How to raise role creation/modification request in AC 10

We are implementing AC10. I have issue more related to the process followed than technical. Please suggest from your experience.
We found that we can raise the request for new user account, role assignment to user, etc in Acess Request(formerly CUP), but we cannot raise the request for role creation, role modification. This is directly done in Role management.  My question is, how the security admin will recieve the requests for creating or maintaining the roles. Is it necessary to use ticketing tool for users to raise the request for role creation and modification.
Thanks everyone for your valuable solutions.

Dear Ashish,
Whatever you have mentioned is correct to have the common platform for every request, either for user creation or role creation.
But what we decided earlier, that the end users can raise the request in CUP directly, rather than involving security admin. But after realizing that there is no request type for role creation, I think we have to use our ticketing tool as a common platform.
Request will come to security admin from the ticketing tool and than he will create the request in CUP, thereafter it will follow the approval workflow.  Only problem I see in this, it goes to the manager twice, once in ticketing tool and than through CUP workflow. i think we need to take out the manager stage from the workflow.

Similar Messages

  • How to delete role through Transport Request

    Hi,
    when I am deleting Role it is Not asking me for transport request ..this is what i needed.can anybody solve my problem
    regards
    Gaurav

    Hi,
    Please check if your role is already locked under some Transport request. If so it wont pop up any TR.
    If it is locked under some TR, make sure you detach it from the TR and try again it will pop up a TR screen
    Please revert in case of issues
    Regards,
    Pramod

  • GRC AC Request Role Creation

    Hello all,
    I noticed that by default GRC AC doesn´t have a Request Type for Role Creation. Normally how this is done? I mean, if someone realizes that a new role is necessary, how can this person report the need for a new role creation? What are my option here?
    Regards,
    SAP Legend

    Hi SAP Legend,
    You can not request a new role to be created via an Access Request workflow. You still need a business governance strategy where someone has to raise a request outside of the GRC system for the new roles through the right channels deemed fit in your company to get the new role made. Maybe you have a support ticketing system in place or some SAP security department you can raise the formal requests to.
    The BRM Role creation/maintenance workflow runs separately from the Access Request workflow. Further more, the definition and creation process of roles via GRC should only involve and be used by Business Process Owners/Role Owners and the Authorisation security team only, i.e. not general end users.
    A role build methodology will have to be set up and then the underlying approval workflows (based in MSMP technology also, like the AR workflow).
    Once the role has been built (either via back end PFCG) or via GRC using the BRM methodology and approval flows, the role will be available to the end user to request via AR.
    Hope that helps.

  • Request Number is not generated for BRM "new" role creation

    Hello Gurus,
    I have configured BRM in SAP GRC AC 10, along with the workflow .
    I have selected the following methodology
    Define Role --> Maintain Auth >Analyze & Access Risk>Request Approval>Generate Roles>Maintain Test Cases
    Role name : Y_TEST_BRM_FUNCTIONALITY
    So i do the following steps and assign
    1) Role approver as Mr. ABC & Alternate approver as Mr. QRS
    2) Assign the Required transactions and do the RAR i.e i am done till step 3 of methodology
    When i click "Initiate Approval request"
    The approval triggers , and goes to the 1st stage as configured in MSMP
    1) Power User Approval .
    Here the Power User : EFG , open his workflow and see the request as
    Role approval required for role Y_TEST_BRM_FUNCTIONALITY
    The approver approves the request and then the request all together vanishes.
    Unfortunately i am not able to search the request for that role from NWBC -->Search request by
    Process Id : Role Approver Workflow
    It gives blank !!
    Hence neither i am able to find the request no able to do any debugging of it using
    GRFNMW_DBGMONITOR_WD
    Please note that the Request Id is created for any request in CUP.
    Is it that i have to create a number range for BRM request ??
    If so will you please let me know the object

    Hello All,
    I was wrong in posting the cause of problem.
    Please note no "Request number" is generated for Role creation Request.
    The problem was i was unable to search the Role Request approval status from "Search Request" via  Process Id
    It got resolved via SAP note 1643539 : UAM: Search Request not returning result for some Process Id.
    My Issues is Resolved.
    Thank You.
    Regards,
    Victor

  • How to find the creation date for a released requests..

