- SAP Community
- Products and Technology
- Additional Q&A
- Access Enforcer Role Import - Reaffirm period
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Access Enforcer Role Import - Reaffirm period
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 10-14-2008 3:59 PM
Hello
What does the following terms mean;
last reaffirm
reaffirmperiod
We current upload roles into AE, with last reaffirm as current date, and reaffirmperiod of 60 which means 5 years.
Can someone please explain what these terms mean, because many roles have reaffirm periods that end in 2010.
Thanks
Accepted Solutions (1)
Accepted Solutions (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Prakas,
Reaffirm period ( in months ) is the duration after which you would like the Approver of the Role ( Role Owner /Role Approver ) to get notified on which all user in SAP has access to that Role and Does he want to continue giving that role to them or wants to remove that Role from all of them or any one of them .
He would get the details on which Role requires Reaffrim at following location :
In AE 5.2 ; login with Role approver id ( eg ABC ) into AE .
In tab Access Enforcer > Reaffirm .
A list of All the roles of which ABC is apporver and which require re-affrim would display here.
ABC can now take approriate action by selecting the role name.
*Last reaffrim * is the date when the Role was Reaffrim /revisited/reassgined last.
In your scenario you have given Reaffrim period = 60 which means your Role Owner would get the Role in his Reaffrim inbox after 5 years .
This is not best practise . For security reason , SAP advices to keep the Reaffrim period to a maximum of 2 months.
I hope this answers your query .
Thanks
Jasmine
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Jasmine,
Thanks for the detailed and nice description of the topic. Many of us were in great need for the elaboration for the same as the user guide too, didn't have much on this topic.
One more question I would like to ask you is that - "Does the access of the user to this role gets deleted/removed automatically if the role is not approved/re-affirmed by the approver?" or is this a manual process?.
Hello Prakash,
I would ideally like to have a strategy suggested by the E-compliance/ strategy Team for the same and would like to enforce the reaffirm period of less duration (around 3 months) for the roles which are not that critical and the reaffirm period of around 1 month for those which are a bit critical.
Regards,
Hersh.
Edited by: HERSH GUPTA on Oct 22, 2008 6:12 PM
Edited by: HERSH GUPTA on Oct 22, 2008 6:20 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Parkash,
If you dont want reaffirm to be sent , then in Roles just keep the Re-affirm period ( in months ) blank and save it .
( If you notice , once you keep above value blank then in Last reaffirm of that role , the due date becomes 12/31/9999 therefore no reaffrim would be sent out)
Hope this answers it all.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
@ Hersh,
Role is not removed from User's id but is just a process of reminding the owner if he wants it to be removed .
Removal by the role owner would require him to click on the respective role name as shown in his reaffrim inbox , it will show which all user has that role .
Select the Checkbox for userid , click approve/remove . It would automatically approve/remove the role from user.
Guess this is good enough detail
Thnks
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Answers (1)
Answers (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Does anyone have an answer on this?
What practise do you follow on
last reaffirm and reaffirmperiod in AE?
Thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Gaia-X and IDS: Usage control for data sovereignty based on SAP Business Technology Platform in Technology Blogs by SAP
- How to set notification email reminders for Role Reaffirm in Additional Q&A
- Reafirm Roles in Additional Q&A
- CUP: Differences between User Access Review and Role Reaffirm? in Financial Management Q&A
- Mitigating control "valid to" date not correct in Additional Q&A
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.