Skip to Content
Technical Articles
Author's profile photo Madhu Babu #MJ

GRC 10.0/10.1/12.0 – BRF+ Agent Rule based on Role Functional Area field using TABLE OPERATION and LOOP

Purpose

In MSMP, Access Controls 10.0 and 10.1 provides extremely flexible and powerful tool to configure workflows. In this document we will see how to create BRF+ (NOT line item by line item) MSMP agent rule by taking example of real business case in context of Access Request.

Overview

In GRC 10/10.1 SAP has provided different ways for determining agents for a stage in access request. This scenario is more to determine the Role Owner for a role using Custom BRF+ application based on Functional Area field.

 

Functional area is a table.  It is possible to maintain multiple functional areas in roles, so it is not possible to directly use functional area as attribute for roles in BRF+ decision table. Hence, this blog has been created which will be helpful for the consultants who have the requirement to use Functional Area as an attribute in determining the agent for roles. The below mentioned BRF+ agent rule is developed assuming each role will have a unique functional area 🙂

Ref SAP Note: 1890452 – Functional area attribute for role is not picked up by BRF+ rule

Ref Discussion on SCN: http://scn.sap.com/thread/3661923

Steps to build the BRF Rule:

Creating BRF+ Rule for determining Agent based on Functional Area

You have to generate the BRF Rule via Transaction SPRO in GRC system. Follow the below steps in your GRC system.

Run the transaction SPRO, Go to IMG => Governance, Risk and Compliance =>Access Control =>Workflow for Access Control  => Define Workflow related MSMP rules.

Or

Directly execute Tcode GRFNMW_DEV_RULES

  • Fill generation criteria (Process ID, Rule type, etc.)
  • Specify Generation options
  • Generate rule shell (Execute button)

Click Execute or Press F8. This now generates a successful message for BRFPlus Rule with name and ID. You can run BRF+ Tcode and can check the newly created BRF+ application there.

 

Now you can see the created BRF+ application as shown below.

 

Functions Signature Update

In BRF+ function, change the mode to “Event Mode” and activate the function as shown below

 

  • Since Function mode has been changed to “Event mode,” the result data object has changed automatically, so it has to be reset manually
  • In “Signature” tab of BRF Function, change the result data object to GRFN_MW_T_AGENT_ID

Create Ruleset in BRF+ Application

 

Create Ruleset in your BRF+ application by clicking on “Create Ruleset” button under “ASSIGNED RULESETS” tab of function. Ruleset is a combination of business rules that can only be assigned to a function in the BRFPlus framework.

Enter any name for the Ruleset and click on “Create and Navigate to object” as shown below

Ruleset will be created and you will be shown a success message as shown below

Create Rule within Ruleset – Create Expression of Type “Loop”

  1. Click on “Insert Rule” button to create new rule
  2. From within rule, click on “Add” -> “Process Expression” -> “Create” to create a new expression
  3. Create expression of type “Loop” and provide suitable name and description

Loop gets created as shown below. Processing Mode and Loop Mode maintain as mentioned below.

 

 

Create Rules within Loop Expression

 

First Rule

 

/wp-content/uploads/2014/12/1_600118.png

Third Rule

Third rule is used to assign value to context as shown below. This rule will be included in your loop for inserting the values into Agent ID table after processing each LineItem.

 

Assigned Tags

      9 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Hi Madhu,

      Nice Document.

      Regards,

      Venu

      Author's profile photo Former Member
      Former Member

      Great Job!,

      Thanks,

      Author's profile photo Former Member
      Former Member

      Excellent Job Madhu!!

      Thanks.

      Author's profile photo Siva Charan Reddy
      Siva Charan Reddy

      Hi Madhu,

      Excellent document! Great Job!!

      Regards,

      Charan

      Author's profile photo Madhu Babu #MJ
      Madhu Babu #MJ
      Blog Post Author

      Thanks all 🙂

      Author's profile photo Former Member
      Former Member

      Hi Madhu,

      I appreciate the extreme efforts, you have put to prepare this document. I have below doubts. So, could you help, clarify them

      i have confusion over how functional area is calculated, for a role.Could you help me on this.

      1.Firstly, 1 role has many Functional areas. So, 1 role will be sent to all the Approvers(1 for each functional area, as per decision table). i think this is the objective of the document.

      2. the First rule(TABLE OPERATION), specifies First line, and therefore always First Functional area of a role, will be considered. However, our objective is to direct the request to all the approvers(of all functional areas of a role)

      3. i am not able to create a Change agent id, for the 2nd rule(DECISION TABLE).

      4. I think you have assigned the Agent id fetched in step 3, to GRFN_MW_T_AGENT_ID. i am not able to understand this. Could you tell why is this required.

      Regards

      Plaban

      Author's profile photo Madhu Vadlamani
      Madhu Vadlamani

      Hi Madhu,

      Good one.

      Author's profile photo Praveen yadav
      Praveen yadav

      Hi Madhu,

      It's very good Doc with good explanation.

      Author's profile photo Former Member
      Former Member

      Hi Madhu,

       

      Thank you very much for this document. I have created an agent rule exactly the way it was mentioned here. I was also able to activate the rule, rule set, decision table etc without any errors now. I have tried to simulate the result and it gives me the exact output i wish to see.

      However, when i use this agent rule in MSMP workflow it did not work for me. Message log gives me an error Message: ‘Failed to determine the Agent’.

      Could you please help me with this. All i would like to achieve is a solution for routing approvals to multiple approvers to the same business role by using the functional area criteria .I appreciate your assistance.

      Thank you !