Solved: Can we rename ABAP roles in GRC Process Control to...

Former Member · ‎03-24-2009

Hello,

We are working on a new implementation of the GRC Process Control 2.5 product. It comes with 11 standard roles. I wanted to change the names to adhere to our company's role naming conventions. Will this adversely affect any functionality. I know that in PC, there is a additional level of security that is maintained thru the NWBC. How will that be affected? And is it typical to have a non-sap security team maintain the roles/user thru the NWBC and have SAP Security maintain the ABAP users/roles?

Thanks in advance.

Former Member · ‎03-24-2009

Hi Arvind,

You can have a custom roles created as a copy of SAP Delivered roles and they should work.

And for the NWBC role management, its the same in our implementation, where the Internal control managers control the Org Hierarchy, task assignment and ABAP/Java Security is managed by Security team.

Cheers !!

Zaheer

Former Member · ‎03-24-2009

Hi Arvind,

You can have a custom roles created as a copy of SAP Delivered roles and they should work.

And for the NWBC role management, its the same in our implementation, where the Internal control managers control the Org Hierarchy, task assignment and ABAP/Java Security is managed by Security team.

Cheers !!

Zaheer

Former Member · ‎03-25-2009

One more question,

I am looking at the Tester role in NWBC. The role ID seems to indicate that the level for this role is 'Process' but the level shows 'Control'. Is this is mistake in the delivered role? It also has tasks that are at the 'Sub-Process' level. Should'nt a 'Control' level role only have 'Control' level tasks, since control is the lowest levels?

I referred to the PC Security Guide page:20. Under the section: Role-Task Auth compatibility,

"For example, a task at the process

authorization level may be assigned to a role with an authorization level of process or subprocess."

Isnt this statement wrong since the role cannot be at sub-process level is the task is process level?

Thanks a lot.

Former Member · ‎03-26-2009

Hi,

The job of the tester is to test the controls over activities / sub processes.This is why you find this at the sub process level.

Regards

Ramesh

former_member192417 · ‎03-30-2009

HI Arvind

The controls are always attached to subprocess level,and tester's perform the control test.That's why the tester's role is visible in the subprocess level.

Thanks

Debraj Roy

Former Member · ‎03-31-2009

Hi Arvind:

We copied the standard delivered ABAP roles to our namespace, made a few additional changes and are using them no problem. We also copied the NWBC roles to our namespace. We have the default roles as reference. We did this for consistency, but also because ABAP roles and App roles can change as the App roles did in SP04. This way we compare the app roles before and after a SP to make sure we agree with any role changes introduced to default roles. This way, we don't unknowingly introduce changes to our roles based on the changes SAP introduces to their roles at any given point.

As far as the tester role goes, it is at the Process level. If you aren't sure go into the app under User Access => Roles and their tasks like you will assign it and restrict the selection to "proces". You will see it is at the Process level. As far as the rest goes, you seem pretty well versed in the security guide so I'm sure you know this, but as long as the level of the role is equal to or greater than the task you can assign it. Ex: You can assign a control level task to a Corporate level role but not a Corporate level task to a control level role.

I hope this helps.

Matt

Former Member · ‎03-31-2009

THanks for your responses.

Can we rename ABAP roles in GRC Process Control to adhere to naming convntn