Supervisor Approval in CUP

In the client i am working they must accomplish the following requirement:
When a user ask for a modification in his user id(add/remove roles, reset password, etc) they want a three stage approval including:
1. The direct supervisor of that person
2. The business process owner
3. Security Administrator.
I have problems configuring the first stage. The client does not have installed SAP HR. Does anyone have any idea??
Kind Regards,
Isaac

Check out the SAP GRC best practice CUP(AE) scenario configuration guide u201CCompliant User Provisioningu201D in the following link:
http://help.sap.com/bp_grc53/GRC_US/HTML/681_EN_US.htm
The following link listed all configuration documents under "Technical Information-->Content Library" section:
http://help.sap.com/bp_grc53/GRC_US/HTML/index.htm
This scenario is a 3 stage workflow and i believe it will suit for your requirement with minor modifications.
http://help.sap.com/content/bestpractices/crossindustry/bestp_crossindustry_grc.htm
Thanks
Himadama

Similar Messages

  • Risk Mitigation approval in CUP

    Hi All
    I am trying to mitigate a role for a specified risk. The workflow gets successfully trigerred from RAR and is shown to the approver in CUP. However when the approver tries to approve the request in CUP, system shows an error "Error Processing your request, Request no.__ in stage: CC_MITOBJ"
    Can someone help me out in resolving this.
    Thanks
    Nitin

    Hi,
    I am not getting the link to Mitigate the riks for the Roles requested from CUP. when I am trying to select the risk to mitigate after the Risk Analysis is done from RAR and the report is fetch to CUP no links are showing. It shows error on the screen "Correct the following errors: Select a risk."
    The message "Error on page" shows in the bottom left corner of the browser. I can not go any further to mitigate the risk.
    The soluition was put to import the AE_init_append_data.xml as instructed n the A 5.3 installation guide. This file contains lines for background color that ar enecessary for display of the Risk. each support package of 5.3 has this file and is delivered in the .SAR file, and this should always be updated if delivered.
    I have tried this and still falling to Mitigate the risk as the problem remains. May I know if you have some other solution or if you can provide me with the correct and update file for above request.
    Thanks,
    Abhimanyu

  • Uccx email agent - supervisor approval before mail is sent

    Hi,
    we have one customer that would like to make upgrade of their contact center to new version (probably uccx8) and email agent functionality seems very interesting to them. But they would like to know if is it possible that supervisor approve outgoing mail before it is really sent?
    so, if email agent gets an email and he answers it, is it possible that answer first goes to supervisor for re-check and afterwards it is sent to a customer?
    Also, they would like to know if it is possible to get history call for every inbound call from the same customer? they have some customers that are calling almost every month for the same thing and they would like "to be prepared" for them when they are calling next month
    any idea would be appreciated.
    BR,
    Jelena

    There is not a supervisor approval queue as there was in EIM. You can have the server BCC an address on all replies however. If you created a supervisor review mailbox and used that, they would at least be able to review and coach on any mistakes.
    I'm not sure whether you're referring to the agent getting a call history from that caller; or, seeing patterns in historical reports.  If the former, not through CAD; however, you may be able to do an integration with their CRM product so that a record is stored for each call. If the later for historical reporting, some of the raw data is there (e.g. calling number) but there are no reports specifically geared toward showing it. I typically suggest that the IVR prompt the caller for an account number and store that into the database using Enterprise Data which provides more confident data. Either way you would likely want to build a custom report to see what you want. This is explained in the Historical Reporting Administrator and Developer Guide.

  • Risk analysis after approval in CUP

    Hi,
    Can it be possible? CUP to do automatic risk analysis after the request is approved by the role approvers.  If there are no risks, roles will get provisioned. If risks exist based on the risk ID to have the request forwarded to the risk owner where the mitigation control, monitor details are entered.
    Please provide your inputs.
    Thanks
    R R

    Not a good idea, generally.
    What you can do is have the risk analysis performed automatically on request submission. The approvers would see the risks, but you can allow them to ignore them and have a detour on the last approval step.
    This has a few quirks:
    - if your last approval is a role approver, i.e. there may be a split approval to several people, the detour is tricky.
    - if one of the approvers changes something in the request, the risk analysis is invalid.
    I would also question the general idea - usually in case of risks, one of the approvers should also take action. If all they do is approve, get them out of the way.
    Unfortunately there is no step that says "automatic risk analysis, no manual approval required". That's an enhancement I would also welcome.
    Frank.

