• SAP Community
  • Products and Technology
  • Financial Management
  • Financial Management Blog Posts by Members
  • SAP GRC AC and PC 10.0/10.1/12.0 - Customization o...
Financial Management Blog Posts by Members
Dive into a treasure trove of SAP financial management wisdom shared by a vibrant community of bloggers. Submit a blog post of your own to share knowledge.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP GRC AC and PC 10.0/10.1/12.0 - Customization of Email Notifications/Variables

madhusap
madhusap
Active Contributor
Options
  • Subscribe to RSS Feed
  • Mark as New
  • Mark as Read
  • Bookmark
  • Subscribe
  • Printer Friendly Page
  • Report Inappropriate Content
‎2015 Apr 18 7:01 AM
41 Kudos
78,105
  • SAP Managed Tags:
  • SAP GRC Access Approver,
  • SAP Access Control,
  • SAP Access Control for SAP S/4HANA,
  • SAP GRC Access Enforcer for SAP NetWeaver
  • SAP Access Control
    SAP Access Control
  • SAP GRC Access Enforcer for SAP NetWeaver
    SAP Access Control
  • SAP GRC Access Approver
    SAP Access Approver
  • SAP Access Control for SAP S/4HANA
    SAP Access Control
View products (4)

SAP GRC AC Email Notifications - Customization


Overview


In GRC Access control as part of Workflow approvals and reviews, access control users like Managers, Role Owners, FF ID Owners and Controllers, Function/Risk/Mitigation Approvers, Monitors, Users, Requestors etc. receive various Email notifications. Based on the customer sepcific requirements these Email notifications are enhanced and maintained. This blog is to discuss about various customizing options available for GRC notifications as well as notification variables and their limitations and scope :smile:

 For beginners below document gives details on how to customize email notifications templates in GRC

AC 10.0 - How to Customize Notification Templates for AC Workflow

 

Email Notification Templates - HTML Tags

1. HREF (For Email ID and URLs)


Business Scenario:

Notification variables which gets converted to URLs in the notification emails will have a very big URL with Path ID, Stage ID etc. Basically when the URL is not maintained as HREF using HTML tags, in most of the cases Emails get routed to JUNK folder in mailbox because of various special characters in the URL. Hence it is suggested to use HREF tag and make these GRC URLs as links which will avoid routing to JUNK folder issue as well as avoids end users directly seeing all technical details of the URL. Below are some of the variables which gets converted to URLs in notification Emails.


 LINK_APPROVE_REJECT    Link to Approve/Reject by Email

LINK_GET_APPROVERS    Link to get Approvers

LINK_GET_REQ_STATUS    Link to get Request Status

 

Example: How the above variables look in notification emails with and without HTML tags

a. %LINK_APPROVE_REJECT%



b. Click <A HREF = %LINK_APPROVE_REJECT% > here </A> to approve/reject the request



 

2. To Include GRC Help-desk Email

Business Scenario:

When end users receive email notifications for GRC related requests then most of the times we observed that users will have queries with the Emails or about their GRC requests and wanted to contact concerned GRC Admin/Help-desk for clarifications. In order to make it easy for end users to contact HELP-DESK, we can include Email ID in notification emails.

Example: How to include Email link in notifications

Please contact GRC Admin at <A href="mailto:Test@test.com"> GRC Helpdesk </A>



3. BOLD, UNDERLINE and ITALICIZE


Reason behind sharing details about BOLD, UNDERLINE and ITALICIZE tags is because these doesn't work with traditional HTML tags like <B> <U> and <I> in notification templates.

 Example: <strong> <span style="text-decoration: underline;"> Quick Reference for approvers: </span> </strong>



Example:

<span style="font-style: italic;">

Select the approval status as "REJECT" beside the role that you wish to reject.

</span>



 

How to insert Company Logo in Email Notification Templates

First you need to store the Logo which you want to use in Email notifications in GRC MIME repository

Go to SE80 Tcode and click on MIME REPOSITORY. Import the Logo which you wanted to use into MIME objects repository as shown below:







Once the above activities are completed, the next step is to use the LOGO in Email notification Templates.

