ORM Approval Roles

I have a need to send approval requests out to a group of people, not just to an individual. The first person that responds can process the approval. It is not a multi-step requirement.
In ORM, I can create Approver roles and use a query to populate the approver role members. I cannot figure out how to assign the approval requests to the approver group. How is the Approval Role assigned to a Business Role?
KC

Let me clarify my need.
When a manager in a business line identifies the need for a new business role, I need a workflow mechanism by which they can request a new role be created in ORM and specify the IT Roles that should comprise that business role. This request step is separate from the actual role definition itself that would occur in ORM after the request was approved.

Similar Messages

  • 'Approve' button not displaying in the Approve Role screen Inbox - AC 10

    Hello Gurus,
    I have a challenge and I'd be glad to have it fixed.
    I am configuring Role Management in GRC AC 10.0.
    I am in Approve Role phase.
    After clicking on Initiate Approval....It send the request to the Role Owner's work inbox for approval.
    However, when the role owner logs in, only the "Other actions" button shows. The "Approve" button does not show.
    The "other actions" have options for "Hold" and "Request information"
    Please note the following in the MSMP settings.
    I am using the default settings in MSMP
    Process ID - SAP_GRAC_ROLE_APPR
    Maintain Path (Path ID - GRAC_DEFAULT_PATH ) & Stage Config ID - GRAC_DEFAULT_STAGE
    Maintain Route Mapping - GRAC_ROLEAPPR_INITIATOR
    Generate Version - Version generation was successful.
    I have also assigned the following roles to the ROLE OWNER
    SAP_GRAC_BASE
    SAP_GRAC_NWBC
    SAP_GRAC_ROLE_MGMT_DESIGNER
    SAP_GRAC_ROLE_MGMT_ROLE_OWNER
    SAP_GRAC_ROLE_MGMT_USER
    Please help me...what am I doing wrong?
    Thanks

    Hi Colleen,
    Thanks for reply. I have configured the workflow with default path and with one stage (role owner approval). When we create roles, request is being sent for role owner for approval.
    Role owner is able to see the request in workplace inbox. But not able to approve it. We are getting the same kind of error when we raise requests for user access also (you can see the error screen shot for access request and the same kind of error is occurring for role approval also).
    All requests are stuck up at role owner for approval. Quick response is much appreciated.
    Regards
    Sasi

  • Issue with Inactive Approver Role in Workflow definition

    Hi Experts,
    we are having issue with Inactive Approver Role in workflow definitions.
    we have created workflow for Master agreements and Projects. Phases and workflow are working fine.
    But the issue is when a programmatically added approver has completed the approval activity, collaborator role is not changing from approver role to Inactive Approver Role mentioned in workflow definition. For example, you might select Reviewer in Inactive Approver Role, Then Selected collaborator role to be given to programmatically added approvers when the approval activity is completed.
    This is functionality not happening when project or contract document approved and workflow completed in project and MA. we have followed all the standard functionality when we have created workflow. Please see screen shot for the same.
    Can anyone please tell me is there any functionality we missed it or do we need to write any script in xpdl or do we need to check anything with collaborator role or with security profiles.
    we have checked with other roles also same issue coming.
    This Reviewer is in active state and have Readonly profile. We don't have Pre script in this workflow because we are using standard approval.
    Thanks in advance!
    Lava

    Thanks gary for your helpful answer.
    As per your answer We have added the approver role in the prescript so that it gets added programmatically , still no luck.
    here is the script we wrote in prescript.
    import com.sap.eso.api.common.*;
    import com.sap.eso.api.projects.*;
    import com.sap.odp.api.workflow.*;
    import com.sap.odp.api.usermgmt.masterdata.*;
    import com.sap.eso.api.doc.collaboration.*;
    import com.sap.eso.api.doccommon.masterdata.*;
    import com.sap.eso.api.ibean.*;
    import com.sap.odp.api.ibean.*;
    import com.sap.eso.api.contracts.*;
    import com.sap.odp.api.doc.collaboration.*;
    collaboratorsCollection = doc.getCollectionMetadata("COLLABORATORS").get(doc);
    if (collaboratorsCollection.size() > 0)
       for (int i = collaboratorsCollection.size() - 1; i >= 0; --i)
            collaboratorsCollection_member = collaboratorsCollection.get(i);
            if (hasValue(collaboratorsCollection_member))
               collaboratorRole = collaboratorsCollection_member.getCollaboratorRole().getDisplayName();
                // Get approver of Role "Approver".
               if(collaboratorRole.equals("Approver"))
                    principal = collaboratorsCollection_member.getPrincipal();
    if (hasValue(principal))
         addApprover(principal);
    Do you have any other suggestions? or if you have any related code snippet please share with us.