    Hi friends ,
    In se09 tcode , we a date which represents the last changed date .. Now , for a particular Released request i want to find out the Creation date for it . How can i find it . I checked the tables like E070create there also we have requests that not released yet , i have also checked se03 and other tcode and a fn mo dules like TR_READ_GLOBAL_INFO_OF_REQUEST .
    So how to find the creation date for a released requests. Iam waiting for ur inputs..
    Thanks in advance..

    hi,
    Did u found the way to get the request creation date?
    I also need the same information.
    This needed for audit purpose........so it is must.
    Please help me in this.
    Best regards,
    vinod

  • How to add dynamically a role in a Request Template

    Hi all,
    We have created a job that reads roles from a custom table and creates them in IDM. We have also a request template of type Assign Roles that has all the allowed roles that can be assigned to a user. We have a requirement to add a role from the custom table in the IDM and also add it in allowed roles of the Request Template so that it will be available. Our problem is that we cannot find an API that we can call in order to add the roles in the request template. Does anyone know how we can do this?
    Thanks in advance,
    Kostas

    Did you look at RequestTemplateService? I believe you can use this to modify your template pragmatically. Thus the step would be to read the custom table, create role in IDM and the modify the template pragmatically to add the newly created role in the available role which can be requested.
    http://download.oracle.com/docs/cd/E14571_01/apirefs.1111/e17334/oracle/iam/request/api/RequestTemplateService.html
    HTH,
    BB

  • Approval of role creation

    Hi All
    I need to create a WET for role creation, this is simple But I need to incorporate approval of the creation of the new MX_ROLE entry. I can only find documentation/guides on how to implement approval of role and privilege assignment. Does anyone know if it is possible to setup approval on creation on a new entry?
    Kind regards,
    Heidi

    I have tried to implement the MX_INACTIVE solution. Now it is not possible to see the role on the "Adminstrate"-tab, and there is an approval task on the "To do"-tab. When I click this task, details on the role are displayed properly, but when I try to process the request by clicking the "Show request"-button (button name translated from Danish, it might be translated differently...) I get an error: "Access denied".
    I have set correct approver on the approval task, and I was able to process approval requests, before I set the role to inactive.
    On the approval task, I have checked the "Use inactive entries" checkbox.
    Does anyone have an idea what could be wrong?
    Kind regards,
    Heidi Kronvold

  • Hi guys,Explain how to find whether the user request is dialog or bc ...

    how to find whether the user request is dialog or bc or some other wp and where we can see that ?

    Hello Damodar,
    You can find out that in SM50.
    However one piece of advice. I have noticed that you are raising lots of questions about very basic questions. Either you new to SAP or dont know anything about SAP Basis and want to get in this area. Or else you are preparing for some interview. In either of these cases expecting solutions given at SDN are not going to be of much help. Better read yorself in SAP Help as most people do. SDN should not be overly used for such purposes. Basic questions are welcome but you want to learn SAP through SDN !!!
    Regards.
    Ruchit.

  • BRM-No Role Creation

    Hi gurus,
    I have just upgraded my GRC 10.0 to SP18 and when I access to create a new role in the NWBC, the button is in grey, I mean, I can not start the creation of it. However, I can modify the roles without problems.
    Any idea of what can be happening?
    Thanks,
    Regards,

    Hello All,
    I was wrong in posting the cause of problem.
    Please note no "Request number" is generated for Role creation Request.
    The problem was i was unable to search the Role Request approval status from "Search Request" via  Process Id
    It got resolved via SAP note 1643539 : UAM: Search Request not returning result for some Process Id.
    My Issues is Resolved.
    Thank You.
    Regards,
    Victor