Note: URL for logo is no transportable and need to be individually changed in each system when notification template is transported.

Use the image source tag as shown below:

<img src = "http://my_server.my_domain/sap/public/bc/ur/MyLogo.png">

For image source URL, you can follow below approach:

Go to Tcode SICF and select service name as "UR"





When you click on "Test Service" a URL popup will be shown. You can just use that URL and append it with your image details:

Example: <img src = "http://hostname:portnumber/sap/public/bc/ur/MyLogo.png">



How to create New Message Class for Notification Templates

How to create new Message Class for any workflow in GRC ?

Very common requirement is customers request to have specific Email notifications at each stage individually and for such scenarios it might require creation of Custom message classes to be used at various stages in workflow and you can follow below process for creating new message classes :smile:

Example: For EAM Log Review Workflow there are no FORWARD and RETURN Message Class available.

Execute Tcode SM30

Open table GRFNVNOTIFYMSG and click on Maintain button and then click on "NEW ENTRIES" and maintain as below and once done click on SAVE button



Execute Tcode SM30

Open table GRFNVNOTIFYMSGC and click on Maintain button and then click on "NEW ENTRIES" and maintain as below and once done click on SAVE button



Once the above mentioned activities are completed, now the newly created Message Class can be added to your MSMP Variables & Templates Notification Templates section as shown below



How to trigger different email notifications for same Message class?

It is very common requirement where end users expect each email notification for the Access Requests to be customized according to the request instead of having a generic notification template for all requests.

This requirement can be achieved easily using "Message Number" and Custom Template ID. Details are as shown below:

Email Template with Message Number: 000



Email Template with Message Number: 001



MSMP Configuration for the above created email templates. You can use the corresponding template IDs in the stage notification settings



Notification Variables in GRC

Each workflow process provides as set of notification variables that can be used in the notification templates. They are displayed on the bottom of the screen in step 4, ”Variables & Templates”, in the customizing activity Maintain MSMP Workflows.

Few queries regarding Notification Variables customization especially %PROVISIONING% and %PROVISIONING_WITHOUT_PASSWORD%

For ARQ provisioning there are 2 variables which are sent along with END OF REQUEST notification( with Roles and Password details) PROVISIONING and PROVISIONING_WITHOUT_PASSWORD

These variables are standard variables which are calculated run-time and these can be customized by creating your own notification variables function module and adding our own logic but again that require development :smile:


2012041 - Is it possible to suppress the role details in the variable %PROVISIONING%


1854408 - Potential information disclosure relating to user password



 How to create custom notification variables in GRC


Copy standard function module "GRAC_NOTIF_VAR_RULE_AR" and create a new custom function module (e.g. ZGRAC_NOTIF_VAR_RULE_AR)

Add the logic for custom variable in your custom function module and then activate the function module

Example:



Open the MSMP configuration using expert mode transaction "GRFNMW_CONFIGURE" and add custom variables under the process ID "SAP_GRAC_AR". You may get a prompt warning to use customer name space. Just press ENTER button then the change gets saved into transport request.



Open the MSMP configuration using  transaction "GRFNMW_CONFIGURE_WD" and goto Step 2. Maintain Rules. Add this newly created 'Z' function module as a Notification Variables Rule. Also maintain this Z Function Module in the Notification Rule under Global Rules in Step 2.



Add the new custom notification variable (e.g. ZXXXX) in step 4 of MSMP workflow configuration

Save and Activate the MSMP workflow configuration.

Once the above steps are completed, you need to write logic for the custom variable in ZGRAC_NOTIF_VAR_RULE_AR:
E.g. If the custom variable you need to include is part of Request Header, then your logic should be as below:


* -----------------------------------------------------------------------------------------------------------------------------
WHEN 'ZXXXX'.
* -----------------------------------------------------------------------------------------------------------------------------
ls_varsout-variable_value = <ls_reqheader>-<Your Custom FieldName>.
APPEND ls_varsout TO lt_varsout.

