Vision User Guide

USER PROVISIONING PROCESS
VISION USER GUIDE

2
User Provisioning Process

Table of Contents
Overview of User Provisioning Process ........................................................................................................ 3
Process Flow Charts and Process Description....................................................................................... 3
Accessing the Interface ......................................................................................................................... 3
Roles Workflow ..................................................................................................................................... 4
E-mail Notifications ............................................................................................................................... 5
Chapter 1 | Requestor .................................................................................................................................. 6
SAP User Creation ..................................................................................................................................... 6
Modify SAP Access .................................................................................................................................. 13
Role Assignment Management ........................................................................................................... 13
De-Provisioning ................................................................................................................................... 19
Re-Provisioning ................................................................................................................................... 20
Chapter 2 | Approver .................................................................................................................................. 24
SAP User Creation ................................................................................................................................... 24
Role Assignment Management ............................................................................................................... 27
De-Provisioning ....................................................................................................................................... 29
Re-Provisioning ....................................................................................................................................... 31
Chapter 3 | General Functionality .............................................................................................................. 34
Password Reset ....................................................................................................................................... 34
Discussion................................................................................................................................................ 35
Quick Approve / Deny ............................................................................................................................. 36
Appendix 1 | Overview of User Provisioning Processes ............................................................................. 37
Staff Member Creation ........................................................................................................................... 37
New Consultant Creation ........................................................................................................................ 39
Modify Role Assignment for Staff Member or Consultant ..................................................................... 41
De-Provisioning a Staff Member or Consultant ...................................................................................... 43
Re-Provisioning Staff Member ................................................................................................................ 45
Re-Provisioning a Consultant .................................................................................................................. 47
Document Action items: ............................................................................................................................. 49
3
Overview of User Provisioning Process

Approva is a custom application that interfaces with the VISION Transaction System to manage the user
provisioning process. This tool will be used in all field offices and UNICEF HQ.
Approva automates the following:
 Provisioning of new user accounts

 De-provisions existing accounts
 Re-provisions those accounts
 Modifies user role assignments
In addition, Approva:
 Provides an auditable workflow

 Provides a robust analysis and reporting of SoD (Segregation of Duties)
 Provides reporting on provisioning activity
 Allows users to reset their VISION Transaction System password
Process Flow Charts and Process Description

For a visual and high level description of the User Provisioning processes, see Appendix 2.
Accessing the Interface

Go to the Access Management Portal. http://intranet.unicef.org/irm/esafv2.nsf
The Approva tool has two interfaces. Some processes will refer to these two interface locations. Each
screen has different functionality and purposes. E-mail notifications refer to Role Management.
1) VISION Access (Transaction System) http://usaaapva001/ApprovaProvisioning/RequestHome.aspx

2) Role Management http://usaaapva001/ApprovaOne/Inbox/Inbox.aspx
4
Figure 0 | Access Management Portal
Roles Workflow
Requestor
The Requestor is an authorized staff member who initiates the creation of a VISION Transaction System
user account, modification of role assignments, de-provisioning or re-provisioning of a user account.
Historically, the PRoMs Apps Admin created the account. The new process required that the Section
Chiefs will be creating the requests in Approva.
Approver
The Approver is an authorized staff member designated to approve the request for a new VISION
Transaction System user account, de-provisioning of a user, or other changes of user role and functions
in line with office policy and segregation of duties.
Historically the Approver has been in NYHQ. The new process requires the UNICEF Representatives
“Reps” will now be the Approver. They can delegate approval duties for example to the Deputy
Representative or Chief of Operations.
Note: Delegation of this responsibility must be approved by the Controller.
Local Site Admin
IT Officer
This person is an authorized staff designated to assign user roles and functions in Approva to existing
users such as Requestors and Approver, and Analysts. See the LSA Guide found on the ilearn site.
5
Analyst
Reporting
Security Administrator
Deep level support
E-mail Notifications
All e-mail notifications sent by Approva will list the sender as “[email protected].”
Document Information
http://iconprep.unicef.org:44444/NYHQ/ITSS/Vision/Shared Documents/9. APPROVA/Training
Documentation/User Provisioning Processv2.docx
Authors: Kelly Neal and Michael Thurlow
UNICEF Manager: Jorge Torres
Cover photograph © UNICEF/Chulho Hyun
Version: 1.0
6
Chapter 1 | Requestor
The Requestor will be creating the following scenarios for both staff and consultants. For a visual and
high level description of the User Provisioning processes, see Appendix 2.
 Request for SAP Access
 Modification of SAP Role
 De-Provisioning SAP Access
 Re-Provisioning SAP Access
Before you begin
 Approva Role = Requestor
 You must have access to Approva. Contact your local site admin for access.
 The Staff new user you are requesting access for must have a Personal Number (PA).
 The Consultant new user you are requesting access for must have their LAN access and e-mail
account.
SAP User Creation