  • How to raise an event from a program

    Hi,
    I am creating a workflow for HR, the person will request a basic pay change than, this will start the workflow. For this i am making a screen from where i need to triger the event for the workflow.
    Does anybody has any idea? of how to raise an event from a program. or has anybody worked on a scenario like this
    Khusro Habib

    You can also use the FM SAP_WAPI_CREATE_EVENT which is a little newer I think. (I don't have access to a system today so that may not be the exact name of the FM but if you search SE37 under SAPWAPIEVENT* you should find it.
    the parameters will be the event name, and the object key.  The object key will be the key field of the workflow object you are using. 
    For example if you were using the saled document object then the object key would be the sales document number.  Carefull how you enter the object key, it can be a little tricky on whether or not you need the leading zeros in the input parameter. 
    Hope this helps.
    Brent

  • How to Include order creation business process in the project.

    Hi,
    I have created Implementation Project in Project Administration. Now I want to Include order creation business process in the project.
    Can anybody guide me how to incude order creation business process in the project. & which T-codes I need to use.
    Many Thanks
    Praveen K

    Hi Praveen,
    It is S User ID and password you can get the sam in ur company .
    The SAP material can't be shared in that way &  pls follow the rules
    https://wiki.sdn.sap.com/wiki/display/HOME/RulesofEngagement
    Do not ask to send you an email.
    The question you ask and the solution to it is often also interesting for other users of the community. If you ask somebody to send you the answer per email, you deprive others of also learning to know the answer. Therefore any requests for sending material or answers to an email address will be modified by the forum moderators.
    In addition, do not use an email address as a user name.  These will be removed as well.  Email addresses can be added to a Business Card or wiki profile.  Their usage in the forums is inappropriate unless we are referring to [email protected]
    Edited by: Prakhar Saxena on Oct 15, 2009 12:38 PM

  • Idm-Vaau Rbac role creations and mapping

    Hi All,
    I'm working on the integration between Idm and Vaau's Rbacx (role based access control) tool for role creation and provisioning...I've imported the spml.xml and SPMLGetObjectsform.xml into Idm for the SPML calls between Rbacx and Idm.
    The challenge I'm facing is mapping the attributes of Rbacx roles to enable the attributes to be populated in Idm...I'm able to export roles into Idm, but they are not populating with any attributes eg. resource type, resource attribute etc. I'm uncertain as to where I have to map these properties and do any customization for this to work. I would appreciate if anyone who has worked on this or know how to do this, to pls give me some pointers/share your experience. I don't have any documentation to refer to and am doing everything on trial and error basis.
    Any help is greatly appreciated!
    Thank you.

    Hi newbie,
    Were you able to solve this issue? I am facing the same problem while assigning resource attributes for a created role using a custom workflow.
    This is where I set the resource attributes in my workflow:
    <Action id='1'>
    <expression>
         <block trace='true'>
         <set><ref>role</ref><s>assignedResources[AD].attributes[AD Groups].valueType</s><ref>ADGroupsValueType</ref></set>
         <set><ref>role</ref><s>assignedResources[AD].attributes[AD Groups].requirement</s><ref>ADGroupsRequirement</ref></set>
         <append><ref>role</ref><s>assignedResources[AD].attributes[AD Groups].value</s><ref>ADGroupsValue</ref></append>
         </block>
    </expression>
    </Action>
    where <ref>ADGroupsValue</ref> contains the attribute value.
    thanks,
    Lokesh

  • Directory Services User/Role Validation concurrent request impact

    we have the Java WF Mailer active and have users that receive WF notifications via email and the worklist. If we are are constantly running the Workflow Directory Services User/Role Validation concurrent request, what will this do to them?
    Thanks & Regards,
    sree

    There should not be any impact on the notifications.
    Please see (Questions On The "Workflow Directory Services User/Role Validation" Program [ID 369279.1]) for how frequent you should run this concurrent program.
    Thanks,
    Hussein

  • Customizing Role creation form??

