Skip to Content
  • Community
  • Topics
  • Answers
  • Blogs
  • Events
  • Programs
  • Resources
  • What's New
    • Manage my Account
          • Logout
      • Search
      • Home
      • Community
      • Ask a Question
      • Write a Blog Post
      • Login / Sign-up
      Technical Articles
      Author's profile photo Madhu Babu #MJ
      Madhu Babu #MJ
      Posted on April 18, 2015 9 minute read

      SAP GRC AC and PC 10.0/10.1/12.0 – Customization of Email Notifications/Variables

      Follow RSS feed Like
      35 Likes 38,263 Views 31 Comments

      SAP GRC AC Email Notifications – Customization

      Overview

      In GRC Access control as part of Workflow approvals and reviews, access control users like Managers, Role Owners, FF ID Owners and Controllers, Function/Risk/Mitigation Approvers, Monitors, Users, Requestors etc. receive various Email notifications. Based on the customer sepcific requirements these Email notifications are enhanced and maintained. This blog is to discuss about various customizing options available for GRC notifications as well as notification variables and their limitations and scope 🙂

       For beginners below document gives details on how to customize email notifications templates in GRC

      AC 10.0 – How to Customize Notification Templates for AC Workflow

       

      Email Notification Templates – HTML Tags

      1. HREF (For Email ID and URLs)

      Business Scenario:

      Notification variables which gets converted to URLs in the notification emails will have a very big URL with Path ID, Stage ID etc. Basically when the URL is not maintained as HREF using HTML tags, in most of the cases Emails get routed to JUNK folder in mailbox because of various special characters in the URL. Hence it is suggested to use HREF tag and make these GRC URLs as links which will avoid routing to JUNK folder issue as well as avoids end users directly seeing all technical details of the URL. Below are some of the variables which gets converted to URLs in notification Emails.

       LINK_APPROVE_REJECT    Link to Approve/Reject by Email

      LINK_GET_APPROVERS    Link to get Approvers

      LINK_GET_REQ_STATUS    Link to get Request Status

       

      Example: How the above variables look in notification emails with and without HTML tags

      a. %LINK_APPROVE_REJECT%

      b. Click <A HREF = %LINK_APPROVE_REJECT% > here </A> to approve/reject the request

       

      2. To Include GRC Help-desk Email

      Business Scenario:

      When end users receive email notifications for GRC related requests then most of the times we observed that users will have queries with the Emails or about their GRC requests and wanted to contact concerned GRC Admin/Help-desk for clarifications. In order to make it easy for end users to contact HELP-DESK, we can include Email ID in notification emails.

      Example: How to include Email link in notifications

      Please contact GRC Admin at <A href=”mailto:Test@test.com“> GRC Helpdesk </A>

      3. BOLD, UNDERLINE and ITALICIZE

      Reason behind sharing details about BOLD, UNDERLINE and ITALICIZE tags is because these doesn’t work with traditional HTML tags like <B> <U> and <I> in notification templates.

       Example: <strong> <span style=”text-decoration: underline;”> Quick Reference for approvers: </span> </strong>

      Example:

      <span style=”font-style: italic;”>

      Select the approval status as “REJECT” beside the role that you wish to reject.

      </span>

       

      How to insert Company Logo in Email Notification Templates

      First you need to store the Logo which you want to use in Email notifications in GRC MIME repository

      Go to SE80 Tcode and click on MIME REPOSITORY. Import the Logo which you wanted to use into MIME objects repository as shown below:

      Mime1.png

      Mime 2.png

      Mime 3.png

      Once the above activities are completed, the next step is to use the LOGO in Email notification Templates.

      Note: URL for logo is no transportable and need to be individually changed in each system when notification template is transported.

