Skip to Content

Every option you need to know in MSMP -> Path -> Modify Task Settings

Hello All,


Please find the purpose of each option in Modify Task Settings in MSMP in the tab MP.png







1.     Runtime Cnfg Chng Ok


If there are stage setting configuration changes after the workflow has been initiated, setting this action allows the workflow to use the new workflow settings.



2.     Path Reval New Role


When Request is going to Multiple Paths and the Approver wants to add the Roles at their Stage, the Path needs to be re-evaluated. This functionality ‘Path Reval New Role’ is useful in evaluating when the Request is going to Multiple Paths.





If the option Only New Roles in Evaluation Path is selected, the request needs to be evaluated by the approver whenever new roles are added.


If the option No Path Revaluation for New Roles is selected, the request will not come back to the approver after approving.


If the option All Roles in Request (Re-Evaluate) is selected, the request needs to be re-evaluated by the approver for all the roles.


3.     Reroute


Reroute functionality is to send request to one of the previous stages in the workflow. If the request workflow has only one stage it cannot be rerouted as there is only one stage. The minimum number of stages required to reroute is at least two.


For action “Reroute” to be enabled for approvers, the following three conditions need to be met

  • Stage level setting for reroute should be active
  • The present stage cannot be first stage (e.g. first approver attempts to reroute after request is submitted)
  • Request should not have multiple paths to follow (e.g. at runtime request can’t take two different paths)


4.     Confirm Rejection


This functionality Provides the approver with an additional screen asking the approver to confirm whether the request has to be Rejected with YES or NO.



5.     Approve By Email


This Functionality Enables approval through E-Mail



6.     Approve Despite Risk


This setting will allow the approval of a request when there are unmitigated risks.


7.     Reaffirm Approve  


This functionality will prompt approver to supply user id and password while approving the request.



8.     Change Request Det


Change request Details is required to make the field’s editable/non-editable for an approver. If it is set to “NO” then the approver cannot change few fields like User validity start date, User validity end date etc while approving the request. If this parameter is set to “Yes”, approver can change the fields’ value. So set this setting as per your company’s requirements.



9.     Approval Level





In case of having Request line item, you can enable Approval at request level.


In case of having Role line item, you can enable Approval at role level. Approver can approve the role requested


In case of having System and Role line item together in one request and if Approver approves the System line item, application also approves the roles associated with that system automatically.


If the Approval Level is ‘System and Role’ or ‘Request’ the whole request gets forwarded and not just the specific role/s. If you want to forward roles in a request to different role approvers, then set the Approval Level to ‘Role’.


10. Comments Mandatory


The stage configuration parameter ‘Comments Mandatory’ is used to provide comments at the request level and not at line item level.


If it is set to Rejection, then the request will ask for comments if the request is rejected by the approver. It would not ask for comments in case the approver approves the request. Similarly if it is set to Approval, then it would ask the approver for comments if the approver approves the request and would not ask if the request is rejected. If it is set to Both, then it would ask for comments for both Approval and Rejection.



11. EUP ID

The End user Personalization helps the administrators to set the parameters that define the behaviour of the fields and the pushbuttons on the Access Request screen.


EUP helps to:

  • Specify the number of visible rows
  • Set Fields to visible or hidden
  • Set fields as mandatory
  • Define Default values for the fields


12. Override Assign Type

This functionality is used when both direct and indirect provisioning is utilized. Enabling this setting allows the approver to decide whether a specific role should be assigned directly or indirectly


13.Add Assignment


‘Add Assignment’, will allow you to add assignments such as roles during runtime of the request i.e. while approval process. However, this will not allow removal of any assignments which have already been added to the request and for those assignments, you will find ‘Remove’ button as disabled.


14. Request Rejected


This Functionality Allows Approver to reject the request.


15. Confirm Approval


Provides the approver with an additional screen asking the approver to confirm whether the request has to be approved with YES or NO.




16. Reject By Email


Enables rejection through E-Mail



17. Forward Allowed


This functionality Allows approvers to forward requests to be reviewed by another approver.



18. Display Review Scrn

This functionality will Display a review screen prior to a final approval or rejection of the request which would allow the final approver to see everything that has been approved.


19. Reaffirm Reject


This functionality will prompt approver to supply user id and password while rejecting the request.



20. RA Mandatory


The RA Mandatory will control whether the approvers need to perform risk analysis before approving of a request. It has three options.


YES      –           Risk Analysis is Mandatory    

YAC      –           Risk Analysis is mandatory if Access id changed or if Risk Analysis Failed (This setting will not allow a approver to approve a request when RA fails)

NO       –           Risk Analysis is not mandatory



21. Rejection Level




In case of having Request line item, you can enable Rejection at request level.


In case of having Role line item, you can enable Rejection at role level. Approver can reject the role requested


In case of having System and Role line item together in one request and if Approver rejects the System line item, application also rejects the roles associated with that system automatically.