1. Log into the VISION access (Transaction System).
http://usaaapva001/ApprovaProvisioning/RequestHome.aspx
2. Mouse over Create Request, and click SAP User Creation.
Figure 1 | Create Request

The SAP User Creation screen opens. See Figure 2.
7
Figure 2 | SAP User Creation

3. Complete the following required fields.
SAP System
Select the SAP system.
New User ID
a. Click to search for User ID. The Select AD User dialog box opens. See figure 3.
Figure 3 | Select AD User
b. Type in any part of the user’s last or first name or the LAN ID you are requesting, and click
or press Enter.
c. Select the User ID from the list, and click .

Note: If a user’s LAN ID is greater than 12 characters, the user’s ID cannot be created in SAP. Call the
global help desk in New York for assistance.
8
Valid From
Enter a start date. This date must be at least today’s date.
Valid Through
Enter the contract expire date.
Note: This date is the same for either staff or consultant. Staff user - the date will be automatically
pulled from the HR system. The HR system will override your date if different.
Consultant - This field will be brought from LDAP so it will be over written with the LDAP value
rather than what is filled in BizRights.
Approver
a) Click to search the Approver’s name.
b) Type in part of a name, and click .
c) Search for the user, select the User ID, and click .
New Functions to be Assigned
Note: This field is for Consultants only. You must not assign new functions to a staff user.
Use the Modify SAP Access process to assign new functions to an existing Staff user.
Staff roles are assigned based on their position from an automated SAP background job
on a daily basis.
a) Select one of the following menu items to search functions to assign to new user. Consultants
must be assigned roles from all three: Enabler, Common, and Functional.
Organization – ALL Lists all of the functions possible.
Common Lists functions common to all users such as display and printer use.
Enabler Lists the country the functions are to be assigned. Each consultant is
required to have at least one enabler.
Functional Lists functions grouped together such as AP or AR.
b) Click . The Select Functions box opens. See figure 4.

9
Figure 4 | Select Functions
c) Select the functions to be added, and click . This will automatically populate the
functions into the New Functions to be Assigned section.
Note: you must select all Functions Names. For example, if there are five Account Payable L1
Function Names, you must check all five line items. See Figure 4.
Comments
Choose the comment from the drop down menu.
4. Complete the following optional fields:
Assign roles as this user
Use this field to copy and assign roles to a new user from an existing Consultant user. This is used
only for new Consultants, and never for Staff.
Note: Staff roles are assigned by their position in SAP in a nightly batch job.
a) Click to search for a user.
b) Select user, and click .

c) The roles assigned to the selected user will now display in the New Functions to be Assigned
section.
5. Click to create the request. The request will now be processed through the Approva
system for the What if analysis. The request now will show up on your dashboard in the VISION
Access (Transaction System). See Figure 5. The request status will display one of the following
messages:
10
Submitted For What If Request is processing through the SoD analysis.

What If Completed With Violations SoD complete awaiting review and comments from
Requestor.
Pending Approval The request is sent to the Approver.
Approved Request approved by the Approver and SAP ID created.
Table 1 | Request Status
The status will change as the request moves through the process. For example, when the Approver
approves the request, the status will change to Approved.
Figure 5 |Request Home

If no violations occur, the request is sent to the Approver to take action. You will receive an e-mail if
the request has been denied by the Approver. If approved, the new VISION user will be created, and
the Requestor and new user will receive e-mail confirmation.
6. If a violation exists, you will receive an e-mail from [email protected]. See Figure 6.
a) Check your e-mail, and click the Click Here link to open the request in Role Management to
review the SoD violations. See Figure 7.
Note: You must acknowledge you are aware of the violations given to the new user. You
acknowledge this by inserting a comment in the next step.
b) Click to insert additional comment if needed.
c) Click to complete the task.

