Two Mitigation Approvers?
Dear Ladies and Gentlemen,
I would like to know if it's possible to assign two approvers to one single mitigation control.
Background:
Due to the company's settings there are more than 100 different plants all over Europe within 4 different Business Units.
We would like to arrange the possibility to enter more than one Mitigation Approver to a single MC because we don't have (and management in not willing to change this) a single Risk Officer who might be the owner of all MC's. So we need for each plant the MC's on all related levels. To keep it simple, we only want to have the European organization in general which shall be used by all plant's MC's. No futher deeper organization levels shall be used.
Thanks for your support!
Rgds.
Matthias
Hi Gretchen,
Thanks a lot for your confirmation what I (unfortunately) already have suspected.
Excactly your described failure I got but I wanted to know if there might be a customizing setting to change this.
So, thanks once more for the quick answer.
Have a nice day and take care.
Rgds.
Matthias
Similar Messages
-
Hello All,
We have migrated data from virsa 4.0 to grc 10.1, all virsa mitigation
approvers and controllers got migrated but we are not able to map new
mitigation approver and controller to the mitigation ids.
The steps we have done below.
1. We have created user id in su01 with necessary authorizations
2. we have declared this user id in Access control owners as a
mitigation approver and assigned to the organization unit
Now we are trying to map to newly created mitigation approver to the
mitigation id but we are not able to find that approver id for the mitigation ids. (only old mitigation ids came from VIRSA only we are able to see, not able to add new mitigation approvers / controllers to the mitigation ids)
Kindly check this issue, this is very critical for us.
Thanks in advance.
Regards,
KarunakarHi Karunakar,
- Assign Owners to Organization unit
- Make these owners as Mitigation Approver and Monitor
- Create Mitigation Id in this Org. unit
Regards
plaban -
Maximum Approvers for PR release WF
Hi All,
For the PR Release procedure, the std workflow is customized and there is no Org structure for agent determination the user who is creating the PR has to manually key in 4 approvers on the PR screen and the remaining 4 are determined using the exit M06B0001, based on release codes.
Is there any restriction that there can only be a maximum of 8 approvers for a PR release worflow.
or
can we have more than 8, bcoz i was asked to add two more approvers for the existing PR realease process.
Thanks In Advance
Prsna
Edited by: Prasanna Ram on Jun 5, 2008 5:14 PMHi PR,
first of all why wld the client require more than 8 levels of approval for just releasing a PO (I think as a consultant, try to convince ur client on the intricacies faced with lots of approvers, as it wld firstly delay a simple process like PO release and wld generate chain of mails),
secondly SAP can provide only 8 levels in a release.
Aditya -
Need help in Mitigation...
Hi , I have the CC 5.2 connected to single system and using GLOBAL ruleset.
In backend i have created a role Z:CONFLICTING_ROLE and assigned to user ERIC.
Now there are two risks in the role F030 and S027 , i have created two mitigating controls for them and have mitigated the risks at role level .
When i run the report on the USER ERIC , it should show in there also as mitigated , but there is nothing in mitigation.
I was under impression that roles once mitigated , users with be mitigated also, what is wrong here ? ?
The option under Configuration :
Risk Analysis ->Add Options -> Include Role/Profile Mitigating Controls in User Analysis
is set to yes..
Pls help me to resolve this issue.
regds
navdeep
Edited by: navdeep pathania on Aug 25, 2008 11:02 PMnavdeep,
I was rather talking about the PFUD in the back-end system.
But okay, if the synch with GRC is not working in the first place, then this issue should be addressed as well. However, that goes beyond this particular post 'Need help in Mitigation"
In an attempt to help you : is your diamond shaped adapter green ? are you using the correct model in the JCO in terms of your release of backend system ? did you do a full sync or incremental ?
for sure, this is your issue why the users are not mitigated through their assigned mitigated roles.
succes
sam -
GRC 5.3 CUP auto provisioning of Mitigation Assignment in RAR
Hello,
Is there any other workflow that needs to be triggered for the auto provisioning of the Mitigation control id assignment to the userid in RAR system from CUP, upon request completion?