22. EMail Group


This functionality is not supported.



23. Allow Manual Prov

This functionality will be used on last stage of the workflow path. If enabled, it displays an option for provisioning manually.

Any Additions or Subtractions to this document is most welcome.





Rakesh Ram M

You must be Logged on to comment or reply to a post.
  • Hi Rakesh,

    Never seen such detailed report so far in SCN.

    Thanks for sharing your knowledge to everyone in our SCN Family.



  • Note from the Moderator: empty comments including but not limited to "Thank you", "Way to go," "Great document" , and all such comments will be deleted. Please, either say something meaningful, or just use the Like button. That is what it is for. Please take pity on the mailboxes of all subscribers to this space. Thank you.

  • Hi Rakesh,

    Thank you for taking out valuable time & preparing the detailed document. Appreciate your work.

    Just a small suggestion as this is a very useful & detailed document. I think we can also include the info about a frequently used feature at stage level in modify task settings:

    1. "Routing/Detour" (Routing Enabled-Checkbox):

    Routing/Detour: This feature is used for routing the request based on the certain conditions that are encountered in a request & accordingly, the request is routed or detoured to a different Path.

    Some of the standard conditions like: 'No Role owner found' or 'SOD Violation'. we can also customize & create our own set of condition via BRF+. Once the 'Routing Enabled Checkbox' is checked further option will appear on the screen & as per the requirement the values in this options are selected.

    Rule IDs: Rule id is selected based on the previously created rule ids in the step 2 (Maintain Rules) of the MSMP workflow.

    Routing level: "Line Item Level or Stage Level".

    Finally, the mapping is done in 6th step (Maintain Route Mapping) of the MSMP workflow. Wherein we specify "From current path" to "To Path" where we want to reroute our request".

    2. Escalation Type (stage level): 

    Escalation is specified were in any of the stage approvers (Agents) don't take any action & request remains in their work inbox. Requester or the End User keeps on waiting.

    Options available:

    Escalate to Specific Agent

    Skip to Next Stage

    No Escalation

    Depending on the "escalation time in minutes" you enter the request is escalated.

    Thank you.

    Appreciate your great work, Rakesh!.

    Best Regards,
    Arun Singal

    • Hello Arun Singal,

      Thanks a lot for taking lots of time and effort to post a comment. It really made my day.

      I will definitely add all the details about escalation and routing in a week's time.

      Seems you have joined SCN Recently. So you have lots of documents to look around and may be you can even plan to post few out here.

      Way to go.

      Once again, Thanks a lot for the generous feedback you have given.


      Rakesh Ram M

  • Hi Rakesh,

    I want to know if EUP ID can be mapped to one particular workflow rather than it get's mapped to the whole workflow ?

    I mean can we make any field mandatory just for one workflow through EUP ?


    Amandeep Kaur

  • Hi,

    small doubt on below.
    Approve Despite Risk:  if we check this option @ Role owner stage, if risks are found & approved by role owner will it routed to SOD stage or it will go to next stage(security).

    Awaited for comments


  • hi, one thing to add. Although the Remove button is not available (See 13 Add Assignment) you can still remove the assigned roles. By clicking to the Add Roles in the ARM, you can actually 'push' the original assigned roles away (remove them).

  • Hi Rakesh,


    On July 21st, 2016, you said that you'll add stuff to this document in 1 week time.  It's October 31st, 2017.  Can you please add?


    Thank you!


    • Hello Santosh,

      Thanks for the observation.

      Instead of Adding to the blog, posted few other blogs on MSMP. You can go through that.


      But Let me know if you are looking for some specific topic of interest on MSMP

      Will be happy to share my knowledge on that.



      Rakesh Ram

  • Thanks for the document. It is very useful. I am doing MSMP for fflogs review and I am not able to see all these options. If controller wants to reject the request then how can we set. As I do not have option 1. reject requested and 2.confirm rejection. Could you please help.

  • Hi Rakesh, great write up on GRC MSMP! I was wondering if we can take the email approver a step further where we can give the approver two links in the email that will directly approve or reject instead of taking them to NWBC and click SUBMIT to approve.

  • Hi Rakesh,


    I am trying to register class ZCL_GRAC_WFA_RISK_OWNER in MSMP but there are no steps to guide me. Can you please assist me? Also in MSMP how do I set the Rule Type to be that of the class?


    Your response will be appreciated.



    Tumi J.

  • @Rakesh Ram



    Please help to provide suggestion for the below.

    I have maintained comments mandatory - Rejection in Display task setting. But still it is not asking for comments when rejecting the role.

    I dont want each line item to be maintained comments for rejection - so i dont want 2040 parameter.

    Any suggestions plz..

    I want to enter comments as whole on rejection?



  • Hello ,

    Thank you such a detailed explaination.


    i am facing  issue in GRC while submitting(approving)the request , it prompt me password to proceed further

    can you please help here