Note: If approved, the new VISION user will be created, and you and new user will receive an e-mail
confirmation.
7. End of task
11
Figure 6 | Request for SAP access e-mail notification
Figure 7 | Request for SAP user

12
Figure 8 | Violation Details

13
Modify SAP Access

This task outlines the steps necessary to modify an existing SAP user.
Before you begin
 You must be a Requestor and have access to Approva.
 The user to be modified must have an SAP ID.
There are three processes that make up the Modify SAP Access process.
SAP Role Assignment Management Staff – If additional functionality other than is what is in their
position is needed.
Consultant – If additional functionality is needed.
SAP User Re-provisioning Unlocks a user’s ID that was previously locked by the system
administrator.
SAP User De-provisioning Locks a user’s ID.
Role Assignment Management

Use this process to add or remove roles to staff or consultants.
2. Mouse over Create Request, and click Modify SAP Access.
Figure 9 | Modify SAP Access

Requestor Type
Choose Role Assignment Management from the drop down menu.
SAP System
Existing User
a) Click to search for User ID. The Select User dialog box opens. Figure 10.
b) Do one of the following:
 Scroll all users to find the existing user.
 Type in any part of the user’s name and click or Enter.

14
Figure 10 | Select User
c) Select the User ID, and click .

First Name
The first name will automatically populate from the user you selected.
Last Name
The last name will automatically populate from the user you selected.
Valid From
This date is populated by Approva. Change if applicable.
Valid Through
Enter the contract expiration date or the length of time the access needs to be modified. It can be
anywhere from one day to the end of contract.
Approver
b) Type in any part of a name, and click .

Use this field to copy and assign roles to a new user from an existing Consultant user. This is used
If you need to remove a role assigned to a staff user, contact HQ Help Desk. They must
follow the Roles to Position process.

section.
15

a. Select one of the following menu items to search functions to assign to new user.
 Organization – ALL
 Common (Assigns functions common to all users such as display printers.)
 Enabler (Assigns functions for a specific country.)
 Functional (Assigns functions specific to a job such as AP or AR.)
Note: There can be only one enabler per request.
b. Click . The Select Functions box opens. See figure 11.
c. Select the functions to be added, and click . This will automatically populate the
Note: you must select all Functions Names of the same type. For example, if there are five
Account Payable L1 Function Names, you must check all five line items. See Figure 11.
d. If you want to remove a role, select the function name, and click .
16

Use this menu to copy and assign roles to a new user from an existing Consultant user. This is used

The roles assigned to the selected user will now display in the New Functions to be Assigned section.
Comments
4. Click to complete the task.

The request will now be processed through the Approva system. You will receive an e-mail after the
What If analysis is complete. See Figure 12. The request now will show up on the Role Management
Dashboard. See Figure 13. The request status will display one of the following messages:
 Submitted For What If
 What If Completed With Violations
 Pending Approval
 Approved
17
Figure 12 | Modify SAP Access e-mail notification
Figure 13 | Roles Management List of Requests

18
5. Look for e-mail from Approva / [email protected]

a) Click the Click Here link to open the request in the VISION Access (Transaction System).
b) If a violation exists, you may review the request SoD flags.
c) Click to insert a comment if additional comments are needed.
d) Click to complete the task.

Note: You will receive an e-mail that the request has been denied by the Approver. If the
request is approved, the Requestor and new user will receive e-mail confirmation.
6. End of task.
19
De-Provisioning
The steps to complete this process are the same for both Staff and Consultants. This process could be
required when a user moves from one office to another or if a break in a contract exists.
Staff This task locks the SAP user ID. The user still exists in the SAP database.
Consultant This task locks the SAP user ID and removes all roles associated with the user.

Figure 13 | Create Request>> Modify SAP Access

Requestor Type
Choose SAP User De-Provisioning from the drop down menu.
SAP System
Existing User
a) Click to search for User ID. The Select User dialog box opens. See Figure 14.
 Select an existing user from the list.
 Type in any part of the user’s last name, first name or their LAN ID, and click or
Enter.
Approver
b) Type in any part of a name, and click .