  • CUP 5.3 (SP11) Risk Owner Approval in CUP workflow

    Hello Experts,
    I have a question...
    When you create a risk in RAR, is there any way you can send an approval request automatically to a Risk Owner already set in RAR?
    Unfortunately, there is no such option for risk in the CUP custom approver determinator.
    We want to set risk owners different from business process owners,* and risk owners are the ones responsible for risk approval.
    *We don't want to set the "business process" as an approver determinator.
    I would appreciate your advice.
    HM

    When you create a risk in RAR, is there any way you can send an approval request *automatically* to a Risk Owner already set in RAR?
      - CUP (Page 19/33)?
    Unfortunately, there is no such option for risk in the CUP custom approver determinator.
    There is - Request Type - Attribute
    Please have a look at the following document to create RISK (RAR) approval workflows in CUP (Page 19/33 - CAD):
    http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/e03cd86c-3aa7-2a10-1aa6-e845902f555d?quicklink=index&overridelayout=true
    Thanks
    Himadama

  • Supervisor Approval Hierarchy in HRSSA

    Hi,
    I am using 'change Supervisor Process' using Manager Self Service in 11.5.10.2. The work flow is HRSSA.
    The default approval is for 5 levels. I need to have only one single level of approval hierarchy.
    Please advise how can i achieve the same.
    Thanks in advance.

    Approvals Management (AME) is used to configure SSHR approvals.
    The FAQ on Metalink is called: HRMS Approvals Management (AME) Frequently asked Questions (FAQ)
    Document ID 431815.1     
    Hope that helps!
    FL

  • Supervisor Approval in SSHR not going

    Gurus,
    I have oracle SSHR for my client.
    Whenever a person changes his/her address in Personal Information screen, a notification should go to 1st level supervisor for approval.
    It is not going at present. What can be the issue? Any pointers in this regard will be of great help.
    Regards,
    Novice

    Hi,
    Can you verify workflow attribute setup.
    open workflow builder ==> load HR workflow ==> open workflow process for Personal information change ==> in that process you will find sub process for address change ==> in this process ==> at review page node ==> right click on review page node ==> check the "dynamic approval required" attribute value is set to "yes-dynamic approval".
    if this attribute is set properly then only it will call ame for approval.
    Regards,

  • Approver Determinator CUP (Controller) Question

    Hello, I had a few questions when trying to use the (Controller) as Approver Determinator for our SPM work flow.
    Everything is working perfectly fine using a CAD as the approver. But when I switch it over to the (Controller) I'm having some issues.
    Questions:
    1) Where would you configure the Controller's email address for approval notification? Guessing the SU01 record?  This is different from other approvers who are configured within the UME
    2) Won't the (Controller) need a CUP UME role to enter through the approval link sent out via email? Currently we only have controller in the backend ECC systems and view access to SPM reports through a UME view FF role.
    3) Do we need to run a background job to send emails for the controller in the ABAP system or just the standard one in CUP?
    Thanks!

    There are "controllers" in SPM that you add to an FF_ID which then monitors logs. There is also a "controller" within the approver determinator drop down in a stage. I was wondering if these are the same. So if you use "controller" as your approver determinator for a certain FF ID in CUP will send for approval to the person define against the ID in the FF table.

  • OTL HR Supervisor approval routing to different HR Supervisor

    Hi ,
    Can anyone help me with this...
    My client is global and we have implemented OTL in Germany BG and US is corporate Head quarters.
    My approval style is HR Supervisor. The problem here is employee and his hr supervisor is in Germany BG , but some how it is routing to vice president in US business group.
    Can someone help me with this please???

    Thanks for reply Raj......
    Everything was checked already, and there was no update or correction in record,and this happened only when i change approval style from auto approve to HR Supervisor in month of feburary and then I again had to change it to auto approve in March.....

  • Mitigation control errors out in CUP approval

    We are on GRC 5.3 SP8 and I am trying to create a mitigating control in RAR.  Once it goes for approval into CUP, it erroru2019s out when I try to approve it.  Here is the message:
    2010-05-25 10:57:43,367 [SAPEngine_Application_Thread[impl:3]_9] ERROR com.virsa.ae.commons.utils.StringEncrypter$EncryptionException: Invalid PKCS#5 padding length: 32
    com.virsa.ae.service.ServiceException: com.virsa.ae.commons.utils.StringEncrypter$EncryptionException: Invalid PKCS#5 padding length: 32
         at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.getCCDocument(RequestExitServiceHelper.java:315)
         at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.callCCExitService(RequestExitServiceHelper.java:263)
         at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.callExitServiceForApprovedRequest(RequestExitServiceHelper.java:51)
         at com.virsa.ae.accessrequests.bo.RequestBO.callExitService(RequestBO.java:5391)
         at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:5230)
         at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:5023)
         at com.virsa.ae.accessrequests.actions.RequestViewAction.confirmRequestApproval(RequestViewAction.java:946)
         at com.virsa.ae.accessrequests.actions.RequestViewAction.execute(RequestViewAction.java:103)
         at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(AccessController.java:219)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
    Caused by:
    com.virsa.ae.commons.utils.StringEncrypter$EncryptionException: Invalid PKCS#5 padding length: 32
         at com.virsa.ae.commons.utils.StringEncrypter.decrypt(StringEncrypter.java:200)
         at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.getCCDocument(RequestExitServiceHelper.java:305)
         ... 32 more
    Thanks,
    Peggy