I created a request that after the final stage of sox approver, got auto provisioned roles assigned to the user id in the SAP system , but it also stated that auto provisioning failed and got re-routed to the detour path of the security admin as I configured in case of auto provisioning failure. When I look at the error log, it states:
User Provisioning failed for System(s) : XYZ. Error Message : User type TE is unknown
Role: ROLEA assigned to user: TESTER1 in System(s): XYZ.
1). So, even though the approved role is being assigned to the user in the backend system, some other stuff is failing at auto provisioning. And I thought it might be the mitigation control assignment to the userid in RAR. I have the mitigation fields/objects active. But how do I ensure the auto-assignment of mitigation control ids also gets assigned on the same request upon sox approval?
2). The other question is where is the value of the 'controller' stored when configuring a stage for workflow approver determinator in the sox approver stage? Where is this value picked up from? We don't want to use the RAR mitigation approvers or monitors, we want to use a custom approver id from CUP and then the control id to be assigned upon approval automatically to the userid in RAR via CUP request completion during auto provisioning. Is this possible? The only thing failing for us is trying to determine how to create the custom approver determinator for SOX approver in CUP since it asks for 'attribute' value for workflow type 'Compliant User Provisioning' which doesn't make sense for this.
And then the above error even though the user role assignment is auto provisioning already but still giving the error as I listed above and re-routing to detour path instead of completing the request. Is it due to auto provisioning failure of mitigation control assignment in RAR?
Thanks in advance,
Alley
Edited by: Alley1 on Sep 20, 2011 1:15 AMHi Karell,
Here is response to your questions:
I can use the following CAD in an AE workflow: web service to fetch role approvers. I question this as it is merely a RE workflow service : No. As far as I know the web service is only for RE/ERM.
Can the Risk Analysis be initiated in stage x automatically once stage (x-1) was completed. So no person involved, it is mandatory however, in my opinion there should be no extra person involved to actually press the button "Risk Analysis" : No. There is no way to automate the risk analysis part. Someone will have to click on the button to check for SoD violations. You can configure to run automatic risk analysis when the request is submitted but this is not 100% perfect. If someone adds or removes role during approval phase, it will invalidate the risk analysis which was run during request submission.
Can somehow the Risk Owners defined in the RAR componed be asked to approve/reject risk that came out of the Risk Analysis described in my previous point. They should only be contacted when there is a risk indicated. : This is possible by following Babak's workflow.
Regards,
Alpesh -
I Created a power view in Excel 2013 and uploaded to my Power BI for o365 site.
But when i click on my excel file it opens in browser,After that i click on File tab its showing me two option
1. Save a Copy
2.Download a copy
When i click on save a copy its showing me an warning below
Features that are not supported by Excel in the browser and interactive reports will be removed from the saved copy.
Continue with Save?
If i continue saving it only saves an excel files with data only not the power view which i want to save with applied filters.
Please help me for thisJust to clarify, when you hit the option of Save As Copy, the whole experience goes into a "read-write" mode in Excel services, which currently doesn't support authoring, just consumption of PowerView sheets.
Two mitigations that come to mind:
1. Download the copy (as Brad suggests), rename the file and upload.
2. Use the send to option of SharePoint online, give the file the right target document library (can be the same as source) and rename the file:
GALROY -
Guys,
Anybody has ever done the MS CRM integration with OIM.
MY requirement is as follows
User initiates a self service request for the application and may populate some fields like country or primary service line (fields yet to be determined, but assuming the values for each field will be maintained in a lookup field)
First Approval Step: User’s Manager must complete any missing required attributes that the user didn’t fill and must also populate the access level field (values will be something like local, country, regional or global), but again these will be pulled from a lookup field. Manager provides first level approval
Second Approval Step: The owner approves/rejects the approval
Provision the user to the application (notification sent to the user), also, provision user to AD group for the application
Edited by: a73210 on Oct 28, 2009 10:42 PMI don have exp with MS CRM but if you have APIs then you can buid your custom connector. And for other things of your requirement.
