Invoice approval agent is non-SAP user

[Michael Pokraka]

Hi,
I wouldn't be too concerned about the 'generic' user posting documents -
after all, WF-BATCH does pretty much everything users are not authorized
to do, which can be a security feature or hole depending on how you
implement it.
I can't speak for SAP on licensing issues, but I would check that out. I
believe there are 'occasional users'-type licenses available.
 
Other than that, the only other thing I can think of is that you need to
be very careful on security and audit considerations. e.g. a pure
SAP WF will show someone approved it, followed by WF-BATCH releasing it.
Now that you're talking to the 'outside world' you will have two areas
of security to consider - what if recipient forwards his mail to his/her
secretary? Where are your controls on what she can now approve, think
substitution strategies, upgrade considerations etc.
It can be a good solution, just needs careful planning.
 
Just my 0.02<insert local currency here>
Cheers
Mike
 
On Fri, Jan 31, 2003 at 11:23:42AM +0100, Nathan Fox wrote:
> Here is the scenario for an invoice approval flow using FI Prebooking
> documents.  MM is not involved. SAP System is 4.6C. Business object FIPP.
>
> 1)Invoices are scanned and pre-booked in FI as a centralized function by
> trained SAP users.
>
> 2)Approval of these invoices is decentralized and concerns about 100 non-SAP
> users.  They don't have an SAP user logon, they have never used SAP.  The
> users are however in the SAP organization structure and could be designated
> quite nicely as the agent of approval for the pre-booked invoice.
>
> 3a)Proposed solution : My immediate reflex was to send an approval work-item
> to the agent's MS Exchange inbox using the MAPI - SAP interface.  The user
> doesn't realize he's "logging on" into the "complicated" SAP environment, he
> just double clicks on an "Email-like" workitem.
>
> 3b)additional requirement after review : this SAP site does not want to buy
> an additional 100 SAP user licences only to enable these agents to approve
> pre-booked invoices, too costly.
>
> Is it feasable to get around the SAP-User logon hurdle without creating an
> equally complicated "gas works" solution?  The following scenario I submit
> for peer-review and hope to stimulate some interesting discussion.
>
> a) On creation of a pre-booked document(FIPP) an SAP Workflow is triggered.
> b) Agents are found via OM and informed via Email of pending pre-booked
> documents.  This Email is purely informative, it is not a workitem.
> c) the SAP workflow goes into a "stand by" mode waiting for the events
> "approved" or "rejected"
> d) the informed agent receives the notification in MS Exchange of a pending
> approval task, the agent starts a non-SAP application (perhaps VB of JAVA)
> which accesses via a custom "GET_LIST" BAPI all the open pre-booked invoices
> which are attributed to his/her HR personel number.  The logon takes place
> accordingly with a generic RFC user.
> e)the pre-booked document is displayed in the external application, after
> which the user is prompted to approve or reject an invoice in which case the
> corresponding "reject" "approve" method would be called via RFC.  We lack
> SAP "BAPI" methods here.
> f) the SAP workflow receives notification of approval or rejection and
> terminates successfully.
>
> Technically we have in-house competency in ABAP, RFC, ALE , BOR, and BAPI
> programming. As "techies" we would love to try something "new" like this, a
> technically cool solution.
>
> My "functional" gut feeling bawks at the thought of a generic RFC user
> approving and posting FI documents.
>
> What do my workflow-peers think?
> Are there other pitfalls, functional or technical, with the above scenario?
>
> regards ( I'm on european time, I might take a while to respond)
> Nate