cancel
Showing results for 
Search instead for 
Did you mean: 

Role Owner in CUP

Former Member
0 Kudos

Dear Experts,

Could you please help me in the below scenario:

I want to configure such a way that ROLEOWNER should not be able to approve the role that he owns for himself.

Eg:

Role1 approver is ROLEOWNER1.

If someone/Roleowner1 raises a request to assign the ROLE1 to ROLEOWNER1 then the roleowner1 should not be able to approve as the request is raised for himself. Instead it should go to some alternate approver.

Please advise. I will appreciate your help.

Thanks,

Raj

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Hello,

If it is 5.3. There is a parameter in CUP -> Request Form Customization -> Aprove/Reject Own Requests.

Try change that for Mandatory = YES

Good luck,

Vaner

Former Member
0 Kudos

Hi Raj,

This same setting is available in GRC v10:

IMG > GRC > Access Control > User Provisioning > Maintain End User Personalization > Maintain EUP Fields > "Approve/Reject Own Requests". ~Triera

simon_persin4
Contributor
0 Kudos

I completely agree with Triera on this.

Setting that field correctly in the end user personalisation is the way to prevent this.

Just make sure that you have the correct EUP assigned to the requests that you're making, especially if you have multiple templates and different views maintained.

Simon

Former Member
0 Kudos

Dear All,

Thank you for your prompt reply. I am sorry for the confusion. I am talking about 5.3.

@Vaner, I have checked the option CUP-->Request Form Customization --> Approve/Reject Own Requests.

I tried to edit this but the only editable option the system is giving VISIBLE. Remaining Madatory/Editable are inactive.

Please advise.

Thanks,

Raj

Former Member
0 Kudos

Hi Raj,

Set the visibility to NO. That should meet your requirement.

CUP-->Request Form Customization > Approve/Reject Own Requests>Visible=NO

Mandatory and Editable will be Grayed out. As these do not show up in Request form.

Regards,

Ajesh Raju.

Former Member
0 Kudos

Thank you Ajesh.

can you please elaborate what happens if I set the option to NO.

My requirement is that, role approver should not be able to approve his own request for the role assignment for which he is the approver.

Thanks,

Raj

Former Member
0 Kudos

Raj,

When you set this option to NO. User will not be able to approve the request for which, he himself is the USER to be provisioned.

When he clicks approve error will be thrown. You can test the same.

Thanks and Regards,

Ajesh Raju.

Former Member
0 Kudos

Hi Raj,

If you are talking about AC 10.0 then you can create your custom agent function module . This custom FM would be mix of available standard agents for role owner and alt role owner.

Best Regards,

Aman