Use of Role Attributes

former_member674140 · ‎07-25-2006

Can anyone explain the use of the role attributes found in PFCG change under Utilities/Info Objects/Display Attributes.

I found 4 related tables: AGR_ATTS, AGR_FLAGS, AGR_FLAGSB, and AGR_LSD. How are these tables populated? Can additional attributes be added?

Former Member · ‎07-26-2006

Take a look at the where-used-list of FM PRGN_GET_AGR_ATTRIBUTES. It appears as if the attributes are used, amongst other things, for a role ownership concept in CUA. I am not familiar with it.

What I do know, is that if the flag type is FORCE_MIX and the flag is "x" then report pfcg_time_dependency will know that something has changed and a compare is required. Flag COLL_AGR would identify a composite role.

former_member674140 · ‎07-26-2006

Thanks, however we do not use composite roles. I was looking for a way to add an identifier to the roles (other than in the role name, description or other table) for sensitivity of the roles, SOX approval identifier, etc. I thought attritibutes was a good place to start.

Former Member · ‎08-22-2006

Hi Kathy,

just wanted to see if you found a way to add attributes to a role yet. We are doing a similar thing here with role owners and would like to store this data in the role.

I had a look but di not find anything so far. I cannot even see the attributes of roles (in PFCG) that do exist in the table AGR_ATTS.

thanks,

Dyllan

former_member674140 · ‎08-23-2006

Dyllan, not yet. I am still hoping someone out there has an idea or SAP may answer.

christian_wippermann · ‎08-23-2006

Hi Kathy,

An answer from SAP: for your requirements "sensitivity of the roles, SOX approval identifier, etc." the role attributes are not a good way to start. Especially for your requirements SAP has created a new business unit <a href="http://www.sap.com/solutions/grc/index.epx">Governance, Risk, and Compliance</a>.

The SAP Compliance Calibrator is ment to manage risks and controls in SAP systems. The standard functionality does not provide in depth functionality for this.

Without any extra tools I would suggest using the free text description field of the roles for the type of documentation that you want to do currently.

Best regards,

Christian

former_member674140 · ‎08-23-2006

Thanks Christian. I am aware of GRC. We already use Authoziation Assistant and have the roles identified as well as an inhouse tool (similar to Versa) that handles all of our approvals and auditing.

We will review GRC sometime in the future. Again we were just looking for a quick key identifier for display purposes.

I still would like an answer to my original questions.

What is the purpose of the role attributes?

How are the tables populated?

Why couldn't we add additional items if so desired similar to classification attributes?

sergio_spada · ‎04-28-2009

Hy Kathy,

have you ever find how to enhance role definition with new additional fields ?

former_member674140 · ‎04-28-2009

Sergio, no I have never receive a response to my original question on the use of the attributes. It just seem logical to me that we should be able to utilize this functionality. We have gone down a different path with creating Z application/tables to perform our necessary identification of the roles.