CUP MSMP Work flow in GRC 10.0
Hi GRC Experts,
I am working on a MSMP Work flow requirement in GRC 10.0 and would appreciate any guidance/inputs on this.
As per my requirement we would have to design a CUP Work flow in GRC 10.0 to decommission a user in 24-hours if the user has not activated his/her new user account. After a user account is provisioned, system should wait for 24 hours to have user login/activate the account, otherwise decommission/disable the account. I have never heard of this functionality in GRC 5.3, so was not sure if this is something that can be designed and configured in 10.0. Would really appreciate if you can please guide us with requirement and advise if this can be implemented in GRC 10.0.
I know outside GRC , this requirement can be designed using a background job, which can monitor the provisioning and activation for a user account , however i am wondering if this can be designed and implemented with MSMP Work flow in GRC 10.0
Thanks every one for your valuable and precious time.
Cheers .. Vikas
Hi Vikas,
You doesn't require customized ABAP programs to achive this and neither GRC 10 and can be achived with the below login parameters:
login/password_max_idle_initial
login/password_max_new_valid
login/password_max_reset_valid
The login/password_max_idle_initial will make the initial password invalid if the user is not logged in, which means you are making the system secure if the user doesn't login to the system in specific number of days.
However, this will not decomission the user IDs. You may need to look at custom options to identify the users from USR02 table and lock them using standard BAPIs.
I am not sure on why Multi Stage/Multi Path is required for this??
Regards,
Raghu
Similar Messages
-
MSMP Work flow in GRC AC 10.0
Hi All,
Can someone please help me with Basic Work flow documentation for AC 10. I am part of a implementation team and we are working on implementation of MSMP work flow in AC 10 , however i didnt have any prior experience with work flow configuration . This is my my first assignment where i am working on work flow customization and are looking for some docs which can help me to understand the basics of MSMP work flow in AC 10.
I was able to find docs on market place however they are more into configuration and customization of work flow , So can someone please assist me here to find some basic doc's for MSMP work flow which would help me to better my understanding of MSMP work flow concept .
Thanks everyone for you help.
Cheers .. VikasHi Vikas,
Please check our BPX page here:
SAP Access Control 10.0 [original link is broken]
There are documents covering the installation process and also specific MSMP workshop setup.
Regards,
Luis -
MSMP Work flow in GRC 10.0
Hi Experts,
I have a work flow requirement and would appreciate if you guys can please help me here . The actual requirement is to design a CUP Workflow and If there are SOD issues identified, the workflow will need to go to a central team for them to address each issue. If there is no SOD issue found, the workflow should end. The requirement is to configure the access request so that the end goal of work flow is just facilitation of an SOD review. There would be no actual provisioning of users at the end of the path.
I am wondering if this would work flow can be initiated with an function module based rule or i would have to create a BRF Rule for this . As per my understanding the flow should be Start > Access Request > Sod Analysis done > If Sod , Go to Central team otherwise end > Central team will decide on the assignment of SoD Resolution > This Team will either Assign MC or wont approve the Role assignment > Both Cases the work flow ends and request is closed.
Would really appreciate if you guys can assist me as i am new to work flow and this is one of project deliverables . Thank for your valuable time and help .
VikasHi Ashish ,
Thanks for your time . Let me explain you my requirement and would really appreciate if you would have some inputs here which would help me to design this .
The actual client requirement is to design a CUP Workflow and If there are SOD issues identified, the workflow will need to go to a central team for them to address each issue. If this group decides to apply mitigating controls to the issues, the workflow must then go to the compliance group for them to review for appropriateness. Requirement is do a SoD analysis for every role change/add request , so that this group takes the appropriate action based on the SoD Analysis . For all my CUP request raised , i want system to do a SoD analysis and let this group know whenever there is a SoD found or just end the workflow if there is no risk.
I am aware of the Risk analysis process for GRC 10.0 , however i want it to happen as a part of this work flow requirement.
The requirement is to configure the access request work flow so that the end goal of work flow is just facilitation of an SOD review. I hope i was able to explain my requirement . Thanks again for your help.
