on 04-16-2010 5:40 AM
My client has gone live on Risk Management 3.0. We are now trying to configure auditor access to the system, i.e. we want to provide an auditor with read-only access to all risks.
So far we have followed the role assignment as outlined in ['SAP BusinessObjects GRC Risk Management 3.0 - Security Concepts'|http://www.sdn.sap.com/irj/bpx/grc?rid=/library/uuid/900d0a8a-4ed0-2c10-d484-9efa5e6f94fb]. Any combination or subset of roles SAP_GRC_FN_BASE, SAP_GRC_FN_BUSINESS_USER, and SAP_GRC_RM_API_INTERNAL_AUD does not lead to the intended result.
Does anyone know how to assign auditor access in Risk Management 3.0?
Hi Alex,
did you check the "official" [security guide|https://websmp206.sap-ag.de/~sapidb/012002523100005699652009E.PDF]?
In there on page 31 you have the role SAP_GRC_FN_DISPLAY which seems to do exactly that:
Assign this role to external auditors if you
want to give them display access throughout
the application. This role bypasses the
SAP_GRC_FN_BUSINESS_USER role to grant
display authorizations in the back end. If you
wish to have more control over what is displayed,
use the SAP_GRC_FN_BUSINESS_USER
instead.
Cheers,
Dominic
Edited by: Dominic Yow-Sin-Cheung on Apr 16, 2010 9:57 AM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.