Some of the likely errors encountered are;
- No Approver found
- No agent found, cancelling path ....... (in stage no: XXXX)
One of the possible solutions for this scenario is to create a logic using a custom initiator rule to send system line items to a path with no stage in the process ID (SAP_GRAC_ACCESS_REQUEST).
Step 1: Log on to the GRC system and execute transaction code (SPRO) from the command field
 |
Step 2: Click on SAP reference IMG (it takes you to the implementation screen)
Step 3: Goto Governance Risk & Compliance --> Access Control --> Workflow for Access Control --> Define Workflow Related MSMP Rules
Step 4: Enter the details below
Enter the information as specified in the image below
Click the Execute button
Enter the information as specified in the image below
Click the Execute button
Step 5: A log is generated, ensure everything is with the status (Green)
Step 6: Execute transaction code BRF+
Right click on Application (Access Request Appro) --> Create --> Expression --> Decision Table
Step 7: Create a decision table; click create and navigate to object. (specify a name, short text, Text)
 |
| Add caption |
Step 8: Specify the following columns in the decision table;
Build your table to reflect the what is indicated in the image below; click the ok button
A decision table will be created;
Step 9: Click the add row button and fill in the details as seen in the picture below
The condition statement above means:
Request Type is between to 001 - 006 and role type is initial
If all of the conditions are true, then the statement is true and will return the result value which is to send the access request line item to the path System_path
Is initial refers to a situation where the role type is blank (Connector: this is not a role type)
Is not initial refers to a situation where the role type could either be (Single, Composite, Derived etc)
Save and activate the decision table.
Step 10: Click on Function in the left-hand pane and go into Edit mode to assign the Top expression.
NOTE:
1. Top Expression value should be the “Decision Table” that was created.
2. Make a note of the ID from the general tab. This is required to create the new Initiator Rule in the MSMP workflow.
Now Launch MSMP (GRFNMW_CONFIGURE_WD)
Select the Process ID and go to Maintain Rules (step 2 of 7) and add the newly created BRF+
Go to stage 5, Create all the required paths with the respective stages for each path. For the system path ensure it has no stage
Assign the Rule result value to the custom paths and shown below:
Go to stage 7, save and simulate........ Activate.
When you raise an access request in SAP GRC whenever you add a system line item to the request, the request goes to the system path which has no stage and auto provisioning is performed.
INSURANCE
For more information, you could visit this link.
