with BRF+ or the actual WF stuff in SAP itself.

• Approval cycle for a proxy request

  Hi
  Can I create an approval process for proxy request?
  Ex:
  If a user x assigns user y as a proxy server, Administrator should get a request to approve this proxy request. If he approves then only proxy allocation will take place elae proxy request will be rejected.
  Thanking You
  Kiran Thakkar

  With OIM there's always a way. Since there is no trigger when a user sets the proxy, i would suggest the following.
  Create a generic resource object for selecting a new proxy. Your approval form would need to contain whatever details to base your approval on. But once the approval is completed, you could populate the users proxy information on the provisioning side. I haven't checked the APIs but i'm sure there's a way to perform the set user's proxy. There would be no revoke process, just let it complete since you have to submit an end date as well.
  If you go this route, i would suggest not letting users have the set proxy option on their menu.
  -Kevin

• Approval Leave request for Wave2

  hello guys:
  For approval Leave Request for Wave 1,  we need to define an Approval Scenario on the gateway side. Just want to know for Wave 2, where should we define the workflow task id ?  should we define it on the ERP side ?
  thanks
  tony

  Hi Tony,
  The Workflow id definition remains same as wave 1.
  On the gateway system.
  regards,
  Meghna

• Multilevel approval when requested for a resource

  Hi,
  When a user requests for a resource , the request has to be approved by xelsysadm. Once approved by xelsysadm , i am able to provision the user to resource.
  I have few queries here
  1.How to configure the second level approval i.e after xelsysadm's approval, the request must be approved by another person also. to configure the second level approval, which task i should add as preceding task.
  3. I have installed sun connector 9.0.4.2, in the iplanet User provisioning process, "Add User To Group" task is present. Once the user is provsioned to the resource, the user must be added to the group .can i use "Add User To Group" to achive this task . if not please suggest me any idea.
  Thanks,
  divya

  Hi Santosh,
  I created seperate approval process for the same resource object.
  It's working.
  Thanks Santosh.
  I am using sun connector . by default i have iplanet user provisioning process. i added approval process additionally.
  After the approval , the user must be added to the group.
  In provisioning processs, i found two task called "Add User To Group " and Remove User From Group.
  Can i use "Add User To Group" task to add the user to the group once his request is approved. if so, how to achieve this task.
  Thanks,
  divya

• Upload leave request for approval

  Hi,
  I would like to know how to upload leave request for approval. I understand that i can use IT2001 for leave history. Can i do an LSMW for leave request for approval for 100 personnels? Thank you

  Hi,
  Data stored in IT2001 are not for ESS approval. ESS leave request data is stored in a host of tables which start with PTREQ. You can do PTREQ* lookup in SE11 and findout. There might be 3 or 4 tables which you need to look into.
  PTREQ_HEADER
  PTREQ_ATTABSDATA
  and maybe one more table.
  Then you can do a LSMW.
  Regards
  Srini
  Edited by: Sinivasan Rajamani on Apr 20, 2010 6:10 AM
  Edited by: Sinivasan Rajamani on Apr 20, 2010 6:13 AM

• Request for approval screen click on document orrange arrow

  Hi all
  When an approver click on the document number (little orange arrow) on the request for aproval screen system gives a following error messag. why?
  "You are not permitted to perform this action"
  The user having necessary authorisations
  the user only the one in the aproval stage
  thanks
  SV Reddy

  Hi Gordon,
  Thanks for the reply. as you sugested i did exactly first by giving the complete full authorisation to all the modules (Professional license applied to this user) then in the authorisation area at one place for document series group no.10 i removed the authorisation
  though the user is not able to see the document.  (if i dont remove the authorisation for group 10 in the document series the user when he press Ctrl + * in the document for find mode he will be able to see the last financial period documents also.  primarily the user shuld not see the last years documents in thefind mode)
  Thanks
  SV Reddy