Quantcast
Channel: Governance, Risk and Compliance (SAP GRC)
Viewing all articles
Browse latest Browse all 205

GRC Email Notifications/Variables - Customization

$
0
0

Overview

In GRC Access control as part of Workflow approvals and reviews Managers, Role Owners, FF ID Owners and Controllers, Function/Risk/Mitigation Approvers, Monitors, Users, Requestors etc. receive various Email notifications. Based on the client’s requirements these Email notifications are enhanced and maintained. This blog is to discuss about various customizing options available for GRC notifications as well as notification variables and their limitations and scope


For beginners below document gives details on how to customize email notifications templates in GRC


AC 10.0 - How to Customize Notification Templates for AC Workflow


Email Notification Templates - HTML Tags


1. HREF (For Email ID and URLs)


Below are the few notification variables which gets converted to URLs in the notification emails. Basically when the URL is not maintained as HREF using HTML tags, in most of the cases Emails get routed to JUNK folder in mailbox because of various special characters in the URL.


LINK_APPROVE_REJECT    Link to Approve/Reject by Email

LINK_GET_APPROVERS    Link to get Approvers

LINK_GET_REQ_STATUS    Link to get Request Status


Eg: To make URL a HTML link use, "Click <A href="%LINK_GET_REQ_STATUS%">here</A> to view request status"


For Email ID to appear as HTML Link use, <A href="mailto:Test@test.com">Test@test.com</A>


2. BOLD and UNDERLINE


Eg: <STRONG><span style="text-decoration: underline;">GRC Notifications</span></STRONG>


3. ITALICIZE


Eg: <span style="font-style: italic;"> TEXT</span>


How to insert Company Logo in Email Notification Templates


First you need to store the Logo which you want to use in Email notifications in GRC MIME repository


Go to SE80 Tcode and click on MIME REPOSITORY. Import the Logo which you wanted to use into MIME objects repository as shown below:

 

Mime1.png

Mime 2.png

 

Mime 3.png

 

Once the above activities are completed, the next step is to use the LOGO in Email notification Templates.

 

Note: URL for logo is no transportable and need to be individually changed in each system when notification template is transported.

 

Use the image source tag as shown below:

 

<img src = "http://my_server.my_domain/sap/public/bc/ur/MyLogo.png">

 


How to create New Message Class for Notification Templates


How to create new Message Class for any workflow in GRC ?

 

Very common requirement is customers request to have specific Email notifications at each stage individually and for such scenarios it might require creation of Custom message classes to be used at various stages in workflow and you can follow below process for creating new message classes

 

Example: For EAM Log Review Workflow there are no FORWARD and RETURN Message Class available.

 

Execute Tcode SM30

 

Open table GRFNVNOTIFYMSG and click on Maintain button and then click on "NEW ENTRIES" and maintain as below and once done click on SAVE button

 

 

Execute Tcode SM30

 

Open table GRFNVNOTIFYMSGC and click on Maintain button and then click on "NEW ENTRIES" and maintain as below and once done click on SAVE button

 

 

Once the above mentioned activities are completed, now the newly created Message Class can be added to your MSMP Variables & Templates Notification Templates section as shown below

 

 

Notification Variables in GRC


Each workflow process comes with a number of notification variables that are available to all notification templates that belong to it. They are displayed on the bottom of the screen in step 4, ”Variables & Templates”, in the customizing activity Maintain MSMP Workflows.


Few queries regarding Notification Variables customization especially %PROVISIONING% and %PROVISIONING_WITHOUT_PASSWORD%


For ARQ provisioning there are 2 variables which are sent along with END OF REQUEST notification( with Roles and Password details) PROVISIONING and PROVISIONING_WITHOUT_PASSWORD

 

These variables are standard variables which are calculated run-time.. if you are not happy with the formatting, please raise a CSS message and let SAP developer fix that for you.. there is no customizing available for it..

 

Other option can be to have your own custom variable created, but again that require development

 

2012041 - Is it possible to suppress the role details in the variable %PROVISIONING%


1854408 - Potential information disclosure relating to user password


How to create custom notification variables in GRC


In the MSMP configuration, Select the process ID and goto Step 4 Variables & Templates kindly add a Z variable.

 

Now in the backend GRC system goto transaction SE37 and enter the function module GRAC_NOTIF_VAR_RULE_AR. and copy this function module and

create a custom Z Function Module and add the logic for the Z variable in the function module.

 

Once done activate the Function Module

 

Open the MSMP configuration and goto Step 2. Maintain Rules. Add this newly create Z function module as a Notification Variables Rule. Also maintain this Z Function Module in the Notification Rule under Global Rules in Step 2.

 

Save and Activate the MSMP workflow configuration.

 

Now you can use the custom Z variable in the document objects.


How to modify URL shown in GRC notification variables to enable SSO


First setup Single Sing On (SSO) between Enterprise Portal and GRC system.


Once done, create a Portal iView in Content Adminstration -> Portal Content Management using standard GRC Access Control iView Template.


In the template, Application Name, Configuration Name, System, Location etc fields are maintained and once the template is maintained then PERMISSIONS need to be maintained for iView.


Once the above steps for creation of portal iview are completed, modify the URL used in the notification variables by creating a Custom Notification Variable Function module and replace the URL with Portal iView which you can work with ABAPer and Portal guys to get the details.


Once all above steps are done even the approvers can access all Approval Links in Email notifications via SSO without entering UserID and Password


Note:Deactivate password for all users in GRC System including approvers UserIDs


Looking forward for all your inputs in improving this blog with all other additional details

 

 

Thanks for reading.

 

 

Best Regards,

Madhu Babu Sai

 

 



Viewing all articles
Browse latest Browse all 205

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>