You are on page 1of 18

ARM Workflows

Oct 19th , 2015


CONTENTS

3. Introduction : MSMP - BRF+


4. Request Header & Line Item
5. If , Else If Rule
6. Workflow Key Terms in SAP BusinessObjects AC 5.3 vs 10.0/10.1
7. Workflow Key Terms Contd.
8. Workflow Key Terms Contd.
9. BRF+ Initiator Rule
10. BRF+ Agent Rule
11. Custom Path : New User
12. Custom Path : Change Account
13. Route Mapping
14. MSMP Workflow Prerequisites
15. General steps to create ARM Workflow
16. General steps to create ARM Workflow Contd

Presentation Title | Date

Copyright © Capgemini 2012 – Internal Use Only. All Rights Reserved 2


Introduction : MSMP - BRF+

MSMP

•is the new workflow engine used within GRC Access Controls 10.0 which is capable of
directing requests down multiple approval routes simultaneously.
•is used for the management of automated approval workflows for the purposes of access
request
•works off a multitude of different rules to govern what should happen to the requests.
•All of these rules need to be defined up front before they can be assigned in to
the configuration and used in the workflow processes.

BRF+

•is the Business Rules Framework Plus application which supports the definition
of business rules.
•it can be the authoring environment for the rules which can then be plugged
into MSMP workflow configuration

Governance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
3
© Capgemini 2012. All Rights Reserved
Request Header & Line Item

Governance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
4
© Capgemini 2012. All Rights Reserved
If , Else If Rule

Governance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
5
© Capgemini 2012. All Rights Reserved
Workflow Key Terms in SAP BusinessObjects AC 5.3 vs
10.0/10.1

GRC 5.3 GRC 10

Process ID +
Request Type
Request Type

Initiator Initiator Rule

CAD Agent Rule

Detour Routing Rule

Path Path

Governance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
6
© Capgemini 2012. All Rights Reserved
Workflow Key Terms Contd.

Process ID Rule Kind Rule Types Agent Types


• SAP_GRAC_ACCESS_REQUEST • Initiator Rule • ABAP Program • Directly Mapped
• SAP_GRAC_ACCESS_REQUEST_ • Agent Rule • ABAP Class Based Users
HR • Routing Rule Rule • PFCG Roles
• SAP_GRAC_CONTROL_ASGN • Notification Variables • BRFplus rule • PFCG User Groups
• SAP_GRAC_CONTROL_MAINT Rule • BRFplus Flat • GRC API (Application
• SAP_GRAC_FIREFIGHT_LOG_REP rule/BRF+ Easy Programming
ORT Interface) Rules
• SAP_GRAC_FUNC_APPR
• SAP_GRAC_RISK_APPR
• SAP_GRAC_SOD_RISK_REVIEW
• SAP_GRAC_USER_ACCESS_REVI
EW

Governance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
7
© Capgemini 2012. All Rights Reserved
Workflow Key Terms Contd.

 One process ID can have multiple request types

Request Types Process ID

• New Account Change Account


• SAP_GRAC_ACCESS_REQUEST
• Change Account
• Delete Account
• SAP_GRAC_ACCESS_REQUEST_HR
• Lock Account • SAP_GRAC_CONTROL_ASGN
• unlock user • SAP_GRAC_CONTROL_MAINT
• Superuser Access • SAP_GRAC_FIREFIGHT_LOG_REPORT
• Information • SAP_GRAC_FUNC_APPR
• Role Reaffirm • SAP_GRAC_RISK_APPR
• SAP_GRAC_SOD_RISK_REVIEW
• Create Risk • SAP_GRAC_USER_ACCESS_REVIEW
• Update Risk
• Delete Risk

Governance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
8
© Capgemini 2012. All Rights Reserved
BRF+ Initiator Rule

Governance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
9
© Capgemini 2012. All Rights Reserved
BRF+ Agent Rule

Governance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
10
© Capgemini 2012. All Rights Reserved
Custom Path : New User

INITIATOR
SECURITY MANAGER PROVISIONING
RULE

Governance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
11
© Capgemini 2012. All Rights Reserved
Custom Path :Change Account

INITIATOR
ROLE OWNER PROVISIONING
RULE

 One initiator rule is able to trigger multiple paths based on the rule result value

 For every Rule Result Value , there will be a path

Governance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
12
© Capgemini 2012. All Rights Reserved
Route Mapping

 Work areas are not considered to be sequential when maintaining workflows.

 One initiator rule is able to trigger multiple paths based on the rule result value

 For every Rule Result Value , there will be a path

Governance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
13
© Capgemini 2012. All Rights Reserved
MSMP Workflow Prerequisites

The following prerequisites must be completed before MSMP workflow configuration can begin.
Using the SAP GUI interface, Execute Transaction SPRO -> Customizing Edit Project -> SAP Reference IMG -> Governance Risk and Complia

•Choose General Settings -> Workflow


1. Perform Automatic Workflow Customizing

2. Perform Tasks Specific Customizing

•Choose Access Control -> Workflow for Access Control


1. Activate Event Linkage for AC Workflows

2. Activate MSMP Content for AC (Activate the BC set)

•Access Control -> User Provisioning


1. Maintain Number Range Intervals for Provisioning Requests

2. Define Number Range Intervals for Provisioning Request

3. Maintain Provisioning Settings

• Assign Key Roles for Workflow

Governance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
14
© Capgemini 2012. All Rights Reserved
General steps to create ARM Workflow

Create Initiator Add the Initiator Create Agent Add Agent Rule
Rule using BRF+ Rule in MSMP Rule using BRF+ in MSMP
•SPRO - Access •MSMP Workflow •SPRO - Access •MSMP Workflow
Control - Workflow Configuration - Control - Workflow Configuration -
for Access Control - Maintain Initiator for Access Control - Maintain Agent Rule
Define Workflow- Rule - Add Initiator Define Workflow- - Add Agent Rule
Related MSMP Rule details - Add Related MSMP details - Add Rule
Rules. Rule Result. Rules Result.
Create Initiator rule . •MSMP - Generate Create Initiator rule. •MSMP - Generate
•BRF plus- Function - Versions – Save. •BRFplus - Function - Versions – Save.
Top Expression - Top Expression -
Create Decision Create Decision
Table --Table Table -
Settings - Insert Table Settings -
Condition Column - Insert Condition
Insert Row and enter Column - Insert Row
Condition Values. enter Condition
Values.

Governance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
15
© Capgemini 2012. All Rights Reserved
General steps to create ARM Workflow Contd.

Maintain New Create New Path Maintain Global Activate


Agent • Add Stages & Process Initiator • MSMP - Generate
• Maintain Agents- Maintain • MSMP - Global Versions - Save &
as GRC API Rules Approvers for Rules - assign Simulate.
under MSMP - each stage. Process Initiator • Activate.
Maintain Agents. • MSMP - Generate as the new
• MSMP - Generate Versions – Save. Initiator rule
Versions – Save. created.

Governance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
16
© Capgemini 2012. All Rights Reserved
Governance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
17
© Capgemini 2012. All Rights Reserved
Governance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management
18
© Capgemini 2012. All Rights Reserved