Just create an Object form with the fields as per ur requirement and use pre populate adapter to populate these fields.
While creating form fields go to Properties tab and select property Required = true for required fields.
And you can make fields mandatory while creating the form so OIM will validate automatically that whether required fields are filled or not.
Create an Approval Process.
Create two task Approval1 and Approval2 and assign both the tasks to two different approvers.
Go to Approval1 > Responses
Select Approve and below in Task to Generate select Approval2.
You are done with 2nd level of approval. -
Problem in Hide Items Not Responsible
Hi,
I'm creating SC with two line items for two different approvers. The 1st approver is responsible for approving only the first line item but he can able to see both the line items and can able to change both the line items. The same is happening to second approver too. I've set 'X' for HIDE_ITEMS_NOT_RESPONSIBLE. Even though it is showing both the line items.
Is there any config or something have to be done. Can you please help me regarding this ??
Regards,
JMBTry executing this program....
you can understand...
data: sym type ICON_D value '@1E@'.
START-OF-SELECTION.
FORMAT HOTSPOT.
WRITE / 'ShowIcon'.
HIDE: sym.
AT LINE-SELECTION.
WRITE: sym.
And if i am not wrong, i hope you want to hide the "Display more" icon in the Select-options input. If that case, then use NO-EXTENSION keyword.
Could you please tell me the exact requirement, why you want to hide that icon? -
Set SoD detour condition on path level?
Dear forum,
We have a parallel workflow where the different paths are divided by business processes.
We want that SoD free paths continue as normal. Problematic paths are sent for resolution.
The problem as I see it is that the SoD detour condition is set on request level, not path level. Both problematic and non-problematic paths will meet the condition and are pushed into the detour. The non-problematic path will get stalled, because it has to wait for mitigation approval. Is there any workaround?
Kind Regards,
Vit V.Hi Jose,
We have different detour paths for every parallel path. But if any SoD conflict is detected, the SoD condition is met for all paths and are pushed into the detour(s). Have you successfully tested it?
Example:
Main Paths
P1
P2
P3
Stages
_1: Manager
_2: Role Owner
_3: BPO (CAD business process of role)
P1_1
P1_2
P1_3
P2_1
P2_2
P2_3
P3_1
P3_2
P3_3
Detours (1-stage with mitigation controll approver)
P1_DT
P2_DT
P2_DT
SoD detour takes place at stages:
P1_2
P2_2
P3_2
Problem 1: If the SoD conflict condition is met, all paths are pushed into their detours
Problem 2: Let say we have two paths with SoD conflicts, a third one is not. Two mitigation controlls are applied. All three paths are pushed into their detour paths for mitigation approval.
Worst case scenaro:
Conflicting path 1: Mitgation Approver 1 approves
Conflicting path 2: Mitgation Approver 1 + Mitgation Approver 2 Approves
Non-conflicting path: Mitgation Approver 1 + Mitgation Approver 2 Approves
kind regards,
vit v -
2 days automatically routed to the next approval level
I would like to know, is there anyone accepted this pre-defined rule setting, the order will automatically route to the next level approval if 2 days limited is passed? I think Oracle should provide the flexibility on choosing such routing rule.
We agree. This should be identical to the current functionality of Oracle's iProcurement.
We also need to have the second approver layer related to category. This means that per category it should be possible to route to two different approvers:
- budget responsible manager
- technical manager
For some products and services this is a must have. For example, when a buyer selects a computer some companies require that also the department responsible for the maintainance of computers in some companies should give their approval for such a purchase.