  • GRC AC 10 CUP : Provisioning of Approved roles (Line Item)

    Hello Gurus,
    We have configured CUP in GRC AC 10, and mapped a workflow for the same.
    Now when a user request for new roles e.g.) 3 roles
    Role 1 , Role 2 , Role 3 each roles has a different role owner.
    When the request goes to the role owner for approval and 1 of the 3 role owner rejects the request the whole request gets rejected.
    Is it possible to have functionality where roles which are approved will go ahead and get "Provisioned" and the whole request wont completely get rejected ??
    Looking forward for your inputs !!
    Thanks in advance.
    Regards,
    Victor

    Hello Victor,
    I guess you can work with the approval/ rejection level (stage 5 in the WF configuration).
    Have a look at here: http://forums.sdn.sap.com/thread.jspa?threadID=1637574
    Cheers,
    Diego.

  • Reg:Auto Approve Roles without Approvers for GRC 10.0

    Hello,
    Is anyone using this option on GRC 10.0 as according to my understanding , if someone selects a role and it has no approver then the role has to be assigned to the user automatically but it is not happening in my system..The request is going to decision pending and it is still looking for role approver.
    Can someone provide their expertise on this issue .
    Thanks
    Uday

    Hi Uday,
    I have not used that functionality myself, as I find it too risky if a SOD or Critical risk would be introduced by assigning that role.
    I would have thought that by setting the correct values in SPRO would have enabled this functionality. It might be worth checking the settings again and resaving it.
    However, if you are purposly leaving the approver value blank for non-risky roles, as an alternativethe document below is worth a consideration for implementing via BRF+ in GRC 10. (I know the document is more GRC 5.3 related, but the concept is valid).
    Link: [http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/203d2716-ef84-2d10-3f81-a6f6643e308d?QuickLink=index&overridelayout=true]

  • 0 risks found in while approving role in workflow of CUP

    Hi All,
    I am using one stage work flow. I created one change request to add one role  , it is created and while manager is approving the role, he ran the risk analysis, but it is showing zero risks. where as in RAR/CC for the same role we have 2 risks.
    I configured all steps of  integration of CUP , RAR .(i.e WSDL Updation).
    Please suggest me , where i am going wrong.
    Thanks,
    Joseph

    Have you checked whether there isn't a mitigation somewhere for the role assignment or the RAR check has some critical risks only checked?
    Another possibility (just speculating here..) is that RAR can check for risks within a single role (which is where you found these 2) however the CUP workflow is checking for risks associated with the user's existing roles and the new one in the request. But I would class this as a functional deficiency and hope it is not the case.
    Cheers,
    Julius

  • OIM - Multi Level approval - Role assignment at the time of approval

    I have to provision to two target applications. But, the roles in each application are different. So, at the time of approval, the groupmanager (same from both apps- first level authentication) have to assign the roles individually to each application and the request will go to second level authentication . A person can have multiple roles in the application. How to achieve this functionality.
    Thanks in advance.

    You have two create different APproval Workflow for different resources.
    Attach two objects form each parent and child.
    First Approver can edit the object form data to add roles and then he will aprove.
    In you approval workflow two tasks will be there
    Approval1
    Approval2 > conditional
    Open Approval1 task and in the responses tab select Approve and in Task to Generate select Approval2.
    In Assignment tab you can assign it to anyone you want.
    Save.

  • Difference between Approver, Role Approver and Org Approvers

    Can someone briefly describe the difference/purpose of the Role and Org approver capabilities. Specifically as if I set someone up as Just a role approver then I can't see them in the Available Approvers list for a Role setup anyhow.
    As a follow on to this is there any way to not allow an approver responsible for an organization also see and approve approvals for a role's approver for a role that is in the organization. It seems to destroy the point of having role approvals if the org approver can still simply execute his approvals form them.
    Z

    Ideally Roles were established to provided access controlls. You can route any work items to any "Approver" based on this role. It can done in your workflows.
    To answer your question, in simple terms, Role's can be spanned across organizations. So, any request made to have a designated " Role", then owner (or Role approver) can approve this request irrespective of the organization he belongs to. Ex: You can your AD Admin for your AD account who is in IS organization.
    Similarly for Org approvers. These approvers basically confirms the user, org CRUD operations.
    I hope this helps.

  • Approver Roles

    Hi there!
    What are the roles that has to have an RFX Approver (Manager of Head unit) in SRM 7.0 and Portal?
    Thanks
    Ezequiel

    Hi Massa,
    I am using the roles you mentioned in SRM and Portal Role Strategic Purchaser in EP.
    But I am getting the following error when trying to open an RFX in the UWL: "User is not authorized for the action"
    I am solving the problem adding profile SAP_ALL but I don´t want to use it for production environment.
    Thanks
    Ezequiel

  • Approving Roles created in role expert

    Hi,
    I have been looking through user and config manuals for role expert and access enforcer but cant determine the exact approval process for role created in role expert. I have seen that access enforcer needs to be linked to role expert. I assume a workflow must be created in access enforcer?
    Also how is this handled from the front end. Do users create roles in role expert and then an approver is notified. The approver logs on to access enforcer and picks up a request and approves it? I would be grateful for an additional information on this process.
    Thanks,
    Gary

