on 05-16-2012 1:42 PM
Hi all,
This question is for Access Control. Are roles without users assigned analyzed by SAP GRC 10.0 AC? could i modify this setting at table GRACV_CONFIGSET?
thank you in advanced.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sergio,
In GRC under ARA application you can run the risk analysis on Role even if no user is assigned to thet Role. For this you need to first run the Repository sync job for role (via path SPRO-> Governance Risk and Compliance->Access Control->Synchronization job->Repository Object Sync) so that all the Roles will come to the GRC box.
After that you need to go to the NWBC link -->Access Management tab--> Access Risk Analysis-->Role Level. (I am assuming that you have already created Risk in the application)
If you open this link then here you can enter the system and the role name for which you want to run the Risk Analysis.
Regards
Shaily
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Shayly,
Thank you for your response but i am afraid that this is not resolving my problem. The point is that i would like to know if ARA analyse all the roles that i have sync or ARA only takes into account that roles that have users assigned. Maybe there is a parameter at Maintain Configuration Settings that i can change to exclude these roles that they don't have users assigned.
Thank you.
Hi Sergio,
The risk analysis will only take into account roles/users/profiles that have been identified during the Object Sync jobs.
I know there is a bug in SP06, where the incremental sync is not always picking up new roles. therefore a full sync is sometimes required to pick these new objects (i.e. Incremental sync jobs are not doing what they should at times).
There is a SAP note in regards to this issue 1700936 - Roles after successful import not available for access request
Hi Sergio,
Yes, you can analyze the role which are not assigned to user in ARA application under Role Level Analysis.
Regards,
Shaily
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.