Kind regards,
Michel de Knoop
KPN Xchange
null -
CUP - button to reject request inhibited Version 5.3 SP14
Hi,
after it was applied in the SP14 GRC button to reject the request was only inhibited in step functional allowing you to reject functions. Does anyone know why and how to adjust the error?
thanks.Hello,
we have the same problem with SP14 (SP12 is ok) - after clicking on Reject button the option "Reject Request" is disabled and the option "Reject Roles" is enabled. When approver chooses "Reject Roles" the request is completed and FF account provisioned!
I had to change approving settings for that stage:
Approval Level: "System and Role" -> "Request"
Rejection Level: "System and Role" -> "Request"
Now when there is a request with two FF accounts (and two different approvers) one can approve his FF but when the next approver rejects the request nothing is provisioned.
But better is nothing than provisioning rejected FF account!
Pavel -
Invoice hold workflow is not fetching the approver from ame
Hi,
I'm trying to get the next approver(3rd level) in wf process from ame through profile option, but it's not fetching the approver.
my query is
SELECT persion_id||employee_id
FROM fnd_user
WHERE employee_id = fnd_profile.VALUE('MG_AP09_PAYABLES_SUPERVISOR')
other two level approvers (level1 and level 2)I'm getting , which is not through profile but direct join of tables as given below
SELECT 'person_id:'|| rcv.EMPLOYEE_ID
FROM ap_holds_all aph
,po_distributions_all pd
,rcv_transactions rcv
WHERE pd.line_location_id = aph.line_location_id
AND pd.PO_DISTRIBUTION_ID= rcv.PO_DISTRIBUTION_ID
AND aph.hold_id = :transactionId
AND transaction_type = 'DELIVER'
SELECT 'person_id:'|| HR2.attribute2
from ap_holds_all AH
,po_line_locations_all PLL
,hr_locations_all HR1
,hr_locations_all HR2
where pll.line_location_id = AH.line_location_id
AND pll.ship_to_location_id = HR1.location_id
AND nvl(HR1.attribute1,HR1.location_id) = HR2.location_id
AND AH.hold_id = :transactionId
what may be the issue?Hi Surjith,
Please look at the code I have written in the user exit, which is just for testing purpose. In SPRO I set workflow as 9 for all the release codes.
IF i_eban-werks = '1000'.
actor_tab-otype = 'US'.
actor_tab-objid = 'S_RITESH'.
APPEND actor_tab.
CLEAR actor_tab.
ENDIF.
In PR I am getting the user name in processor coloumn correctly.
please let me know if I am going wrong.
Thank you. -
CUP 5.3 SP16, detour path for SOD violations doesn't exclude critical risks
Hello,
Has anyone else had this issue:
If you set your configuration to not require mitigation of critical risks, but only SOD risks, the workflow detour path condition 'SOD violations' still triggers to go to the detour path even if the request only has critical risks. This is a bug in the workflow detour logic. First of all, CUP doesn't differentiate between SOD violations vs Critical Risks violations. If we only want the mitigation approver detour to happen for SOD risks, the detour seems to happen even if the request only has critical risks issue which doesn't require mitigation.
Since our Approver determinator for SOX approval is the RAR Mitigation Control approver, the workflow detours to SOD violations path but doesn't find any mitigation approvers on critical risks and so goes to the administrator inbox as a approver not found issue escape route.
If SAP gives the option to not require to mitigate critical risks under config>mitigation>uncheck mark mitigation of critical risks not required, then the logic for detour also shouldn't happen for critical risks under 'SOD violations' condition. This doesn't make any sense why SAP has both in the same condition when one is clearly not SOD risks. Now our workflows keep failing bc of this bc we have several roles that might have a critical transaction or so, but we can't stop it from detouring even when we do not want them mitigated or approved for SOX stage. But we still need this detour path for additional approval for the actual SOD Risks.
Will greatly appreciate any1's feedback on what they have done to resolve this.
Thanks,
A.I was actually able to resolve the issue by adding the role approver stage first to the sox approver detour path.. this way..if the manager has roles with sod violations and updates mitigations for it, it goes to the role approver via detour path as well first and then to the sox approver stage b4 auto provisioining. So, that solved our problem. And if the request doesn't have SOD violations then it just goes to the next stage without detour which also has the role approver as the last stage.
