In the Stage Details screen of the MSMP Configuration, you can select the tasks that are available to approvers on the Access Request screen for approvers, and specify what they are authorized to do. For example, you can allow approvers to reject a request or forward the request to another approver.
Choose the Customizing activity Maintain MSMP Workflows, under
.The MSMP Workflow Configuration screen appears.
In the Process Global Settings phase, select the process for Access Request Approval Workflow, and then choose the Maintain Paths phase.
Under the Maintain Stages area, choose Display Task Settings.
The Stage Definition screen appears.
Under the Task Settings section, select the checkboxes for the features you want to be available to approvers on the access request screen.
Field |
Description |
---|---|
Runtime Configuration Change OK |
Use configuration changes available at runtime. |
Path Reevaluation New Role |
When applied to the access request workflow, this setting allows approvers to analyze the roles in the request against the initiators to determine if another parallel workflow must be created. You can choose from the following:
|
Reroute |
Allows approvers to reroute the request to a previous stage as an alternative to rejecting the request. Note The approval workflow is comprised of stages and paths. For a standard approver, the application does not display the reroute option in the first stage, because there is no previous stage. For an administrator, the reroute option is available for all the stages because the administrator has the ability to send the request to different paths. End of the note. |
Confirm Approval |
Displays an additional screen that requires approvers to confirm that they approve the request. |
Confirm Rejection |
Displays an additional screen that requires approvers confirm that they reject the request. |
Approve By E-mail |
Approvers receive e-mails informing them that a request requires their attention. Such e-mails include a link that opens the user provisioning screen. |
Reject by E-mail |
Approvers receive e-mails informing them that a request requires their attention. Such e-mails include a link that opens the user provisioning screen. |
Approve Despite Risk |
Allows approvers to approve requests despite risk violations. |
Reaffirm Approve |
Requires approvers to confirm their identities before approving requests. |
Reaffirm Reject |
Requires approvers to confirm their identities before rejecting requests. |
Change Request Details |
Allows approvers to change the content of requests. |
Approval Level |
Allows approvers to approve requests for the following levels:
|
Rejection Level |
Allows approvers to reject requests for the following levels:
|
Comments Mandatory |
Requires approvers to enter comments when approving or rejecting a request. |
EUP ID |
End User Personalization (EUP) allows you to define the behavior of the fields and pushbuttons on the Request Access screen, such as the following:
You set the parameters in the Customizing activity Maintain End User Personalization, under .In the EUP ID field, you enter the ID of the end user personalization you want to use. |
Override Assign Type |
Note In the provisioning configuration, you must also set Manual Provisioning to True. End of the note. |
Add Assignment |
Allows approvers to add assignments for roles or systems to the request. |
Request Rejected |
Allows approvers to reject requests. |
Forward Allowed |
Allows approvers to forward requests to another approver. |
Display Review Screen |
Allows approvers to see the Access Review screen. |
Risk Analysis Mandatory |
Requires approvers to perform risk analysis before approving or rejecting a request. |
E-mail Group |
Note The application does not use this field. We provide it only for backward compatibility. End of the note. |
Allow Manual Provisioning |
Allows approvers to provision directly from the stage approval screen. |
Choose Save.