Finally include the custom variable "ZXXXX" in SE61 email notification template

How to modify URL shown in GRC notification variables to enable SSO


First setup Single Sing On (SSO) between Enterprise Portal and GRC system.


Once done, create a Portal iView in Content Administration -> Portal Content Management using standard GRC Access Control iView Template.


In the template, Application Name, Configuration Name, System, Location etc fields are maintained and once the template is maintained then PERMISSIONS need to be maintained for iView.


Once the above steps for creation of portal iview are completed, modify the URL used in the notification variables by creating a Custom Notification Variable Function module and replace the URL with Portal iView which you can work with ABAPer and Portal guys to get the details.


Once all above steps are done even the approvers can access all Approval Links in Email notifications via SSO without entering UserID and Password :smile:


Note: Deactivate password for all users in GRC System including approvers UserIDs :smile:


How to add custom message on End User Login screen in GRC?


You can follow the instructions mentioned in SAP Note: 1604983 - Add a custom message on the End user Login Screen















Just try the steps as mentioned below:







SAP GRC PC Email Notifications - Customization

In GRC Process control also, as part of automated and manual control monitoring workflows,  the Control Owners, Control Testers, Remediation Owners etc. receive various email notifications. Based on the customer specific requirements these email notifications can be customized and maintained easily similar to GRC access control. In this section, I will explain on how you can achieve it:

Step 1: Configure message class handler in GRC  workflow email notifications in SPRO




Step 2: Similar to GRC access control, you can create custom email notification templates in SE61. A sample of email notification template for "New Issue - Workitem" is shown below for reference:




Step 3: Custom email notification templates which have been created in previous step have to be tagged to the custom message class as per your requirements in SPRO -> GRC -> Process Control ->  Maintain User Defined Notification Templates



Step 4: This is the important step where you will have to tag the corresponding workflow tasks to the message class created in Step 3. You can retrieve the task details from table HRS1000 or using transaction PFTC (Standard Tasks)



For assigning PC standard tasks to corresponding message class, use transaction code SM30 and enter the details in view GRPCV_WFNTTMPC (Custom workflow email notification template)



Step 5: For GRC PC email notifications to trigger to respective Control Owners, Remediation Owners, Control Testers etc., the program "SWN_SELSEN" has to be scheduled to run periodically in GRC system.


Step 6: When automated control monitoring job is scheduled then the PC email notifications will be triggered based on the notification templates configured in the above mentioned steps.


SAP GRC PC Workflow Item URL link - Customization

In GRC Access Control, we usually copy out the standard notification variables function module and customize the variables logic or include additional variables as required. Finally, the customized function module will be updated into MSMP workflow configuration so that notification variables will be referenced from the customized FM

In GRC Process Control, the Workflow design leverages standard SAP workflow engine and the way notification variables are populated during runtime is different from GRC AC.

For customizing the PC email notification variables, you need to enhance and input your logic in the following Class and Methods:


Example: We have to replace the hostname with F5 URL to enable SSO when Control Owners navigate to work items from email notifications. Hence, have to update the hostname in the auto generated URL





Looking forward for all your inputs in improving this blog with all more details :smile:















Thanks for reading.