      Use the image source tag as shown below:

      <img src = “http://my_server.my_domain/sap/public/bc/ur/MyLogo.png“>

      For image source URL, you can follow below approach:

      Go to Tcode SICF and select service name as “UR”

      When you click on “Test Service” a URL popup will be shown. You can just use that URL and append it with your image details:

      Example: <img src = “http://hostname:portnumber/sap/public/bc/ur/MyLogo.png“>

      How to create New Message Class for Notification Templates

      How to create new Message Class for any workflow in GRC ?

      Very common requirement is customers request to have specific Email notifications at each stage individually and for such scenarios it might require creation of Custom message classes to be used at various stages in workflow and you can follow below process for creating new message classes 🙂

      Example: For EAM Log Review Workflow there are no FORWARD and RETURN Message Class available.

      Execute Tcode SM30

      Open table GRFNVNOTIFYMSG and click on Maintain button and then click on “NEW ENTRIES” and maintain as below and once done click on SAVE button

      Execute Tcode SM30

      Open table GRFNVNOTIFYMSGC and click on Maintain button and then click on “NEW ENTRIES” and maintain as below and once done click on SAVE button

      Once the above mentioned activities are completed, now the newly created Message Class can be added to your MSMP Variables & Templates Notification Templates section as shown below

      How to trigger different email notifications for same Message class?

      It is very common requirement where end users expect each email notification for the Access Requests to be customized according to the request instead of having a generic notification template for all requests.

      This requirement can be achieved easily using “Message Number” and Custom Template ID. Details are as shown below:

      Email Template with Message Number: 000

      Email Template with Message Number: 001

      MSMP Configuration for the above created email templates. You can use the corresponding template IDs in the stage notification settings

      Notification Variables in GRC

      Each workflow process provides as set of notification variables that can be used in the notification templates. They are displayed on the bottom of the screen in step 4, ”Variables & Templates”, in the customizing activity Maintain MSMP Workflows.

      Few queries regarding Notification Variables customization especially %PROVISIONING% and %PROVISIONING_WITHOUT_PASSWORD%

      For ARQ provisioning there are 2 variables which are sent along with END OF REQUEST notification( with Roles and Password details) PROVISIONING and PROVISIONING_WITHOUT_PASSWORD

      These variables are standard variables which are calculated run-time and these can be customized by creating your own notification variables function module and adding our own logic but again that require development 🙂

      2012041 – Is it possible to suppress the role details in the variable %PROVISIONING%

      1854408 – Potential information disclosure relating to user password

       How to create custom notification variables in GRC

      Copy standard function module “GRAC_NOTIF_VAR_RULE_AR” and create a new custom function module (e.g. ZGRAC_NOTIF_VAR_RULE_AR)

      Add the logic for custom variable in your custom function module and then activate the function module

      Example:

      Open the MSMP configuration using expert mode transaction “GRFNMW_CONFIGURE” and add custom variables under the process ID “SAP_GRAC_AR”. You may get a prompt warning to use customer name space. Just press ENTER button then the change gets saved into transport request.

      Open the MSMP configuration using  transaction “GRFNMW_CONFIGURE_WD” and goto Step 2. Maintain Rules. Add this newly created ‘Z’ function module as a Notification Variables Rule. Also maintain this Z Function Module in the Notification Rule under Global Rules in Step 2.

      Save and Activate the MSMP workflow configuration.

      Now you can use the custom Z variable in the document objects.

      How to modify URL shown in GRC notification variables to enable SSO

      First setup Single Sing On (SSO) between Enterprise Portal and GRC system.

      Once done, create a Portal iView in Content Adminstration -> Portal Content Management using standard GRC Access Control iView Template.

      In the template, Application Name, Configuration Name, System, Location etc fields are maintained and once the template is maintained then PERMISSIONS need to be maintained for iView.

      Once the above steps for creation of portal iview are completed, modify the URL used in the notification variables by creating a Custom Notification Variable Function module and replace the URL with Portal iView which you can work with ABAPer and Portal guys to get the details.

      Once all above steps are done even the approvers can access all Approval Links in Email notifications via SSO without entering UserID and Password 🙂

      Note: Deactivate password for all users in GRC System including approvers UserIDs 🙂

      How to add custom message on End User Login screen in GRC?

