Skip to Content
Author's profile photo Former Member
Former Member
November 10, 2014 2 minute read

SAP GRC 10.0 MSMP 101 for beginners

When an employee joins the company he requires SAP Access. The general process I the manager or supervisor of the employees sends an email to the SAP Security with the required roles and the user is provisioned in the required backend systems. This process does works but everything is manual and there is no clear audit trail. There is also no guarantee that the roles were properly assigned.

This is where the SAP GRC 10.0 User Provisioning tool can help. The key engine which drives this process of the approval workflow is called MSMP – Multi Step Multi Process. This will automate the process. Let us understand the MSMP from high level so beginner can understand the configuration

Step 1 ( Process Global Settings) – Execute MSMP Configuration from the SPRO menu to come to MSMP main screen. Here you need to note the process ID which is SAP_GRAC_ACCESS_REQUEST and it is liked to GRAC_AR_INITIATOR. Only one initiator can be linked to the process id.

MSMP_1_Initiator.jpg

Step 2:  (Maintain rules) – In this step we are going to look at the result value of the GRAC_AR_INITIATOR which drives the path of the work flow. Here the GRAC_DEFAULT_RESULT is the result value. This value will be used to find out how the request is going to flow when you create a request

MSMP_2_Maintain Rules.jpg

Step 6 (Maintain Route Mapping) – In this step we look for the GRAC_DEFAULT_RESULT and see which path it is mapped to GRAC_DEFAULT_PATH

MSMP_3_Routing Path.jpg

Step 5 Maintain Path – In this setting we look for the GRAC_DEFAULT_PATH and identify the Stage in the Path. This shows that there are two stages which are manager and Security. Now we need to understand how the approvers are assigned to the stages. The approvers assigned to the stage are ZGRC_MANAGER and ZGRC_SECURITY

MSMP_4.1_Stage.jpg

MSMP_4.2_Stage.jpg

Step 3 Maintain Agents – In this step we are looking are defining the agents and linking them to the PFCG role. The users assigned to this role will be the approvers of the request coming to this stage

MSMP_5_Agent.jpg

Now when you create a request the following high lighted request which are mapped to Process id SAP_GRAC_ACCESS_REQUEST will follow these two steps and get provisionined into the system

Hope this help. Give your feed back and comments

Assigned Tags

      4 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Ravi Kumar Chikatla
      Ravi Kumar Chikatla

      Awesome Document, very easy to understand...Thanks for the contribution 🙂

      Author's profile photo kundan kumar
      kundan kumar

      Thanks for the document. One thing I did not understand. Why is step 3 after step 5 and 6? Also these steps are not in sequence. Does this mean we need to go to step 6 after 2 then to 5 and 3? Sorry, I am new to the GRC world and accept my apologies if you find my question stupid.

      Author's profile photo Colleen Hebbert
      Colleen Hebbert

      Hi Kundan

      I had written a document earlier that explained the MSMP and why it's not in sequence. It goes more into the concept of MSMP as opposed to work instruction.

      MSMP - Multi Step Multi Process – GRC’s answer to Workflow Configuration Flexibility

      Technically, if you were to create an entire new MSMP configuration (including notification template and agents) you would find yourself working in sequence as you would need to create the Agents, Notififications, etc to use them in later steps.

      Regards

      Colleen

      Author's profile photo Former Member
      Former Member
      Blog Post Author

      Yes. The Steps does not mean you have to go in Sequence