    Hello Peggy,
      Did you recently upgraded your NW Java Support package? If yes, then kindly check the SAP Note "1417651 - Unable to retrieve connector & application configuration"
    The problem is coming due to change in NW encryption algorithm and impacted GRC as well. This is fixed in SP10 of GRC.
    Regards, Varun

  • ERM - Workflow Approval Configuration in ERM and CUP

    Hi Experts,
    I'm in the midst of configuring the workflow approval for ERM and have some queries.
    I followed the post-installation guide part 1 for ERM on the workflow configuration and have sucessfully done the following:
    1. Verified that the "AE_init_append_data_RE.xml" has been uploaded in CUP with Append option
    2. Verified that request type "RE_ROLE_APPROVAL" with workflow type "RE" exists
    3. Verified that priority "RE_HIGH" with workflow type "RE" exists
    4. Created a workflow initiator for ERM called "ROLE_APPROVAL" in CUP -> Configuration -> Workflow -> Initiator (with the said details as per the post-installation guide)
    5. Created a CAD called "ERM_ROLE_APPROVER" for ERM in CUP -> Configuration -> Workflow -> Custom Approver Determinator (with the said details as per the post installation guide, filling in the necessary URI, uname/pw for admin with UME roles)
    6. Created TWO stages , one stage for the role owner called "ERM_ROLE_APPROV", and one stage for the internal control owner called "ERM_ROLE_APPRO2", both with workflow type "RE" and Approver Determinator "ERM_ROLE_APPROVER" which was created in step 5 earlier.
    7. Created a path for ERM Role Approval Workflow in CUP -> Configuration -> Workflow -> Path, with workflow type "RE", Number of Stages "2", Initiator "ROLE_APPROVER", Active "checked" and I put Stage 1 as "ERM_ROLE_APPROV" and stage 2 as "ERM_ROLE_APPRO2".
    8. Configured the Exit Web Service (followed the details as per the post-installation guide for ERM)
    As my role approval is pretty straight forward (i.e. based on business process attribute defined, with each role owner being responsible for their business process), I did the following:
    1. Create approval criteria "Role Approver for Business Process FI"
    2. For that criteria, I based it on attribute "Business Process"
    3. I clicked on "Assign Approvers" to define who is the approver (i.e. the respective role owner responsible for Process FI)
    4. I defined the condition for this criteria, Condition = AND, Attribute = Business Process, Value = FI
    My queries:
    1. Is the approval criteria which I created in ERM, referring to 1st stage or 2nd stage of the path in CUP?
    2. I'm assuming that for query 1, the approval criteria which I created is for 1st stage (i.e. ERM_ROLE_APPROV), where can I configure the 2nd level approval for the internal control owner (i.e. ERM_ROLE_APPRO2, in the path which I defined in CUP)?
    Thanks!

    Hi Baldwin,
    All workflow paths in CUP are triggered by an Initiator.  Once the request from ERM meets "Initiator" ("ROLE_APPROVAL") requirements in CUP, the request will go to the first stage defined in the respective path. Approvers defined in each stage of the path can approve request. Once the request is approved in CUP, approval information will be sent to ERM and then the role in ERM will be moved to the next stage.
    Best Regards,
    Sirish Gullapalli.

  • Approved objectives are lost if employee's supervisor is changed

    1)Employee sets and finished the objectives
    2)Supervisor approved the employee's objectives
    3)Supervisor is resigned
    4)New Supervisor is attached to the employee from Assignment Screen
    5)Ran the program "Publish Performance Management Plan"
    6)Now the employee cannot see his/her objectives
    Appraisal is not started yet. How to get the lost objectives?
    Thanks in advance.

    Please go through the metalink ID: 452448.1(How An Employee Can Update The Track Objectives Progress Page) hope this would be helpful where as we r working on R12 and we needed RUP6 where we could solve this issue.

  • Error in Provisioning Risk Update Request in CUP

    Dear Experts,
    I have configured all the required settings to configure Risk create/Update and change workflow in CUP.
    I am even successfully generate the requests type Create Risk in CUP from RAR.But , not able to generate request type update risk from same path and recieving error provisioning request at stage -
    Please provide any clue to resolve this issue.I am in SP12
    Thanks,
    Mukesh