Your valuable guidance would be really appreciated.
Vikas -
WORK FLOW SCENARIO IN CUP STAGE APPROVAL PROCESS
Hi All,
We had configured GRC CUP with four stage approval work flow process .I have a question like is there any condition / option If there are few Top management level users ( M0,M1.....M9).In CUP Change Account request Few roles should not be selected by the users else system should not allow the roles or Roles not be provisioned.Kindly do the needful on priority.
Regards,
Ram.Hi ,
We had configured few workflow scenarious based on our business.In CUP for Change account request type, we had configured a four stage workflow as for new role creation or to modify existing roles , we are using change account request type for approving and provisioning of the roles, This request type includes four stage approvals like Manager ->Role Owner> and Application owner.This is how the flow is configured.I have a question like , is there any possibility to change the provisioning process , ( ex: If there are approval level s from Top Management like M0,M1,M2.....M9) ., Let us consider if Manager approves the request and role owner performs risk analysis , and Application owner approves , still the request shud not be provisioned, If it is provisioned also, the roles should not be created .
Hope its clear and you can able to understand the scenario.Please help regarding this.
Regards,
Ram. -
Hi Friends,
When I am changing a role and triggering in the work flow for approval it is showing following error
2010-05-11 09:09:28,251 [SAPEngine_Application_Thread[impl:3]_32] ERROR User : not found to get full name
2010-05-11 09:09:47,607 [SAPEngine_Application_Thread[impl:3]_25] ERROR
java.lang.Throwable: java.lang.NullPointerException
at com.virsa.re.workflow.client.WorkflowRequestClient.getRoleProcessContextDtos(WorkflowRequestClient.java:284)
at com.virsa.re.workflow.client.WorkflowRequestClient.execSubmitRoleApprovalWF(WorkflowRequestClient.java:83)
at com.virsa.re.workflow.actions.WorkflowRequestAction.submitApprovalRequest(WorkflowRequestAction.java:95)
at com.virsa.re.workflow.actions.WorkflowRequestAction.execute(WorkflowRequestAction.java:54)
at com.virsa.framework.NavigationEngine.execute(NavigationEngine.java:273)
at com.virsa.framework.servlet.VFrameworkServlet.service(VFrameworkServlet.java:230)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:117)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:62)
at com.virsa.comp.history.filter.HistoryFilter.doFilter(HistoryFilter.java:43)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:58)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:384)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
FYI.. It is happening with the roles those are uploaded earlier not when I am creating any new roles.
Please Help.
Regards,
SatyabratHi Satyabrat,
Which patch level you are on? Although seems not related to your issue, but there is a bug in Patch 11 -
1. It doesn't update Approver from ERM-Workflow-Approver criteria
2. it doesn't update criticality level ( if you didnt upgrade from Patch 8 to 9 and went on directly to patch 11).
If you have any of above issues, then old roles and copy of old roles will not work properly.
Check if you have criticality level defined and also try to change approver in ERM Role modification screen.
it seems the configuration is correct as new roles are working fine but to make sure also check in CUP whether the first stage of Role creation is defined as webservice.
Let us know if it helps.
Regards,
Sabita -
AE Work Flow Error in creating request. Path Not Found
Hi There,
I am working on GRC 5.2
I Have lot of questions regarding this tool...
I am getting this error when i am trying to submit a request..
Please help me in configuring the AE and guide me with the basic setup.
Work flows and rest of the things..
Thanks in advance
RaghavBuddy,
I have done config using Guide...
I am able to submit request from the GRC end ...i am getting this below status message
Request successfully got created and got approved with provisioning. Request no : .
Approval Path Status
(Status : APPROVE)
1. Auto-Provision ( Status : Approved )
[system
But nothing is changes in ECC system..as per the above request when the system complete the request User ID should be created automatically in the back end but its not happenning.