    Hi,
    We have requirement to customize the Role creation form. We have to store extra information in the role object. I know that we can store extra information by using properties attrinute of the Role. But the question is how to expose this to administrators through UI?
    I don't find any form mapping for role creation in the "Forms and Process Mappings" section. Anybody knows how to achieve this requirement? What is the default form used for role creation?
    Thanks in advance.

    There's a userForm configuration object called "Role Form" that is used when you create a new Role.
    You can add a new field to this form like so;
    <Field name='properties.Department'>
    <Display class='Text'>
    <Property name='title' value='Department'/>
    <Property name='disabled'>
    <Boolean>true</Boolean>
    </Property>
    </Display>
    </Field>
    Then the Department attribute will be saved against the Role attribute.
    Is this what you're looking for?
    Cheers,
    Paul

  • Q: How to Search / Post Enhancement / feature requests?

    I read Sue Harper's note, went to site, could not figure out how to search to see if what I wanted was already there or not ... did not want to wade thru lots of stuff (all good, I'm sure).
    Here's what I'd like ...
    When I click "Dependencies" on a table, I'd like to see where it is ref'd as a Foreign Key.
    When I look at constraints and Foreign Keys, and right click a table there, I'd like a "Go To [table]" as per other spots where the Go To functionality is offered.
    Packages have Dependencies and References ... but I guess I'm not clear what is different.
    Called by? Called From? Uses? Is Used By?
    Or ... could tables and views have References also (meaning, who has called / used me?)
    Finally, with regard to references, it would ALSO be useful to simply know where an object's name was mentioned ... in case it is embedded (however rightly or wrongly, Tom Kyte!) ... in dynamic SQL somewheres ... e.g., these two queries are REALLY handy ...
    select NAME, TYPE, line, text
    FROM user_source
    where UPPER(text) like upper('%YourSearchBitHere%')
    order by NAME, line;
    select distinct NAME, TYPE
    FROM user_source
    where UPPER(text) like upper('%YourSearchBitHere%')
    order by NAME;
    (where '%YourSearchBitHere%' is judiciously composed with percents and underscores to find the right mix of whatever is being sought)
    ... so, for all objects, 3 categories: "I Use" / "I am Used By" / "I am ALSO mentioned in"
    Thanks.
    (this is not in v3.1.07.42)
    Kind regards,
    SM

    Hi,
    first u have to raise as normal service request in support.oracle.com
    then based on communcation with oracle expert he can raise ur request as enhancement request
    mark as helpful,if found useful
    thanks

Maybe you are looking for

  • Is it possible to add credit/ debit memos fopr exisable goods.

    hi all, Is it possible to add credit and debit memos for excise items. I know that debit memo is not directly available in SAP B1. how can we map this? thanks and regards, Yeshwanth

  • Superdrive Died

    The Superdrive in my iMac (Flat Panel, 800 mhz) will not burn CDs or DVDs anymore. It will read disc just fine, though. Will an external FireWire burner work with iDVD and iTunes? If not, what drives will work as an internal replacement? Thanks for y

  • NOT IN command not working

    Hi, I am trying to run this sql & it dosen't comes up with the right results: select * from ( select distinct cost_center from GL_GL where length (cost_center)=8 where cost_center NOT in (select cost_center from MAP_FLAG) It is not liking the NOT IN

  • My iPad 2 won't connect 3G keeps saying cann not activate cellular data network?

    My iPad 2 keeps saying could not activate cellular data network. Does anyone know how I can get it to connect to 3G? I have tried resetting and turning wifi off. Any suggestions?

  • Importing Duplicates

    Hello, I am using Aperture with referenced file. I have recently imported new photos into aperture and stored the files in my referenced folder. I have the "do not import duplicates" box checked, however I am still shown around 36 files that can be i