      You can follow the instructions mentioned in SAP Note: 1604983 – Add a custom message on the End user Login Screen

      Just try the steps as mentioned below:

      SAP GRC PC Email Notifications – Customization

      In GRC Process control also, as part of automated and manual control monitoring workflows,  the Control Owners, Control Testers, Remediation Owners etc. receive various email notifications. Based on the customer specific requirements these email notifications can be customized and maintained easily similar to GRC access control. In this section, I will explain on how you can achieve it:

      Step 1: Configure message class handler in GRC  workflow email notifications in SPRO

      Step 2: Similar to GRC access control, you can create custom email notification templates in SE61. A sample of email notification template for “New Issue – Workitem” is shown below for reference:

      Step 3: Custom email notification templates which have been created in previous step have to be tagged to the custom message class as per your requirements in SPRO -> GRC -> Process Control ->  Maintain User Defined Notification Templates

      Step 4: This is the important step where you will have to tag the corresponding workflow tasks to the message class created in Step 3. You can retrieve the task details from table HRS1000 or using transaction PFTC (Standard Tasks)

      For assigning PC standard tasks to corresponding message class, use transaction code SM30 and enter the details in view GRPCV_WFNTTMPC (Custom workflow email notification template)

      Step 5: For GRC PC email notifications to trigger to respective Control Owners, Remediation Owners, Control Testers etc., the program “SWN_SELSEN” has to be scheduled to run periodically in GRC system.

      Step 6: When automated control monitoring job is scheduled then the PC email notifications will be triggered based on the notification templates configured in the above mentioned steps.

      SAP GRC PC Workflow Item URL link – Customization

      In GRC Access Control, we usually copy out the standard notification variables function module and customize the variables logic or include additional variables as required. Finally, the customized function module will be updated into MSMP workflow configuration so that notification variables will be referenced from the customized FM

      In GRC Process Control, the Workflow design leverages standard SAP workflow engine and the way notification variables are populated during runtime is different from GRC AC.

      For customizing the PC email notification variables, you need to enhance and input your logic in the following Class and Methods:

      Example: We have to replace the hostname with F5 URL to enable SSO when Control Owners navigate to work items from email notifications. Hence, have to update the hostname in the auto generated URL

      Looking forward for all your inputs in improving this blog with all more details 🙂

      Thanks for reading.

      Best Regards,

      Madhu Babu Sai

       

      • Alert Moderator

      Assigned tags

      Related Blog Posts

        Related Questions

          /
          Mime1.png
          Mime 2.png
          Mime 3.png
          31 Comments
          You must be Logged on to comment or reply to a post.
          • Author's profile photo Colleen Hebbert
            Colleen Hebbert
            April 18, 2015 at 1:28 pm

            HI Madhu

            Great to see you targeting topics like this and showing the technical configuration.

            Ways your could make this document even better would be to give a business example (and when/why you would do this) as well as a screen shot of before/after of what it looks like to the end users. That is why put the effort into configuring it and how does it improve communication for the requester/approver/etc?

            It'll greatly help the non-technical and those new to MSMP/notifications see what it's all about.

            Regards

            Colleen

            • Like(0)
            • Author's profile photo Madhu Babu
              Madhu Babu Post author
              April 18, 2015 at 1:50 pm

              Hi Colleen,

              Thanks a lot for your feedback 🙂

              Even I was thinking that the blog was missing something and as you suggested adding some screenshots on how notifications look with HTML tags and explaining the business purpose will add more value. I will update the blog accordingly.

              Regards,

              Madhu.

              • Like(0)
              • Author's profile photo Colleen Hebbert
                Colleen Hebbert
                April 22, 2015 at 11:40 am

                yeah - it's a great bit of information but you'll get a lot more response where people can see what you are impacting on the system 🙂

                Thanks again for your contributions.

