Hello All,

 

Please find the purpose of each option in Modify Task Settings in MSMP in the tab MP.png

 

 

 

/wp-content/uploads/2016/06/msmp_977685.png

 

 

1.     Runtime Cnfg Chng Ok

 

If there are stage setting configuration changes after the workflow has been initiated, setting this action allows the workflow to use the new workflow settings.

 

 

2.     Path Reval New Role

 

When Request is going to Multiple Paths and the Approver wants to add the Roles at their Stage, the Path needs to be re-evaluated. This functionality ‘Path Reval New Role’ is useful in evaluating when the Request is going to Multiple Paths.

 

 

/wp-content/uploads/2016/06/2_977686.png

 

If the option Only New Roles in Evaluation Path is selected, the request needs to be evaluated by the approver whenever new roles are added.

 

If the option No Path Revaluation for New Roles is selected, the request will not come back to the approver after approving.

 

If the option All Roles in Request (Re-Evaluate) is selected, the request needs to be re-evaluated by the approver for all the roles.

 

3.     Reroute

 

Reroute functionality is to send request to one of the previous stages in the workflow. If the request workflow has only one stage it cannot be rerouted as there is only one stage. The minimum number of stages required to reroute is at least two.

 

For action “Reroute” to be enabled for approvers, the following three conditions need to be met

  • Stage level setting for reroute should be active
  • The present stage cannot be first stage (e.g. first approver attempts to reroute after request is submitted)
  • Request should not have multiple paths to follow (e.g. at runtime request can’t take two different paths)

 

4.     Confirm Rejection

 

This functionality Provides the approver with an additional screen asking the approver to confirm whether the request has to be Rejected with YES or NO.

 

/wp-content/uploads/2016/06/4_977715.png

5.     Approve By Email

 

This Functionality Enables approval through E-Mail

 

 

6.     Approve Despite Risk

 

This setting will allow the approval of a request when there are unmitigated risks.

 

7.     Reaffirm Approve  

 

This functionality will prompt approver to supply user id and password while approving the request.

 

 

8.     Change Request Det

 

Change request Details is required to make the field’s editable/non-editable for an approver. If it is set to “NO” then the approver cannot change few fields like User validity start date, User validity end date etc while approving the request. If this parameter is set to “Yes”, approver can change the fields’ value. So set this setting as per your company’s requirements.

 

 

9.     Approval Level

 

 

/wp-content/uploads/2016/06/9_977714.png

 

In case of having Request line item, you can enable Approval at request level.

 

In case of having Role line item, you can enable Approval at role level. Approver can approve the role requested

 

In case of having System and Role line item together in one request and if Approver approves the System line item, application also approves the roles associated with that system automatically.

 

If the Approval Level is ‘System and Role’ or ‘Request’ the whole request gets forwarded and not just the specific role/s. If you want to forward roles in a request to different role approvers, then set the Approval Level to ‘Role’.

 

10. Comments Mandatory

 

The stage configuration parameter ‘Comments Mandatory’ is used to provide comments at the request level and not at line item level.

 

If it is set to Rejection, then the request will ask for comments if the request is rejected by the approver. It would not ask for comments in case the approver approves the request. Similarly if it is set to Approval, then it would ask the approver for comments if the approver approves the request and would not ask if the request is rejected. If it is set to Both, then it would ask for comments for both Approval and Rejection.

 

 

11. EUP ID

The End user Personalization helps the administrators to set the parameters that define the behaviour of the fields and the pushbuttons on the Access Request screen.

 

EUP helps to:

  • Specify the number of visible rows
  • Set Fields to visible or hidden
  • Set fields as mandatory
  • Define Default values for the fields

 

12. Override Assign Type

This functionality is used when both direct and indirect provisioning is utilized. Enabling this setting allows the approver to decide whether a specific role should be assigned directly or indirectly

 

13.Add Assignment

 

‘Add Assignment’, will allow you to add assignments such as roles during runtime of the request i.e. while approval process. However, this will not allow removal of any assignments which have already been added to the request and for those assignments, you will find ‘Remove’ button as disabled.

 

14. Request Rejected

 

This Functionality Allows Approver to reject the request.

 

15. Confirm Approval

 

Provides the approver with an additional screen asking the approver to confirm whether the request has to be approved with YES or NO.

 

/wp-content/uploads/2016/06/15_977716.png

 

16. Reject By Email

 

Enables rejection through E-Mail

 

 

17. Forward Allowed

 

This functionality Allows approvers to forward requests to be reviewed by another approver.

