Dive into the scenario
Consider a scenario in a large corporation where an employee, let's call him John, recently joined the Sales department. He now requires system access, the process for which you've already become familiar with. Now, imagine another scenario where an employee, say Mary, joined the same department a week ago and has already requested and successfully received all necessary system accesses. Under such circumstances, John doesn't have to manually request access. There are more streamlined ways to go about it. You learn about these possibilities in this lesson.
Let's start with the first option:
One option for John, the requestor, is to create an Access Request by copying an existing request. In general, this functionality helps when you know that someone else has recently requested the same access. You can simplify the request creation process by copying the existing request instead of entering all data in a request manually.
The Copy Request function allows you to quickly replicate details from an existing request by selecting the request number and choosing which details to pull into a new request. John can create a new access request in the Copy Request app by copying any existing access request.
Information that can be replicated from an existing access request to a new access request includes the following attributes, which can be seen in the preceding screenshot under Step 2.
- Process Type: CUP
- User Details
- Request Details
- Manager Details
- System Details
- Roles
- Firefighter Role
- Firefighter ID
- Role Comments
- Request Reason
After choosing a request to copy and data of request to replicate to a new request, a requester of access follows steps to edit request details, user details, assignments if necessary. Once a new request is ready, the requester submits the request for approval.
Access Request Creation Based on Model User Access
Another option available to John as a new requestor is to create an access request based on model user access. You can use this function when you create a new user with a system and role assignment similar to an existing user. For example, the job functions of an employee may be changed to the job functions that another colleague already has. In this case, some access is deleted from the employee and some access is added. Use the Model User app for this option.
By using the model user functionality, you can fully align the requested user to the model user. This includes adding and deleting authorizations from the requested user.
To align a user's access with a model user's access, a requester follows the four guided steps in the Model User app:
1. On the Model User Access screen, select a user who needs access - Request User. If the user doesn't exist in the user source and details aren't loaded automatically, enter the user details on the User Details tab.
2. Select a Model User.
Once the Model User is selected, all assignments available for that user are displayed on the Select Model Access step. The Select Model Access step shows the combined data of the Request User and Model User. It indicates which assignment must be added or removed from the Request User to align the assignments of the Request User with the assignments of the Model User. Here, you can select the assignments to be removed or assigned to the Request User.
3. View selected assignments on the User Access tab of the Enter Request Details step. You can add more assignments for the Request User, as in the usual access request. Also, you enter the description, business process, and edit access request tabs on this step.
4. Review and submit the request for approval.
Access Request Creation Based on a template
Finally, John could create a new request based on a template. When creating access requests this way, he can save time and effort as he doesn't need to manually enter all the necessary information, but can instead use predefined templates. Therefore, configuring template request forms allows for greater flexibility and simplifies the access creation process.
While creating an access request template, the SAP Access Control administrator defines the request type, business process, adds roles, systems, and other information that can be used as predefined values. Access request templates can be created for different use cases. For example, on role-based approach for different job functions and positions.
After administrators created the templates, users can choose any template to create an access request based on this template. If needed, a requester of access can change the predefined values of a template.
To create an access request based on a template in the Template-Based Request app, John, or the requestor, must follow these four steps:
- Choose a template.
- If needed, change a user for whom the request is being created.
- If needed, change prefilled assignments to be requested.
- Confirm data entered and create the request by submitting it for approval.