Please guide me -
Urgent : Work flow in ABAP
Hi friends,
kinkly send me about Work flow. Also send me step by step procedure on how to do work flow. Thanks in advance.Hi,
check the below links
REfer this link:
There is a good book from SAP Press that I would
recommend as a starting point.It's called Practical Workflow for SAP and it is by Alan Rickayzen.
http://www.sap-press.com/product.cfm?account=&product=H950
Workflow
http://www.sap-img.com/workflow/sap-workflow.htm
http://help.sap.com/saphelp_47x200/helpdata/en/a5/172437130e0d09e10000009b38f839/frameset.htm
For examples on WorkFlow...check the below link..
http://help.sap.com/saphelp_47x200/helpdata/en/3d/6a9b3c874da309e10000000a114027/frameset.htm
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/PSWFL/PSWFL.pdf
http://help.sap.com/saphelp_47x200/helpdata/en/4a/dac507002f11d295340000e82dec10/frameset.htm
http://www.workflowing.com/id18.htm
http://www.e-workflow.org/
http://web.mit.edu/sapr3/dev/newdevstand.html
Go through the following links on FORK :
http://help.sap.com/saphelp_nw04/helpdata/en/24/e2283f2bbad036e10000000a114084/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/8d/25f1e7454311d189430000e829fbbd/frameset.htm
http://help.sap.com/saphelp_46c/helpdata/en/c5/e4a930453d11d189430000e829fbbd/content.htm
http://www.insightcp.com/res_23.htm
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCBMTWFMSTART/BCBMTWFMSTART.pdf
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCBMTWFMDEMO/BCBMTWFMDEMO.pdf
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCBMTWFMPM/BCBMTWFMPM.pdf
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/PSWFL/PSWFL.pdf
Work Flow
1) Goto Tcode PFTC : Standard Task > Create Button>Workflow Templete
For Create Container
Element : ZBUS1001006
Name : ANy Name
Description
Data Type & Properties
Data Type:
select Object Type : BOR Object Type for BUS1001006
Properties:
Parameter Settingd : check all Import, Export & Mandatory Checkboxes
Basic Data :
Abbr : Create_View
Name : Some Name
Work Item Text : Create View Material & -
Click on DELE Button & Select Material From The List
Object Catagory : BOR Object Type
Object Type : BUS1001006
Method : View
Triggering Events
Obj Catagory Object Type Event
BOR Object BUS1001006 View
activate it
Enter on BUS1001006 Object Type you will get Quadratel<> Button after that
double click on Quadratel<> button you get green button
after that the system will generate the task No.
check in the Event linkage Tcode : SWETYPV
if you find an entry with your Workflow and linkage active
goto Tcode : SWEC click on New Entries
Change Doc Obje Obj Cat Obj Type Event on create
Material BOJ Obje BUS1001006 View Option Button(Checked)
save this
goto Tcode : SWEC
Change Doc Object : Material
Obj Catagoty : BOR Type
Obj Type : BUS1001006
Event : View
Check with On Create Button
Goto SWETYPV
Obj Catagoty : BOR Type
Obj Type : BUS1001006
Event : View
Receiver Type : Some Work Flow No: WS80000431 like this
Click on Work flow Builder
~~Guduri -
Sharepoint Foundation Can not update External List by Work Flow
Hi
I try to update External List by other list Work Flow, in Sharepoint 2010 Foundation.
Here is the manual:
http://msdn.microsoft.com/en-us/library/office/ff394479(v=office.14).aspx
But it fails , and the error message is “The
workflow could not update the item in the external data source. Make sure the user has permissions to access the external data source and update items.”
Is there some limited in Foundation?http://social.technet.microsoft.com/Forums/en-US/0bb9ef28-3614-4db2-b19f-dd81e8cc2d42/the-workflow-could-not-update-the-item-in-the-external-data-source?forum=sharepointgeneralprevious
With no Secure Store in Sharepoint what we ended up doing was creating a new external content type, adding a new connection and picking a connection type of .net type instead of sql. This means we needed to create a .net app as the go between but within
.net we had all the usual tools for connecting to sql without permission issues.
Also check
http://wyldesharepoint.blogspot.in/2010/06/setting-up-external-content-type-for.html
If this helped you resolve your issue, please mark it Answered -
File not found error at Attachement link in GroupVote of Human Work Flow
Hi Gurus
In Human Work flow,
I have created the GroupVote and assigned to two person.