20
d) Add any comments.
e) Click to send request for De-Provisioning to the Approver.

f) You will receive an e-mail if the request is granted or rejected.
4. End of task.
Re-Provisioning
This process is similar to creating a new staff member or consultant. Because the shell account still
exists from when they were De-Provisioned, Approva must handle the request differently.
Re-Provisioning does three basic functions: 1) unlocks the user, 2) brings in data from VISION
Transaction System, and allows the functionality in Approva to re-assign former or new job roles.
Figure 15 | Create Request>> Modify SAP Access

Requestor Type
Choose SAP User Re-Provisioning from the drop down menu.
SAP System
Existing User
a) Click to search for User ID. The Select User dialog box opens. Figure 16.
 Scroll all users to find the existing user.
 Type in any part of the user’s name and click or press Enter.
21

Valid From
Enter a start date. This date must be at least today’s date.
Valid Through
Enter the contract expire date or the date the Re-Provisioning should take effect.
Approver
b) Type in a name, and click .
This field is for primarily for Consultants.
Note: Staff roles are assigned by their position in SAP in a nightly batch job. Requestors
can add additional Staff Roles If needed.
If you need to remove a role assigned to a staff user, contact HQ Help Desk. They must
follow the Roles to Position process.
a) Select one of the following menu items to search functions to assign to new user.
Organization – ALL Lists all of the functions possible.
Common Lists functions common to all users such as display and printer use.
Enabler Lists the country the functions are to be assigned. Each consultant is
required to have at least one enabler.
Functional Lists functions grouped together such as AP or AR.
Note: The Enabler options assigns functions for a specific country. Consultants must be assigned
roles from Enabler, Common, and Functional.
b) Click . The Select Functions box opens. See Figure 17.

22
c) Select the functions to be added, and click . This will automatically populate the
Note: you must select all Functions Names. For example, if there are five Account Payable L1
Function Names, you must check all five line items. See Figure 17.
Comments
4. Complete the following optional fields:

Use this menu to copy and assign roles to a new user from an existing Consultant user. This is used

section.
5. Click to send request for Re-Provisioning to the Approver. The request will now be
processed through the Approva system.
The request now will show up on your dashboard. See Figure 18. The request status will display one
of the following messages:
a) Submitted For What If
b) What If Completed With Violations
23
c) Pending Approval
d) Approved
Figure 18 |Re-Provisioning Status in front end

6. If there are no violations, you will receive an e-mail that the request for Re-Provisioning has been
approved or denied. If approved, the VISION user’s account will be Re-Provisioned with new job
roles and corresponding user attributes. The Requestor and new user will receive e-mail
confirmation.
7. If a violation exists, you will receive an e-mail from [email protected]. See Figure 6.
a) Check your e-mail, and click the Click Here link to open the request in the VISION Access
(Transaction System) to review the SOD violations. See Figure 7.
b) Click to insert a comment.
c) Click to complete the task.

If approved, the VISION/SAP user’s account will be Re-Provisioned with new job roles and
corresponding user attributes. The Requestor and new user will receive e-mail confirmation.
7. End of task.
24
Chapter 2 | Approver
The Approver will be approving one of the following scenarios. For a visual and high level description of
the User Provisioning processes, see Appendix 2.
 Request for a SAP Access
 Modification of SAP Roles
 De-Provisioning
 Re-Provisioning
SAP User Creation

After the Requestor submits a request for new VISION Transaction System user access, reviews, and
comments on SoD violations, you will receive an e-mail to approve the request. The request is organized
in four sections within VISION Access (Transaction System).
 General Information
 Roles with Violations
 Actions
 More Details
Before you begin

 Job role = Approver
 You must have access to Approva and have your Approva role set as Approver. Contact the local
site administrator for assistance.
1. Check your e-mail. You will receive an e-mail from [email protected] once the new request
for VISSION/SAP access has been submitted by the Requestor. See Figure 19.
2. Click the Click Here link to open the request in the Role Management.
Note: You may also log into the Role Management, and review any requests waiting for approval
by following menu path Manage > Requests. See Quick Approve / Deny.
3. Review the request. If the request contains SoD violations, you may review the violations and
approve or deny each job role containing any violations.
25
Figure 19 | E-mail Notification
Figure 20 |New user request viewed in the VISION Access (Transaction System)
26
4. Select the violation, and do one following:
 Click .
 Click .
Figure 20 | New user request

5. Add any comment if applicable.
6. Click to approve the request. This will result in an account being created in VISION/SAP
and job roles assigned. An e-mail confirmation will be sent to the Requestor and new user.
7. End of task.
27
Role Assignment Management