    Please find..
    I am trying to remove a function from the below risk ID in RAR.
    getting this error when approving in CUP.
    2011-04-19 09:15:29,943 [SAPEngine_Application_Thread[impl:3]_74] ERROR com.virsa.ae.accessrequests.bo.RequestExitServiceHelper : callExitService() :   : Exception in calling the exit service,  error code : -1, error message : ERROR: Risk: B001 has exceeded the maximum number of rules (46,655) that can be generated for a risk
    2011-04-19 09:15:29,946 [SAPEngine_Application_Thread[impl:3]_74] DEBUG com.virsa.ae.accessrequests.bo.RequestBO : updateRolesForProvision() :   : INTO the method for reqno : 1116
    2011-04-19 09:15:29,946 [SAPEngine_Application_Thread[impl:3]_74] DEBUG com.virsa.ae.accessrequests.bo.RequestBO : updateRequestApplicationForProvisionStatus() :   : INTO the method for reqno : 1116
    2011-04-19 09:15:29,946 [SAPEngine_Application_Thread[impl:3]_74] DEBUG com.virsa.ae.accessrequests.bo.RequestBO : updateRequestApplicationForProvisionStatus() :   : listApplicationDTOs : []
    2011-04-19 09:15:29,946 [SAPEngine_Application_Thread[impl:3]_74] DEBUG com.virsa.ae.accessrequests.bo.RequestBO : insertRequestApplicationForProvisionStatus() :   : INTO the method for reqno : 1116
    2011-04-19 09:15:29,948 [SAPEngine_Application_Thread[impl:3]_74] ERROR Exception in calling the exit service,  error code : -1, error message : ERROR: Risk: B001 has exceeded the maximum number of rules (46,655) that can be generated for a risk
    com.virsa.ae.service.ServiceException: Exception in calling the exit service,  error code : -1, error message : ERROR: Risk: B001 has exceeded the maximum number of rules (46,655) that can be generated for a risk
         at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.callCCExitService(RequestExitServiceHelper.java:277)
    Thanks,
    Mukesh

  • Table/field/report showing approver of payment run in F110

    After reviewing the payment proposal in F110, supervisor approves the Payment Run by clicking u201CStart immediatelyu201D in Schedule Payment pop-up. 
    For audit purposes, we need to view who approved specified payment runs.  Anyone knows the table, field, or report would contain that information? 
    Appreciate any help.

    They're a document that records when things get changed.  "Things" includes pretty much anything from material master to sales orders, hence "general".  
    But It isn't enabled by default for all tables, mainly for performance reasons. Is it enabled for the relevant REG.... table(s) in the data dictionary?  You might need to check with a basis guy or abapper.
    I'd say enabling it is simpler than modding the standard programs and tables, like by adding fields to REGUV.

  • ERM Role con't be deleted Automatically after rejecting the request in CUP

    Hi Experts,
    I am involving the GRC implimentation project and ERM component is succefully configured with post-installation activites and also configure the workflow(1-stage) in CUP for role approval.
    After initiating request, the request was sent to appropriate approver for approval process and approved/ Rejected by the approver.For first case(Request approved) everything is looks fine.
    but whenever the request is rejected (second case) by the approver, the role is still present in ERM and ABAP backend as well as.
    please suggest me, if the role is deleted in ABAP/ERM system after rejecting the request by Role Approver in CUP. or still present the role in systems.
    Regards,
    Arjuna.

    Hi Jes,
    We so have a feature called Password Self Service which is used by users to reset their password using CUP. Also if the password is locked by multiple failed attempt, CUP even activate this user.
    However in your case administrator will be locking the user or deactivating the password, so CUP will not allow users to unlock their users as it has been locked by administrator.
    So CUP can only unlock those users which were locked due to failed attempts etc.
    Regards,
    Shweta

Maybe you are looking for

  • Mac sharing / windows 7 / permissions issues

    Dear all, I am new to anything mac, except for my iphone. Now I just bought a brand new mac mini, which I connected to my TV so I can watch movies, play my iTunes library, etc. The rest of my computers are all Windows 7 machines (laptops, work pc, et

  • What are _org files?

    Hi All I've just uploaded a bunch of .jpg files to my website using Dreamweaver 8 from my local Windows XP machine. I notice that for every file there is also another file called filename.jpg_org. This is both on the local folder and the remote websi

  • Unable to sync Onenote2013 from SharePoint2007 ,getting errors

    Recently I got a new laptop and I am unable to sync any Notebook2013 in SharePoint2007 sites, It is asking for password and when I clicked on it no dialog box is appearing to enter password but just trying to connect to server for sometime and again

  • Help with View Objects

    I have created a new ViewObject in my Application Module in the project where I have my BC4J. Previously, I created a BC4J JSP Application project based on the other project but a this time I didn4t have created a ViewObjet that I want to use now. Th

  • Sync metadata from jpeg to raw

    Hi, I'm using an Eye-fi Pro X2 card in my D5100. At present Eye-Fi haven't been able to resolve the fact that geodata isn't added to the Raw (nef) file so I am shooting in Raw+jpeg. Is there a way to sync the metadata from the jpeg to the nef file wi