cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC 5.3 | ERM | Best Practise Role Transport

Go to solution
Former Member

on ‎05-29-2009 1:49 PM

0 Kudos

Hi Experts,

can someone tell me the best practise to transport roles from DEV to PRD using ERM?

Thx!

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎05-29-2009 2:40 PM
0 Kudos

Hi Kraell ,

Which DEV and PRD you are talking about? GRC or ECC?

Regards,

Sudip.

Show replies
Show replies
Former Member
‎05-29-2009 3:21 PM
0 Kudos

I mean the best practise of creating roles in the back-end (ECC) through GRC and transporting them to the backend PRD (over QAS).

I assume that all actions are done in GRC and transports of roles are no longer done in the back-end, right?

Thx!

Former Member
‎05-29-2009 4:03 PM
0 Kudos

Sorry, Kraell. ERM does not have any functionality of transporting roles. Basically, you need to create roles in Dev and then transport them to QA and Prod depending upon the transport route. As a best practice, role generation in ERM will be done in Dev but the risk analysis will be done against prod. This way, you get the SoD free roles which you can use it in Prod system.

Regards,

Alpesh

Former Member
‎05-29-2009 4:50 PM
0 Kudos

Dear Kraell,

As far as my knowledge goes this facility is not there in ERM.

But, you can search the role in ERM then click on copy. Here you can given target role name and production system SID and do the role generation process for PRD system.

Thanks,

Sudip

Former Member
‎05-29-2009 7:36 PM
0 Kudos

Sudip:

You mean that I can

1) login DEV

2) remotely copy the role to PRD and remotely generate it the PRD ?

Please help give detail. Thanks!

Former Member
‎05-30-2009 6:07 AM
0 Kudos

Ashley,

This is possible but not recommended. You can look at this document for more information:

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/00b3b607-7f8f-2a10-e78f-ada2e7e4...

Regards,

Alpesh

Former Member
‎05-30-2009 9:56 AM
0 Kudos

Hi All,

As Alpesh mentioned this is possible but not recommended and he is right.

But it is an work arround and which is very long process.

1) Search the role in ERM

2) Select the role and click on copy button

3) In Copy Role screen you can see original From Role(eg, Z:TEST) and From Landscape(eg. QA system)

4) And you can see To role and To Landscape. Here you have to choose your production system.

Along with this you can tick:Detailed Description,Functional Area,Approvers,Custom Attributes,

Attachments and Authorizations.

Then click on copy button. Your role will be saved with your prod server name and you have to do the whole process of role generation for this role.

Thanks,

Sudip

Former Member
‎06-15-2009 7:31 PM
0 Kudos

Sudip, that is assuming that the development and production system are in a different landscape, right? Is this best practice because I used to keep them in the same landscape. If not, then I don't think point 4 is completely correct.

Another important thing: how can I make sure that the role status is "PRODUCTION" by default, after mass uploading them using txtfiles. Is it correct that a role in ERM is in DEV or in PRD but can't be labeled as in both?

Thx again!

Kraell

Former Member
‎06-16-2009 6:36 AM
0 Kudos

Hi Kraell,

I have given you a work arround because the transport feature is not there in ERM. It is not the best practise.

Your next point:

When we do role mass upload in ERM by default the status of the uploaded roles become DEVELOPMENT. And we have to make all those roles status to PRODUCTION my mass maintenence before importing into CUP.

Thanks,

Sudip.

Answers (0)

Ask a Question