After the Requestor submits a request to modify SAP user access referred to as Role Assignment
Management, you will receive an e-mail to approve the request. The request is organized in four
sections within VISION Access (Transaction System).
 General Information
 Roles with Violations
 Actions
 More Details
Before you begin
 Approva role = Approver
 You must have access to Approva and have your Approva role set as Approver. Contact the local
site administrator for assistance.
1. Check your e-mail. You will receive an e-mail from [email protected] once the request to
modify SAP access has been submitted by the Requestor.
2. Click the Click Here link to open the request in Role Management.
3. Review the request. You will see a list of roles added to the user and roles up for deletion. See figure
21. Review any SoD violations.
Figure 21 | E-mail notification

28
Figure 22 | Modify user request viewed in VISION Access (Transaction System)

4. Select the violation, and do one following:
 Click .
 Click .
Note: You must either deny or approve ALL. You can’t approve on and deny another. If one role
is denied, the entire request fails and you will have to insert comments instructing the
Requestor to resubmit the request without the roles you want to deny.
5. Click to approve the request. An e-mail confirmation will be sent to the Requestor and
new user.
6. End of task.
29
De-Provisioning
This task locks the SAP user ID and removes all roles associated with the user. The user exists in the SAP
database but contains no roles assigned. The process is the same for both Staff and Consultants. This
process could be required when a user moves from one office to another or if a break in a contract
exists.
1. Check your e-mail. You will receive an e-mail from [email protected] once the request for
SAP User De-Provisioning has been submitted by the Requestor.

3. Review the request. See Figure 24.
4. Select the user to De-Provision, and do one following:
 Click .
 Click .
5. End of Task.
An e-mail confirmation will be sent to the Requestor and de-provisioned user if the request is
approved. If the request is denied, an e-mail will be sent only to the Requestor.
30
Figure 24 | De-Provisioning request awaiting approval

31
Re-Provisioning
This is similar to creating a new staff member but because the shell account still exists from when they
were de-provisioned, Approva must handle the request differently.
1. Check your e-mail. You will receive an e-mail from [email protected] once the request for
SAP User Re-Provisioning has been submitted by the Requestor. See Figure 25.

3. Review the Request. The request may or may not have violations. If there is no violations, either
or the request. See figure 26.
4. If violations exist, review the violations and either or each violation.

5. Add any comments if applicable.
6. Click to approve the re-provisioning request.

7. End of task.
32
Figure 26 | No Violations
Figure 27 | Approving a new role

33
Figure 28 | 47 Violations
34
Chapter 3 | General Functionality

Password Reset
Use this process to reset your VISION/SAP password. This can be used when your password is locked or
unlocked.
1. Log into the Role Management, and follow menu path Manage> Reset SAP Password. See Figure 48.
2. Select your name, click . You will receive the password immediately. See Figure
49.
3. Log into VISION/SAP with your new password.
4. End of task.
Figure 48 | Password reset
Figure 49 | Password reset successful

35
Discussion
This can be used for communicating anything regarding the request. The communication will send an e-
mail notification to the other user and result in new comments added to the request. See Figure 50.
1. Click to add comments and send e-mail to another Approver user.

2. Add a comment. The request closes, and you are returned to Role Management’s Manage |
Requests screen.
Note: You must open the request, and click to close the discussion.
This is necessary to submit request for approval.
Figure 50 | Discuss
36
Quick Approve / Deny

Use this process to view current and pass requests. You may click to Quick Approve or to
Quick Deny.
Figure 51 | Quick Approve / Deny

37
Appendix 1 | Overview of User Provisioning Processes

Staff Member Creation
Figure 52 provides an overview of the process of provisioning a new staff member.
1. The Requestor logs into Approva and selects Create Request – SAP User Creation.
2. Since the new staff member must already be in the HR database, when the staff member is selected,
the roles are populated from the HR database based on their Position.
3. The Requestor submits the request and it goes to Approva’s SoD (Separation of Duties) analysis
process.
4. Since SoD analysis was already performed on roles in a position when the position was created. So
the request will always pass SoD analysis.
5. The request is sent via e-mail to the Approver. The Approver clicks on the link in the e-mail to view
the request. If the Approver denies the request, they should provide comments on the reason for
rejection. An e-mail is sent to the Requestor.
6. If the Approver approves the request, it is sent to the Human Resources system to check that the
staff member’s data is present. If it is not, the VISION account is not created and an e-mail
notification is sent to the Requestor.
7. If the HR record for the new staff member is present, the request goes to Approva which creates the
new account and assigns the job roles to the new staff member.
8. E-mail notifications are sent to the Requestor and the new staff member.
38
Figure 52 Provisioning a Staff Member