                • Like(0)
          • Author's profile photo Former Member
            Former Member
            April 19, 2015 at 10:50 am

            Wow, such a nice article. I believe the author must be very smart and technically competitive. I will use this article for my future configuration reference, thank you so much for spending efforts on this topic!

            • Like(0)
          • Author's profile photo Former Member
            Former Member
            April 19, 2015 at 10:51 am

            Great article, clear and easy to understand!!!

            • Like(0)
          • Author's profile photo Former Member
            Former Member
            April 19, 2015 at 12:13 pm

            Hi Madhu,

            Great effort Madhu....Really it's good document.

            Regards,

            Venu

            • Like(0)
          • Author's profile photo Former Member
            Former Member
            April 20, 2015 at 3:55 am

            Hi Madhu,

            Excellent Document.

            Could you let know, how to see the content of the below variables. The function module GRAC_NOTIF_VAR_RULE_AR has below links, but it does not show,whether HREF tag is available or not.

            LINK_APPROVE_REJECT    Link to Approve/Reject by Email

            LINK_GET_APPROVERS    Link to get Approvers

            LINK_GET_REQ_STATUS    Link to get Request Status


            Regards

            Plaban

            • Like(0)
            • Author's profile photo Madhu Babu
              Madhu Babu Post author
              April 20, 2015 at 11:37 am

              Hi Plaban,

              In GRAC_NOTIF_VAR_RULE_AR you can see the variables and by debugging you can see the URL or once the notifcation is recieved you can see URL from the template as well.


              HREF is just to make the big URL as small link in Email notification display.


              Regards,

              Madhu.

              • Like(0)
          • Author's profile photo Former Member
            Former Member
            April 21, 2015 at 5:45 pm

            Hello Madhu,

            Great document and really helpful.

            Thanks

            GRC Admin

            • Like(0)
          • Author's profile photo Former Member
            Former Member
            April 27, 2015 at 3:20 am

            Hi Madhu,

            Thanks for the information sharing. It is helpful.

            Regards,

            Fabian

            • Like(0)
            • Author's profile photo Madhu Babu
              Madhu Babu Post author
              April 29, 2015 at 6:00 am

              Hi Fabian,

              Thanks for the feedback 🙂

              Regards,

              Madhu.

              • Like(0)
              • Author's profile photo Former Member
                Former Member
                April 29, 2015 at 9:33 am

                Thanks Madhu.

                I think there is some problem with program, it's not converting the %LINK_GET_REQ_STATUS% value in mail.


                however link_approve_reject value is reflecting in the mail.

                I have one more issue, when user submit Access request, 2 notofication events get trigger , 1 is REQUEST_SUBMISSION to GRAC_REQUESTER and NEW_WORK_ITEM to GRAC_MANAGER but email triggers for only one event, which system selects randomly.

                I check in the SOST, sometimes mail trigger to GRAC_MANAGER & sometimes to GRAC_REQUESTER.

                Could you please help me to resolve this issue.

                Regards,

                Pavan

                • Like(0)
          • Author's profile photo Former Member
            Former Member
            April 28, 2015 at 7:19 am

            Hi Madhu,

            Great work.Very well defined documents.

            However LINK_GET_REQ_STATUS could not be converted into URL in my receipt mail.

            It's showing %LINK_GET_REQ_STATUS% only.

            Please help me on that.

            And also How to define variable for End user name if I am submitting  request on behalf of other person. He gets a mail if I fill the email field , I want first & last name field value to be reflected on mail.

            Regards,

            Pavan

            • Like(0)
            • Author's profile photo Madhu Babu
              Madhu Babu Post author
              April 29, 2015 at 5:59 am

              Hi Pawan,

              I just checked and it is working properly.

              Click <A href="%LINK_GET_REQ_STATUS%">here</A> to view request status

              For using User Name already there are standard variables provided by SAP 🙂

              Regards,

              Madhu.

              • Like(0)
              /
          • Author's profile photo Former Member
            Former Member
            May 12, 2015 at 5:21 am

            Hi Madhu,

            fine documentation, very helpful. Thanks for this.