Since I couldn't get the sox approver stage to show up after the role approver as originally anticipated since the request already had mitigation assigned at the manager level, we did the above scenario to fix the issue.
Requestor>Manager->Role Approver-->auto provisioning (without SOD violations)
Requestor>Manager> Detour (Role Approver>SOX Approver)->Auto Provisioning (with SOD violations) -
Approval of PO by two approvers
Dear experts,
Our requirement is that we want the 2 approvals in the hierarchy for the PO. and the approvals are at the same level , there is no difference between these approvers.When PO is sent for the approval it goes to both approvers but the error is coming that when we click the button of aprove on the PO there is option coming that to whom you want to move the document? either approver 1 or approver 2 ? and if we select the approver 1 then the notification goes to only 1st one or if we select the 2nd then notification goes to 2nd. Is there any solution of it ?
Edited by: jahanzeb qureshi on Jun 17, 2011 3:04 AMFollowing is the solution i can think of
After first Approver approves the PO you can initiate the forward action from approver1 to approver2 or vice versa.
Approving and forwarding the PO will change the status of PO to PRE APPROVED (after 1st approval)
This will allow next approver (approver 2) to approve the PO from PRE APPROVED to APPROVED status.
So you will have to create a logic to identify approver1 or approver 2 has approved the PO first and then forward it to the next person. this can be achived programatically or by modifying workflow. -
Hi all,
Two questions regarding mitigation in SAP GRC AC:
1)
Reading through the forum, we have seen that if monitor does not execute the report (action) within the frequecny set and alert is generated. Are these alerts sent out to the mitigation controls' approvers automatically or need to be triggered by executing alerts generation with mitigation flags set?
2)
If WF is set and appropriate configuration is set in RAR, approver activities in CUP are approval for mitigation control maintenance and mitigation control assignment. Is this correct?
Thanks in advance. Best regards,
ImanolHi Imanol,
Here is my response:
1) Reading through the forum, we have seen that if monitor does not execute the report (action) within the frequecny set and alert is generated. Are these alerts sent out to the mitigation controls' approvers automatically or need to be triggered by executing alerts generation with mitigation flags set?
You need to go to Alert Generation -> Select Generate Alert log, Control Monitoring under Action Monitoring and Alert notification.
2) If WF is set and appropriate configuration is set in RAR, approver activities in CUP are approval for mitigation control maintenance and mitigation control assignment. Is this correct?
Yes, that is correct.
Regards,
Alpesh
Maybe you are looking for
-
Changing Capacity Utilization for selected days before and after a CTM Run
I have a number of resources with their respective capacity utilizations. I am running CTM which requires the resource utilizations for all the resources to be at 100%. Can I do that with 2 capacity variants for the resource with 100% and X% utilizat
-
Upgraded software, can't get back to my phone
I up graded my Iphone 4 thru Itunes, Am stuck in the apple ID and pass word. It even tells me my birthdate is incorrect! Do I have to re-do the password and ID allover again??
-
How do I get Safari to switch to new webpages on the same tab instead of opening new ones?
Hello! Recently my Safari has been opening new tabs whenever I click on a link, which is not what I want. I just want to have a single tab open that lets me click on whatever I want and still stay on that one tab. This has never happened before, and
-
I upgraded my iPad 1 to the new iOS, 5.0, and it removed an application I downloaded from the Apple Store called Noteworthy. It was a note taking software, and it's been upgraded a few times since I bought it, so I know it's legitimate. I lost all
-
OPA (Oracle Policy Automation)integration with Oracle Application R12
Hi, We want to know checklist for OPA integration with Oracle Applocations( Ebussiness Suite). It is urgent, Can anybody help us on this. It is very urgent. Any one can help us to integrate OPA (Oracle Policy Automation) with R12 Ebs. Thanks in advan