39
New Consultant Creation
Figure 53 provides an overview of the process of provisioning a new consultant.

1. The Requestor logs into Approva and selects Create Request – SAP User Creation.
2. Roles are added by the Requestor to the consultant’s functions. Common, functional
and enabler roles need to be added since the consultant has no position data to assign
roles.
3. The Requestor submits the request and it goes to Approva’s SoD (Separation of Duties)
analysis process.
4. SoD analysis flags violation of SoD rules and sends a notification e-mail to the Requestor.
5. The Requestor clicks on the link in the e-mail to open the Approva system to the record.
6. The Requestor reviews the violations and adds comments to indicate how these
violations will be handled. Roles may also be deleted to resolve the violations. The
request is then submitted again to SoD analysis.
7. SoD analysis may find further violations and again send a notification e-mail to the
Requestor. This loop will continue until the Requestor adds no further comments to the
request.
8. The request is sent via e-mail to the Approver. The Approver clicks on the link in the e-
mail to view the request and the comments regarding SoD violations.
9. If the Approver denies the request, they should provide comments on the reason for
10. If the Approver approves the request, it is sent to VISION which creates the new account
and assigns the job roles to the new consultant.
11. E-mail notifications are sent to the Requestor and the new consultant.
40
Figure 53 Provisioning a Consultant

41
Modify Role Assignment for Staff Member or Consultant
Figure 54 provides an overview of the process of modifying the roles of a staff or consultant.
Requestor
 The Requestor logs into VISION Access (Transaction System) and selects Create Request –
Modify SAP User Access.
 The Requestor adds and/or deletes roles and functions as needed.
 The Requestor submits the request and it goes to Approva’s SoD (Separation of Duties) analysis
process.
 SoD analysis flags violation of SoD rules and sends a notification e-mail to the Requestor.
 The Requestor clicks on the link in the e-mail to open the Approva system to the record.
 The Requestor reviews the violations and adds comments to indicate how these violations will
be handled. Roles may also be deleted to resolve the violations. The request is then submitted
again to SoD analysis.
 SoD analysis may find further violations and again send a notification e-mail to the Requestor.
This loop will continue until the Requestor adds no further comments to the request.
Approver
 The request is sent via e-mail to the Approver. The Approver clicks on the link in the e-mail to
view the request for modification and any violations that have occurred.
 The Approver must approve or deny each violation.
 The request for modification is then submitted.
 E-mail notifications are sent to the Requestor and the modified user.
42
Figure 54 Modifying a Role Assignment for Staff or Consultant

43
De-Provisioning a Staff Member or Consultant
Figure 55 provides an overview of the process of De-Provisioning user.

De-Provisioning removes all users’ job roles leaving an empty account. The user is in the SAP
database but with no roles assigned. The process is the same for both Staff and Consultants.
1. The Requestor logs into Roles Management and selects SAP De-Provisioning a User.
2. The Requestor submits the request.
3. An e-mail is sent to the Approver. The Approver clicks on the link in the e-mail to view
the request and the comments.
5. If the Approver approves the request it is sent to VISION which locks the account and
removes all job roles from the account leaving a “shell” account.
6. E-mail notifications are sent to the Requestor and the consultant or staff member.
44
Figure 55 De-Provisioning a Consultant or Staff Member

45
Re-Provisioning Staff Member

Figure 56 provides an overview of the process of provisioning a staff member.
This is similar to creating a new staff member but because the shell account still exists from
when they were De-Provisioned, Approva must handle the request differently.
1. The Requestor logs into Approva and selects Create Request – SAP User ReProvision.
2. The Requestor selects the staff member from the drop-down menu. The date fields are
populated from the existing data.
Note: The Valid from Date field shows the original hire date. Do not change this field.
3. Roles are assigned based on the position data.
analysis process.
5. Since SoD analysis was already performed on roles in a position when the position was
created. So the request will pass SoD analysis.
mail to view the request. If the Approver denies the request, they should provide
comments on the reason for rejection. An e-mail is sent to the Requestor.
7. If the Approver allows the request it is sent to the Human Resources system to check
that the staff member’s data is present. If it is not, the VISION account is not created
and an e-mail notification is sent to the Requestor.
8. If the HR record for the staff member is present, the request goes to Approva which
reactivates the account and assigns the job roles to the re-provisioned staff member.
9. E-mail notifications are sent to the Requestor and the staff member.
46
Figure 56 Staff Member Re-Provisioning