 

 

18. Display Review Scrn

This functionality will Display a review screen prior to a final approval or rejection of the request which would allow the final approver to see everything that has been approved.

 

19. Reaffirm Reject

 

This functionality will prompt approver to supply user id and password while rejecting the request.

 

 

20. RA Mandatory

 

The RA Mandatory will control whether the approvers need to perform risk analysis before approving of a request. It has three options.

 

YES      –           Risk Analysis is Mandatory    

YAC      –           Risk Analysis is mandatory if Access id changed or if Risk Analysis Failed (This setting will not allow a approver to approve a request when RA fails)

NO       –           Risk Analysis is not mandatory

 

 

21. Rejection Level

 

 

/wp-content/uploads/2016/06/21_977717.png

In case of having Request line item, you can enable Rejection at request level.

 

In case of having Role line item, you can enable Rejection at role level. Approver can reject the role requested

 

In case of having System and Role line item together in one request and if Approver rejects the System line item, application also rejects the roles associated with that system automatically.

 

 

22. EMail Group

 

This functionality is not supported.

 

 

23. Allow Manual Prov

This functionality will be used on last stage of the workflow path. If enabled, it displays an option for provisioning manually.

Any Additions or Subtractions to this document is most welcome.

 

 

 

Regards,

Rakesh Ram M

To report this post you need to login first.

7 Comments

You must be Logged on to comment or reply to a post.

  1. Gretchen Lindquist

    Note from the Moderator: empty comments including but not limited to “Thank you”, “Way to go,” “Great document” , and all such comments will be deleted. Please, either say something meaningful, or just use the Like button. That is what it is for. Please take pity on the mailboxes of all subscribers to this space. Thank you.

    (0) 
  2. Arun Singal

    Hi Rakesh,

    Thank you for taking out valuable time & preparing the detailed document. Appreciate your work.

    Just a small suggestion as this is a very useful & detailed document. I think we can also include the info about a frequently used feature at stage level in modify task settings:

    1. “Routing/Detour” (Routing Enabled-Checkbox):

    Routing/Detour: This feature is used for routing the request based on the certain conditions that are encountered in a request & accordingly, the request is routed or detoured to a different Path.

    Some of the standard conditions like: ‘No Role owner found’ or ‘SOD Violation’. we can also customize & create our own set of condition via BRF+. Once the ‘Routing Enabled Checkbox’ is checked further option will appear on the screen & as per the requirement the values in this options are selected.

    Rule IDs: Rule id is selected based on the previously created rule ids in the step 2 (Maintain Rules) of the MSMP workflow.

    Routing level: “Line Item Level or Stage Level”.

    Finally, the mapping is done in 6th step (Maintain Route Mapping) of the MSMP workflow. Wherein we specify “From current path” to “To Path” where we want to reroute our request”.

    2. Escalation Type (stage level): 

    Escalation is specified were in any of the stage approvers (Agents) don’t take any action & request remains in their work inbox. Requester or the End User keeps on waiting.


    Options available:

    Escalate to Specific Agent

    Skip to Next Stage

    No Escalation

    Depending on the “escalation time in minutes” you enter the request is escalated.

    Thank you.

    Appreciate your great work, Rakesh!.

    Best Regards,
    Arun Singal

    (0) 
    1. Rakesh Ram Post author

      Hello Arun Singal,

      Thanks a lot for taking lots of time and effort to post a comment. It really made my day.

      I will definitely add all the details about escalation and routing in a week’s time.

      Seems you have joined SCN Recently. So you have lots of documents to look around and may be you can even plan to post few out here.

      Way to go.

      Once again, Thanks a lot for the generous feedback you have given.

      Regards,

      Rakesh Ram M

      (0) 
  3. Amandeep Kaur

    Hi Rakesh,

    I want to know if EUP ID can be mapped to one particular workflow rather than it get’s mapped to the whole workflow ?

    I mean can we make any field mandatory just for one workflow through EUP ?

    Regards,

    Amandeep Kaur

    (0) 
  4. Sreekanth Reddy Chenchani

    Hi,

    small doubt on below.
    Approve Despite Risk:  if we check this option @ Role owner stage, if risks are found & approved by role owner will it routed to SOD stage or it will go to next stage(security).

    Awaited for comments

    /.Sreekanth

    (0) 
  5. Jonathan Yim

    hi, one thing to add. Although the Remove button is not available (See 13 Add Assignment) you can still remove the assigned roles. By clicking to the Add Roles in the ARM, you can actually ‘push’ the original assigned roles away (remove them).

    (0) 

Leave a Reply