            I have one question left:

            How is it possible to get the notifications in (for example) 4 languages?

            Shall I login seperately in the 4 different languages and maintain the notifications in the different languages. Could this be an solution?

            Thanks and best regards

            René

            • Like(0)
          • Author's profile photo Mustafa Motalib
            Mustafa Motalib
            May 13, 2015 at 8:30 am

            Hi Madhu

            Thanks for sharing the doc.

            Im looking for the comments entered on the Access Request when Rejecting a Request to be displayed on the Notification for Rejection mail.

            Has anyone configured a variable for this?

            If you have please share steps.

            Thanks

            Mustafa

            • Like(0)
            • Author's profile photo Madhu Babu
              Madhu Babu Post author
              May 13, 2015 at 11:30 am

              Hi Mustafa,

              There is a variable called COMMENTS which gets filled based on the comments entered during REQUEST REJECTION and FORWARD scenarios.

              Just use it %COMMENTS% in your notification template.

              Check below note if the variable is missing.

                1917639 - UAM: Adding Comments and approver name variables in Access Request approval mail

              Regards,

              Madhu.

              • Like(0)
              • Author's profile photo Mustafa Motalib
                Mustafa Motalib
                May 21, 2015 at 6:02 am

                Thanks Madhu

                I had to follow the SAP Note as i did not have the COMMENTS Variable.

                However its not working.

                Followed the steps in the note, Added variable %COMMENTS% on the Rejection Notification and still not working.

                When i receive the notification it does not show the comments but shows %COMMENTS% instead.

                I also went to MSMP to generate a new version but still no luck.

                Regards

                Mustafa

                • Like(0)
                • Author's profile photo Chandani Kaur
                  Chandani Kaur
                  May 21, 2015 at 6:09 am

                  Hello Mustafa,

                  Please confirm how you are sending reject notification in EAM as there is no option to reject logs. Kindly refer to Note: 2151950.

                  Also Comments variable is not applicable for EAM log review.  You can refer to Note:1660261 for available variables.

                  Thanks & Regards,
                  Chandani kaur

                  • Like(0)
                  • Author's profile photo Mustafa Motalib
                    Mustafa Motalib
                    May 21, 2015 at 11:15 am

                    Hi Chandani

                    This is not for EAM. Its an Access Request that gets rejected and sends an email notification.

                    Regards

                    Mustafa

                    • Like(0)
                • Author's profile photo Mustafa Motalib
                  Mustafa Motalib
                  May 27, 2015 at 9:27 am

                  Hi Madhu

                  Any help here or should I log a message with SAP.

                  Regards

                  Mustafa

                  • Like(0)
          • Author's profile photo Former Member
            Former Member
            June 3, 2015 at 2:36 pm

            Hi Madhu,


            Nice document! It's helping me a lot but I have a question.

            Can we use standard variables that are not on the list provided by SAP but are on the function module GRAC_NOTIF_VAR_RULE_AR?

            An example is APPROVER_FULL_NAME.

            I've tried to add this variable to the list on step 4 but got an error that said that the variable had to begin with x*, y* or z*.

            Best regards,

            Denise

            • Like(0)
            • Author's profile photo Madhu Babu
              Madhu Babu Post author
              June 3, 2015 at 4:24 pm

              Hi Denise,

              You can add but you cannot do it from MSMP workflow configuration Step 4.

              Execute GRFNMW_CONFIGURE Tcode (Expert Mode). From here you can add, you will get a warning to select correct namespace but you just click enter and it will allow you to save the changes 🙂 Just try and let me know if you face any issue.

              Regards,

              Madhu.

              • Like(0)
              /
              • Author's profile photo Former Member
                Former Member
                June 3, 2015 at 4:44 pm

                Thank you Madhu
                It worked perfectly! 🙂

                Best regards,

                Denise

                • Like(0)
              • Author's profile photo Former Member
                Former Member
                June 11, 2015 at 2:52 pm

                Hi Madhu,

                I manage to configure the variables via GRFNMW_CONFIGURE like you said but here is the catch: for the rejection notification I had no problems with the variables but for the approval one, the variables are not showing on the message.

