• State Suggested Answer
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 95 subscribers
  • Views 552 views
  • Users 0 members are here
Options
Related

SAP Role Approval - mandatory Order Reason for a certain amount of rolls

Sergio
6 months ago

Hello,

we are running One Identity 9.1 and 9.2 in our company in business context.

I want to ask a short question regarding the SAP Role approval.

We are working with hundreds of SAP roles, which can be assigned after approval.

The most critical roles (Firefighter) need, according to our process,

a mandatory reason filled before the order is submitted

in order to check the activity trace afterwards.

By default the reason field is not mandatory and I guess it can be defined so.

But is this black or white, I mean when the Reason field is set to mandatory,

does this automatically apply to all SAP Roles existing.

Or is it possible, like demanded in our process,

to set this filed mandatory only for fixed defined amount of roles ?

Best regards,

Sergio

Parents Reply Children
  • 0 6 months ago in reply to Markus Weiss-Ehlers

    Hello Markus,

    thanks a lot for your fast reply.

    This property (OrderReasonType) does apply for all roles then (black/white)
    or can this property be defined for a selected amount of total SAP Roles (e.g. 20 from 500) ?

    Because enabling this property (Order Reason Mandatory)
    only in a selected set of SAP Roles
    is a key requirement in our process.

    Best regards,
    Sergio

  • 0 6 months ago in reply to Sergio

    Hi Sergio,

    As I believe you can see in the documentation Markus linked the 'Reason type on request' is set on the service item / Acc product.

    Each individual role has their own Accproduct / service item (it's the think that you actually request, with the description, name, the IT-Shop it's linked to, etc).

    So yes, you can set the OrderReasonType for only a subset of your SAP roles. Obviously, you'll need to either set it by hand on those roles (as part of your creation procedure) or have some good way to identify them if you want a template / automation to set the OrderReasonType to the value you want.

  • 0 5 months ago in reply to Jos Groenewegen

    Hello Markus, Hello Jos,
    great, thanks for your support.

  • 0 4 months ago in reply to Sergio

    Hi Everyone,

    Apologies, further questions on this "Reason type on request" Does this function exclusively on the Angular web portal?

    Currently, we are using the 9.2 version and 8.2 for the web portal.

    Thank you in advance.

  • 0 4 months ago in reply to Hana

    Hi Hana,

    No apologies needed for further questions :). What I've found is that it should work in both the Angular web portal and the (old) web portal but, at least in version 9.0 LTS (CU3) it doesn't work in the old web portal.

    If you look in the web designer you'll see that there is a condition that should make the reason mandatory based on the attribute on the AccProduct but it... Doesn't actually work. The 'work-around' I've seen work is to add a different attribute to the collection which isn't a list of fixed values and use that for the same viewing condition (that does work)... So, if you're seeing this be 'broken' in the old web portal in 9.2 I would not be surprised (as it is in 9.0 LTS at least).