47
Re-Provisioning a Consultant
Figure 57 provides an overview of the process of provisioning a consultant.
1. The Requestor logs into Approva and selects Create Request – SAP Consultant Re-
Provision.
2. The Requestor selects the consultant from the drop-down menu. The date fields are
populated from the existing data.
Note: The Valid from Date field shows the original hire date. Do not change this field.
3. Roles are added by the Requestor to the consultant’s functions. Common, functional
and enabler roles need to be added since the consultant has no position data to assign
roles.
analysis process.
5. SoD analysis flags violation of SoD rules and sends a notification e-mail to the Requestor.
6. The Requestor clicks on the link in the e-mail to open the Approva system to the record.
7. The Requestor reviews the violations and adds comments to indicate how these
violations will be handled. Roles may also be deleted to resolve the violations. The
request is then submitted again to SoD analysis.
8. SoD analysis may find further violations and again send a notification e-mail to the
Requestor. This loop will continue until the Requestor adds no further comments to the
request.
mail to view the request and the comments regarding SoD violations.
11. If the Approver allows the request it is sent to Approva which reactivates the account
and assigns the job roles to the consultant.
12. E-mail notifications are sent to the Requestor and the re-provisioned consultant.
48
Figure 57 Consultant Re-Provisioning

49
Document Action items:
1. Add the Remediation / mitigation processes in phase II (Q12012).

2. More about the dashboard and manage | request vs. clicking history
3. Log in error message. Don’t enter your LAN Id and password. It will lock it. If it locks, call the help
desk.
4. Add Chapter 4 | Trouble Shooting Guide. Note the message “Unable to complete request.”
5. Add Appendix 1 | Known Error messages
12/8/2011 2:49:50 PM - Exception occurred during operation. Details: Lock User Failed:
Maintenance of user VOCAMPOBORJE locked by user ATLEEL. Operation will be retried according to
the retry configuration settings.
Add <anita> we should document all known error messages somewhere.

Vision User Guide

Uploaded by

Copyright:

Available Formats

Vision User Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Vision User Guide

Uploaded by

Copyright:

Available Formats

USER PROVISIONING PROCESS

VISION USER GUIDE

User Provisioning Process

Overview of User Provisioning Process

Approva automates the following:

 Provisioning of new user accounts

 Provides an auditable workflow

Process Flow Charts and Process Description

Accessing the Interface

1) VISION Access (Transaction System) http://usaaapva001/ApprovaProvisioning/RequestHome.aspx

Figure 0 | Access Management Portal

SAP User Creation

Figure 1 | Create Request

Figure 2 | SAP User Creation

Figure 3 | Select AD User

c. Select the User ID from the list, and click .

b) Type in part of a name, and click .

New Functions to be Assigned

b) Click . The Select Functions box opens. See figure 4.

Figure 4 | Select Functions

a) Click to search for a user.

b) Select user, and click .

Submitted For What If Request is processing through the SoD analysis.

Table 1 | Request Status

Figure 5 |Request Home

b) Click to insert additional comment if needed.

c) Click to complete the task.

Figure 6 | Request for SAP access e-mail notification

Figure 7 | Request for SAP user

Figure 8 | Violation Details

Modify SAP Access

Role Assignment Management

Figure 9 | Modify SAP Access

 Type in any part of the user’s name and click or Enter.

Figure 10 | Select User

c) Select the User ID, and click .

b) Type in any part of a name, and click .

Assign roles as this user

a) Click to search for a user.

b) Select user, and click .

New Functions to be Assigned

b. Click . The Select Functions box opens. See figure 11.

Figure 11 | Select Functions

Assign roles as this user

a) Click to search for a user.

b) Select user, and click .

4. Click to complete the task.

Figure 12 | Modify SAP Access e-mail notification

Figure 13 | Roles Management List of Requests

5. Look for e-mail from Approva / [email protected]

c) Click to insert a comment if additional comments are needed.

d) Click to complete the task.

1. Log into the VISION access (Transaction System).

Figure 13 | Create Request>> Modify SAP Access

Figure 14 | Select User

c) Select the User ID, and click .

b) Type in any part of a name, and click .

e) Click to send request for De-Provisioning to the Approver.

Figure 15 | Create Request>> Modify SAP Access

Figure 16 | Select User