    Two step process.,
    1. Configure Role Expert Web Service with AE
    2. Confgure AE for Role Expert
    Configure Role Expert Web Service
    - Identify the AE web service URL
    - Use Web Services Navigator to find this (this will be listed below WSDL heading)
    - In RE, Configuration tab -> Miscellaneous
    - Enter the workflow URL in Web service infor for AE workflow
    Confgure AE for Role Expert
    - Make sure you imported AE_init_append_data_RE.xml into AE during post installation steps
    - Create initiator with workflow type to be RE
    - Create custom approver detrminator with workflow type to be RE
    - Create stage with workflow type to be RE
    - Configure the workflow path
    - Configure Exit URL web service information for role approval or rejection (Configuration -> Miscellaneous in AE)
    You can do steps 2,4 and 6 only if you have the 1st done.
    Check this out.
    Regards,
    Muthu Kumaran KG

  • Project approval role to user

    Hello,
    How to add a user (project X member) to approval rights to one project (project X)?
    In the Project Server 2013.
    Mishpatim
    Mishpatim

    Assuming you are talking about Task Status Approval,  have the "new approver" follow these steps.
    Open the project in Project Professional 2013, and publish (the new approver has to do it).
    In Project Professional 2013, on the click on Gantt Chart from the Task tab, and View group.
    If the Status Manager column is not displayed, click the column to the right of where you want to add it in the grid.
    On the Insert menu, click Column. Select Status Manager from the Field name list, and then click OK.
    Select the new Status Manager from the Status Manager list for each task in the  project.
    To republish the task assignments, on the File menu, click Publish.
    BTW, the new approver needs to have the permissions, Connect via project Pro and
    Accept Task updates to be able to do this.
    Prasanna Adavi,PMP,MCTS,MCITP,MCT TWitter: @prasannaadavi Blog: http://www.prasannaadavi.com

  • The approver role is only valid the next day

    All the approvers which are created are only valid the next day. Requesters can only select the new approvers the day after they have been created.
    Any idea how to make an approver valid the same day?

    Hi,
    In user validity make sure you are entering the next day as the valid from. If you have already integrated the user, the validity of the user will be good from the next day.
    In the integreation of user, use the position validity and restrict via date.
    Hope this helps.
    Cheers, Renga
    Award points if this helps ***

  • GRC 10.0 - Auto Approve default roles

    Hello All,
    Could you please help out me in the below scenarios.
         1) We have maintained default roles in NBWC- Access Management - Default roles.
         Also set the parameter 2038 to Yes- Auto approve roles without approver.
    In MSMP we have maintained Escape path if approver is not found at the role level.
    As default roles have no approver maintained request is taking the Escape Path which should not happen.
    We just want to auto approve the defualt roles and other than defualt roles request should take escape path if no approver found.
         2) In other action its quite same as the above one.
         When we are using provisioning type REMOVE for role removal. Request also takes the Escape path as Defualt roles has no approver.
    Once the ,Manager at first stage is approved, request should close for the removal type access.
    Please advise. Thanks in advance.

    In your custom initiator, you need to have mapped out all the scenarios of which path each line item in your request goes to.
    The condition columns can be an array of attributes, i.e. Request Type, Role name, Role Connector (System the Role is in), Functional area etc.
    In your case, if you want "default roles" auto approved, easiest thing to so is create an empty path (i.e. No stages) and have the initiator set so that if the "Role Name" is "X" (i.e. your default role), go to the path with no stages.
    BRF plus Flate Rule - GRC Integration - Governance, Risk and Compliance - SCN Wiki

  • Hot to remove 'Approver' from Role dropdown in Collaborator List?

    Hello Experts,
    How do you remove or add values to standard enumeration type fields?
    For eg., if I wanted to add a value to 'STATUS_INDICATOR' in Prpoject (could not find it in the standard value list types).
    Or if I want to remove 'Approver' from the Role dropdown of Collaborator list?
    Thanks & Regards,
    Subhasini

    There's a Value list called Project Status you can edit to customize your list of project statuses.
    The Collaborator Role Definitions can be edited by going to SETUP>General> Collaborator Role Definitions
    however, i would not remove the Approver role as this would hinder system functionality surrounding approval workflows.

  • GRC AC 10.0: Info about rejected roles in the CUP Email

    Hello all,
    the GRC componetent CUP seems to be technically mature in comparison to Role Management component, but there is one thing where I am not sure, is it an error or did I miss some config parameters:
    When the CUP Request ist closed, the user gets an email (Template ID: GRAC_AR_CLOSE). Not all of the roles were approved, some of the roles were rejected. But the user gets an email where only the approved roles are listed:
    We would like to inform the user about the status of all roles in the CUP requests: which roles were approved and which roles were rejected. Is it possible to configure in MSMP Workflow?
    Right now we have the following setting:
    Thanks,
    regards Sabrina

    Hi Sabrina,
    To notify the requester for the roles which got rejected, you can try with Email notification template: GRAC_MSMP_ERM_REJECTED for the for the message class.
    You can create custom version of this template. For more understanding on how to customize the Email notification template, you can refer to: http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/605077fc-3577-2e10-e1a6-a743514d4eb3?QuickLink=index&…
    Hope this helps, Let us know if you face any issues.
    Regards,
    Ameet

Maybe you are looking for