I checked "share attachments and comments" to share their issues.
One signed on to WorkApplist and review the forms and attached the file,
The file link was created but it could not be downloaded.
it could not delete.
I tested several times it occured same results.
It did not be happend when this option "share attachments and comments" was not checked.
domain log and opmn log are as below.
<2008-08-25 14:55:15,468> <ERROR> <oracle.bpel.services.workflow> <::> Identity Service Authentication failure.
Identity Service Authentication failure.
Check the error stack and fix the cause of the error. Contact oracle support if error is not fixable.
ORABPEL-10528
Identity Service Authentication failure.
Identity Service Authentication failure.
Check the error stack and fix the cause of the error. Contact oracle support if error is not fixable.
at oracle.tip.pc.services.identity.jazn.xml.XMLAuthenticationService.authenticateUser(XMLAuthenticationService.java:150)
at oracle.tip.pc.services.identity.jazn.xml.XMLIdentityService.authenticateUser(XMLIdentityService.java:426)
at oracle.bpel.services.workflow.verification.impl.VerificationService.authenticateUser(VerificationService.java:299)
at oracle.bpel.services.workflow.query.impl.TaskQueryService.authenticate(TaskQueryService.java:135)
at worklistapp.servlets.Login.handleRequest(Login.java:101)
at worklistapp.servlets.BaseServlet.doPost(BaseServlet.java:157)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64)
at oracle.security.jazn.oc4j.JAZNFilter$1.run(JAZNFilter.java:396)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:410)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:621)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:368)
at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:866)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:448)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:302)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:190)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:595)
OAS version is 10.1.3.1.
Any advice will be appricated.
ThanksYou are getting : ORABPEL-10528
Identity Service Authentication failure.
Identity Service Authentication failure.
This means that you have wrong username/password entries in your configuration files. Please recheck them and then things should be fine...
Hope this helps!
Cheers
Anirudh Pucha -
Triggering a sub work flow for multiple users at same time.
I have a scenario in which I have created sub workflow as an activity for approval process. This sub work flow should be triggered for multiple users at the same time and their decison is independent of each other.
This is like creating multipe instance of the same sub work flow and then the sub work flow runs indepedently as a new work flow for each of the approver and the process is completeded for approver independently.
How can this be achieved?Tyr to do like this,
1. First include the subworkflow in the main workflow template.
2. Now include standard Block Step in the main workflow template.
3. In the block select the block type as ParForEach.
4. Before doing the 3rd point make sure that all the agents for whom you want whom you want to initiate the workflow, populate them in a Multiline conatiner element.
5. Once completing 3rd and 4th points open the block step under the tab ParallelProcessing assign the multiline container element name in the for e;g if the multi line container element name is COSTCENTER then do the binding like below. the conatiner element COSTCENTERLINE is created by default once you include the multi line conatiner element under parller processing tab.
&COSTCENTER[&_WF_PARFOREACH_INDEX&]& --------> &_COSTCENTER_LINE&
Now assign the agent of the subworkflow as COSTCENTERLINE , imean if suppose you have 3 entries in the internal table then three separate and for three different agents the workflow is instantiated. -
Work flow block in credit memo request
Hi Friends,
I want to create a credit memo. I am creating the credit memo like: Sales order>Invoice>Credit memo request-->credit memo. Now my credit memo request is got created but is assigned with Workflow block at header level, now when I am going back in VA02 and saving it after removing the block at header level, but when I am again checking in VA02/VA03 work flow block is there. Now when I checked that in my workflow , it is in outbox and but I am not able to approve it becoz it is in outbox.
Where it is going for approval , it is only created by me and I don't see any approver field in credit memo request screen.
In the wrokflow outbox am getting that block CMR --as completed and get CMR approver as Error.
How can I remove the workflow block ? Any pointers.
Regards
Ashu
Edited by: ashutosh p on May 20, 2010 1:39 PMPlease check the Workflow log. By default whenever you create or act on any workflow workitem it will appear by default in your SAP Outbox.
