View
3.342
Download
56
Category
Preview:
Citation preview
ARM Workflows Oct 19th , 2015
2Copyright © Capgemini 2012 – Internal Use Only. All Rights Reserved
Presentation Title | Date
CONTENTS
3. Introduction : MSMP - BRF+4. Request Header & Line Item5. If , Else If Rule6. Workflow Key Terms in SAP BusinessObjects AC 5.3 vs 10.0/10.17. Workflow Key Terms Contd.8. Workflow Key Terms Contd.9. BRF+ Initiator Rule10. BRF+ Agent Rule11. Custom Path : New User12. Custom Path : Change Account13. Route Mapping14. MSMP Workflow Prerequisites15. General steps to create ARM Workflow16. General steps to create ARM Workflow Contd
3© Capgemini 2012. All Rights ReservedGovernance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
MSMP
•is the new workflow engine used within GRC Access Controls 10.0 which is capable of directing requests down multiple approval routes simultaneously.•is used for the management of automated approval workflows for the purposes of access request •works off a multitude of different rules to govern what should happen to the requests. •All of these rules need to be defined up front before they can be assigned in to the configuration and used in the workflow processes.
BRF+
•is the Business Rules Framework Plus application which supports the definition of business rules.•it can be the authoring environment for the rules which can then be plugged into MSMP workflow configuration
Introduction : MSMP - BRF+
4© Capgemini 2012. All Rights ReservedGovernance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
Request Header & Line Item
5© Capgemini 2012. All Rights ReservedGovernance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
If , Else If Rule
6© Capgemini 2012. All Rights ReservedGovernance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
Workflow Key Terms in SAP BusinessObjects AC 5.3 vs 10.0/10.1
GRC 5.3
Request Type
Initiator
CAD
Detour
Path
GRC 10
Process ID + Request Type
Initiator Rule
Agent Rule
Routing Rule
Path
7© Capgemini 2012. All Rights ReservedGovernance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
Process ID• SAP_GRAC_ACCESS_REQUEST• SAP_GRAC_ACCESS_REQUEST_
HR• SAP_GRAC_CONTROL_ASGN• SAP_GRAC_CONTROL_MAINT• SAP_GRAC_FIREFIGHT_LOG_REP
ORT• SAP_GRAC_FUNC_APPR• SAP_GRAC_RISK_APPR• SAP_GRAC_SOD_RISK_REVIEW• SAP_GRAC_USER_ACCESS_REVI
EW
Rule Kind• Initiator Rule• Agent Rule• Routing Rule• Notification Variables
Rule
Rule Types• ABAP Program• ABAP Class Based
Rule• BRFplus rule• BRFplus Flat
rule/BRF+ Easy
Agent Types• Directly Mapped
Users• PFCG Roles• PFCG User Groups• GRC API (Application
Programming Interface) Rules
Workflow Key Terms Contd.
8© Capgemini 2012. All Rights ReservedGovernance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
Process ID
• New Account Change Account• Change Account• Delete Account• Lock Account• unlock user• Superuser Access• Information• Role Reaffirm
• Create Risk• Update Risk• Delete Risk
Request Types
• SAP_GRAC_ACCESS_REQUEST• SAP_GRAC_ACCESS_REQUEST_HR• SAP_GRAC_CONTROL_ASGN• SAP_GRAC_CONTROL_MAINT• SAP_GRAC_FIREFIGHT_LOG_REPORT• SAP_GRAC_FUNC_APPR• SAP_GRAC_RISK_APPR• SAP_GRAC_SOD_RISK_REVIEW• SAP_GRAC_USER_ACCESS_REVIEW
Workflow Key Terms Contd.
One process ID can have multiple request types
9© Capgemini 2012. All Rights ReservedGovernance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
BRF+ Initiator Rule
10© Capgemini 2012. All Rights ReservedGovernance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
BRF+ Agent Rule
11© Capgemini 2012. All Rights ReservedGovernance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
INITIATOR RULE SECURITY MANAGER PROVISIONING
Custom Path : New User
12© Capgemini 2012. All Rights ReservedGovernance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
INITIATOR RULE ROLE OWNER PROVISIONING
Custom Path :Change Account
One initiator rule is able to trigger multiple paths based on the rule result value
For every Rule Result Value , there will be a path
13© Capgemini 2012. All Rights ReservedGovernance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
Route Mapping
Work areas are not considered to be sequential when maintaining workflows.
One initiator rule is able to trigger multiple paths based on the rule result value
For every Rule Result Value , there will be a path
14© Capgemini 2012. All Rights ReservedGovernance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
The following prerequisites must be completed before MSMP workflow configuration can begin. Using the SAP GUI interface, Execute Transaction SPRO -> Customizing Edit Project -> SAP Reference IMG -> Governance Risk and Compliance:
•Choose General Settings -> Workflow 1. Perform Automatic Workflow Customizing
2. Perform Tasks Specific Customizing
•Choose Access Control -> Workflow for Access Control 1. Activate Event Linkage for AC Workflows
2. Activate MSMP Content for AC (Activate the BC set)
•Access Control -> User Provisioning 1. Maintain Number Range Intervals for Provisioning Requests
2. Define Number Range Intervals for Provisioning Request
3. Maintain Provisioning Settings
• Assign Key Roles for Workflow
MSMP Workflow Prerequisites
15© Capgemini 2012. All Rights ReservedGovernance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
Create Initiator Rule using BRF+•SPRO - Access Control - Workflow for Access Control - Define Workflow-Related MSMP Rules.
•Create Initiator rule .•BRF plus- Function - Top Expression - Create Decision Table --Table Settings - Insert Condition Column - Insert Row and enter Condition Values.
Add the Initiator Rule in MSMP•MSMP Workflow Configuration - Maintain Initiator Rule - Add Initiator Rule details - Add Rule Result.
•MSMP - Generate Versions – Save.
Create Agent Rule using BRF+•SPRO - Access Control - Workflow for Access Control - Define Workflow-Related MSMP Rules
•Create Initiator rule.•BRFplus - Function - Top Expression - Create Decision Table -
•Table Settings -•Insert Condition Column - Insert Row enter Condition Values.
Add Agent Rule in MSMP•MSMP Workflow Configuration - Maintain Agent Rule - Add Agent Rule details - Add Rule Result.
•MSMP - Generate Versions – Save.
General steps to create ARM Workflow
16© Capgemini 2012. All Rights ReservedGovernance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
Maintain New Agent •Maintain Agents-as
GRC API Rules under MSMP - Maintain Agents.
•MSMP - Generate Versions – Save.
Create New Path•Add Stages &
Maintain Approvers for each stage.
•MSMP - Generate Versions – Save.
Maintain Global Process Initiator•MSMP - Global
Rules - assign Process Initiator as the new Initiator rule created.
Activate•MSMP - Generate
Versions - Save & Simulate.
•Activate.
General steps to create ARM Workflow Contd.
17© Capgemini 2012. All Rights ReservedGovernance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
QUESTIONS
18© Capgemini 2012. All Rights ReservedGovernance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
THANK YOU
Recommended