Best Regards,

Madhu Babu Sai

 
  • governance risk and compliance sap grc
34 Comments

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

  • Comment
Labels in this area
  • "Cloud Public" 1
  • 2023 Upgrade 1
  • Access Control 1
  • AccountBasedCOPA 1
  • Accounting 1
  • Accounting & Financial Close 1
  • Accounting and Financial Close 1
  • AS02 1
  • Asset acquisition via BAPI_ACC_DOCUMENT_POST 1
  • Asset Impairment Asset Revaluation Configuration 1
  • ASSET MASTER DATA 1
  • Assets 1
  • Assign Missing Authorization Objects 1
  • Automatic Payments 1
  • Bank Reconciliation Accounts 1
  • BAPI 1
  • BRIM SAP S4 HANA Service Subscription Order Management Process Flow 1
  • CLM 2
  • cloud security 1
  • Consolidation 2
  • Controlling 1
  • COPA 2
  • CostingBasedCOPA 1
  • CPQ 1
  • Customer payment Automation 1
  • cybersecurity 2
  • Data model 1
  • document types 1
  • Don't Let Passwords Be Your SAP Weak Link 1
  • EAM 1
  • Emergency Access Management 1
  • End to end Configuration for Project Interest calculation 1
  • EWZ5 1
  • EWZ6 1
  • Exchange rates in Commodity Mangement 1
  • F3548 1
  • FFID 1
  • FI-AA 1
  • FIN Asset Management 1
  • FIN-CS 1
  • finance 4
  • Fiori 1
  • Forward exchange rate 1
  • GRIR 1
  • Group Reporting 1
  • groupreporting 1
  • GTS Edition for Hana Retired tables and replacement 1
  • IFRS16 1
  • IFRS16 ROU 1
  • Invoice by DN with Down payment 1
  • Invoice Printing Lock 2
  • manage allocation 1
  • management 1
  • Mapping of Catalog & Group 1
  • Mapping with User Profile 1
  • margin analysis 1
  • matching concept and accounting treatment 1
  • Migration 1
  • OperatingConcern 1
  • Parameter 4026 1
  • Payment Batch Configurations 1
  • payment order 1
  • Predictive 2
  • Predictive Planning 1
  • ProfitabilitySegment 1
  • Project Interest calculation in Investment project 2
  • Public Cloud 1
  • Quote 1.0 1
  • REFX 1
  • Revenue Recognition 1
  • review booklet 1
  • Risk Analytics currency conversion 1
  • risk management 1
  • RSUSR_LOCK_USERS 1
  • S4 HANA 1
  • S4 HANA 2022 1
  • S4 HANA On-Premise 1
  • S4HANA 2
  • SAC PLANNING 1
  • SAC Reporting 1
  • SAC Scripting 1
  • SAP BRIM 1
  • SAP Cash Management 1
  • SAP CI 1
  • SAP ECC 2
  • SAP FICO 1
  • SAP Fiori 1
  • SAP Group Reporting 1
  • SAP RAR 1
  • SAP S4 HANA 1
  • SAP S4HANA 1
  • SAP s4hana cloud 1
  • SAP S4HANA Cloud for Finance 1
  • SAP Security 3
  • sap treasury 1
  • SAP Treasury and Risk Management 2
  • SAP Treasury Hedge Accounting 1
  • Screen layout 1
  • Screen Variant 1
  • security 2
  • Security by Default 1
  • Security by Design 1
  • top down 1
  • Transaction Variant 1
  • universal allocation 1
  • Update Reference Field Of Payment Document 1
  • Z Catalog 1
  • Z Group 1
  • « Previous
  • Next »
Related Content
  • 4H2 Selfbilling - Can we have more than 999 billing items in single invoice and accounting document? in Financial Management Q&A yesterday
  • Understanding the RACI Matrix for SAP CPQ Projects 📊 in Financial Management Blog Posts by SAP Sunday
  • Financial Statement version 1099 is not available in Customizing system in Financial Management Q&A Friday
  • FX Rates deviation at the time of customer Receipt in Financial Management Q&A Friday
  • Cash Discount to customer in Financial Management Q&A a week ago
Popular Blog Posts

SAP Access Control - Useful Documents, Blogs, Resources, etc.

theme-lib.general.user-avatar by alessandr0 • Active Contributor
  • 177697 Views
  • 72 comments
  • 141 kudos
2014 Aug 19

Helpful transactions, tools, programs, tables, etc. for a SAP GRC Consultant

theme-lib.general.user-avatar by alessandr0 • Active Contributor
  • 75712 Views
  • 36 comments
  • 86 kudos
2014 Oct 01

Configure Emergency Access (EAM) in GRC 10

theme-lib.general.user-avatar by Former Member •
  • 203783 Views
  • 122 comments
  • 65 kudos
2012 Nov 03
Top kudoed authors
User Count
Josemar-Mendes
Josemar-Mendes
1
GOWRESHANHARAN
GOWRESHANHARAN
1
coleti
coleti
1
View all