Thnaks
Arghadip -
Screen output without connection to user - Work flow
Hi,
i have created a workflow, it has a task which refers to a method which call a BDC in N mode, but workitem is not generating, in event trace showing RFC status 'Screen output without connection to user'.
Same time i observed in ST22 for any dumps, as it is giving this error 'DYNPRO_SEND_IN_BACKGROUND'.
Please suggest how to solve. Thanks in advance.
BR,
RajaniHi Vijay shah /Rick Bakker ,
As i am on leave from last 2 days, sorry for delay in response.
As the work flow tasks and what ever the methods i developed are working as per requried.
But after each step by step analysis i founn every usefull information regarding the background type activity options.
Solution :
In background type activity step, in details tab we have option of ->Advance With Immediate Dialog flag is set to X, due to this system checking for user interaction.
Because of this its creating problem. After unmarking the falg i am able to execute the task in background successfully
with out any problem.
Once again sorry for delay in reponse
BR,
Rajani -
Dear all,
we need a workflow for creation of material master.
Say Basic data is created by MM dept.
then MRP & work Scheduling views are created by PP dept.,
then Purchase views are by MM again,
then inventory dept. creates storage locations,and f
inally finance dept creates Costing & Accounting views.
Our requirement is when over one dept. completes creation of their respective view, mail should get triggered to subsequent dept. to continue the work.
regards,
K.Kumaran.Dear,
Use Tcode SWDD for work flow activities....Take help from your ABAP team...Give them the user Authorizations based upon your requirement.
Hope this will help you.
Regards
Utsav -
Using web services in Approval Work flow in OIM 11g
Hi All,
I am a new bie to OIM 11g. I have created an approval work flow and it is working fine.
Now my requirement is to use a web service in the approval work flow instead of directly embeding the java code in Java Embeding Activity. Can some body share me a document or url for the process of doing it.
Thanks in advance for the help.
Thanks,
PreetiIf you are using OIM 11gR2 please refer the below document. All steps are very clear with the screenshots.
http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/request.htm#autoId27
See section 21.3.5.7 Configuring the Human Task and BPEL Mappings
Also see this OBE tutorial for getting idea on Java embedding activity and assigning and retrieving data from global variables in SOA
http://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/oim/oim_11g/Request_Workflow_for_Self_Registration/request_workflow_for_self_registration.htm -
Issue regarding [Work Flow] Business Object Event Raise in ABAP Program
Hi All,
I have one issue regarding [Work Flow] Business Object Event Raise in ABAP Program.
Actual TDS is as below:
If E message type written, raise Business object BUS2005 (Production order) Event PickShortage for production order passing warehouse, transfer request
(BUS2065 Object key) in event container. Also include table of text version of error
messages for this set of Transfer
Request.
Can anybody tell me how can i write it technically in ABAP Code.
Can anybody solve this issue!
Thanks in advance.
Thanks,
Deep.Hi,
Can anybody solve above posted issue!
Thanks,
Deep.
Maybe you are looking for
-
Hi, I have an important question which I need to ask you folks. For the past four years, I have been using iTunes on my laptop, the only computer I have had to use iTunes. All of my movies, songs, etc are saved to an external hard drive which connect
-
Hi workflow starting but , mail is not comming in the inbox
hi all I am trying to trigger a workflow by a RFC function module My questions are :: 1. will there be a mail which will be automatically sent to my inbox ? 2 if not then what i have to do to send a mail to the inbox of any one whose initiating tha
-
Hi, i have made user exit program. program logic is as follows. we maintain a 'z' table with material code & WBS element and when ever we create a p.o with account assingment 'q'. it needs to check the 'z' table whether the material code along with w
-
Problem with external libraries and Web DynPro
Hello, we're stuck here. We're trying for a week now to include external libraries(e.g. Hibernate) into our Web DynPro Project, without success so far. We read every single forum and blog entry we could find on this topic. E.g.: /people/valery.silaev
-
Single Source JavaHelp Missing
I've created a project using RoboHelp HTML 7 and have the WebHelp Single Source output as my primary output. The application developer wants the JavaHelp output, but I don't have that available in my Single Source Layout as a choice. It is available