cancel
Showing results for 
Search instead for 
Did you mean: 

Roles without users assign in SAP GRC 10.0

Former Member
0 Kudos

Hi all,

This question is for Access Control. Are roles without users assigned analyzed by SAP GRC 10.0 AC? could i modify this setting at table GRACV_CONFIGSET?

thank you in advanced.

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
0 Kudos

Hi Sergio,

ARA analyze all the roles that you have synced through the Repository Sync job irrespective of the fact that whether they have assigned any user or not.

There is no such parameter in the configuration settings with the help of which you can exclude role that dont have users.

Regards

Shaily

Former Member
0 Kudos

Hi Sergio,

In GRC under ARA application  you can run the risk analysis on Role even if no user is assigned to thet Role. For this you need to first run the Repository sync job for role (via path SPRO-> Governance Risk and Compliance->Access Control->Synchronization job->Repository Object Sync) so that all the Roles will come to the GRC box.

After that you need to go to the NWBC link -->Access Management tab--> Access Risk Analysis-->Role Level. (I am assuming that you have already created Risk in the application)

If you open this link then here you can enter the system and the role name for which you want to run the Risk Analysis.

Regards

Shaily

Former Member
0 Kudos

Hi Shayly,

Thank you for your response but i am afraid that this is not resolving my problem. The point is that i would like to know if ARA analyse all the roles that i have sync or ARA only takes into account that roles that have users assigned. Maybe there is a parameter at Maintain Configuration Settings that i can change to exclude these roles that they don't have users assigned.

Thank you.

Former Member
0 Kudos

Hi Sergio,

The risk analysis will only take into account roles/users/profiles that have been identified during the Object Sync jobs.

I know there is a bug in SP06, where the incremental sync is not always picking up new roles. therefore a full sync is sometimes required to pick these new objects (i.e. Incremental sync jobs are not doing what they should at times).

There is a SAP note in regards to this issue 1700936 - Roles after successful import not available for access request

Former Member
0 Kudos

Hi Sergio,

Yes, you can analyze the role which are not assigned to user in ARA application under Role Level Analysis.

Regards,

Shaily

Former Member
0 Kudos

Hi Shaily,

First of all, thank you for your response. However, i don't know where can i mark this option. I mean, where can i trigger an analysis rol job where exclude roles without users, or is this done by default?

Thnak you.