                I am a little confused because I copied both object documents from the standard and just added the variable %APPROVER_FULL_NAME%. For one document it works perfectly and for the other, it doesn't.

                Has it ever happened to you?

                Thanks.

                Regards,

                Denise.

                • Like(0)
                • Author's profile photo Kevin Tucholke
                  Kevin Tucholke
                  June 11, 2015 at 5:13 pm

                  When this happens, have you ever used the MSMP Instance Monitor and the Messages Log to see what is happening on the calculation of that particular variable.  You are able to see the calculation start and result in this tool.

                  Thank,

                  Kevin Tucholke

                  • Like(0)
          • Author's profile photo Former Member
            Former Member
            July 1, 2015 at 6:24 am

            Madhu,

            You have been a great help. Another awesome post which will help many other.

            Many Thanks,

            Richa Sharma

            • Like(0)
          • Author's profile photo Former Member
            Former Member
            March 27, 2016 at 12:02 pm

            Hi Madhu,

            Is there any template apart from the given

            ď‚· GRAC_EMAILRMDR_CUP: used for Access Request Approval workflows

            ď‚· GRAC_EMAILRMDR_SOD: used for SOD Risk Review Workflow

            ď‚· GRCC_EMAILRMDR

            to send email reminders to the affected users to follow-up with the approves of their request? these templates are used for sending reminder to approves it seems.

            How to send email reminders to the requester or affected users about the status or their request  periodically? 

            kindly shed some light.....

            Thanks

            • Like(0)
          • Author's profile photo Former Member
            Former Member
            August 17, 2017 at 7:34 am

            Hi Experts,

             

            Is there any variable for access request "Due Date".

            We need to include this value in the notification email to role owners.

             

            • Like(0)
          • Author's profile photo Mark Wilson
            Mark Wilson
            May 11, 2018 at 4:53 pm

            Hello GRC experts,

            I just configured the Mitigating control in GRC 10 for the assignment to users and we have created a custom template to be used to be sent to the approvers. We have added a hyperlink in the email which calls the variable LINK_APPROVE_REJECT. When the request is sent the hyperlink is present but it does not do anything and the hyperlink does not open the item to approve.

            When I look at the custom template we created in MSMP I can see that the notification variable LINK_APPROVE_REJECT is not available for the request type SAP_GRAC_CONTROL_ASGN. I followed the attached procedure to manually add the template and it now appears:

            (1).Open transaction SM31.
            (2) In Table/View provide 'V_GRFNNOTIFVARBL' and click on Maintain button.
            (3) Click on New Entries button and provide following value:
            Process Type - SAP_GRAC_CNTLASGN
            Notification Temp. Variable - LINK_APPROVE_REJECT
            Variable Description - Approve and reject forward.
            (4) Click on Save button.

            I have simulated the MSMP workflow to ensure the changes are appearing yet the link is still not working. I don't follow that a workflow would be created that sends an email without the option to approve/reject the mitigation via a link. Its a common practice for EAM log/ARM approvals. Please advise if I have missed a step or there is another variable required for mitigation approval.

            • Like(0)
          • Author's profile photo khagendra Padhy
            khagendra Padhy
            August 19, 2019 at 1:42 pm

            Hi Madhu,

            I have written HTML code to insert logo in email template & while testing it worked fine in online . Even logo was showing online (w3schools dot com).

            But when mail is triggered from GRC for approval , i can see logo is not getting picked up & it’s showing below.

            Can you please help , whether i need to do anything from domain level or missing any setting in SAP. Screen shots attached for reference.

            • Like(0)
            /
          Find us on
          • Privacy
          • Terms of Use
          • Legal Disclosure
          • Copyright
          • Trademark
          • Newsletter
          • Support