cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

No dropdown available for selecting connector in "Maintain Authorizations" of role methodolgy phase in BRM role maintenance

Former Member

on ‎06-01-2012 12:31 PM

0 Kudos

Hi GRC gurus

I have a requirement that roles for BI and Solman need to analysed for access risks against GLOBAL ruleset in BRM. For this purpose I have assigned the BI and Solman connector to a connector group for which I have loaded to GLOBAL ruleset. Then I have assigned these 2 connectors to all the 4 integration scenararios(AUTH, PROV, ROLEMG and SUPMG). Also I have mapped both the BI and Solman connectors as default connector in Access Control--> Maintain mapping for actions and connector groups.

Now when I try to create a single role in BRM, I am selecting the connector group(to which I had assigned the BI and Solman connectors) as landscape in the "define Role"phase. But in the "Maintain authorizations" phase , only the BI connector is appearing as "Backend System for Maintenance" . There is no dropdown available here so that I can select Solman connector if I have to create Solman role and not BI role.

Is there any config. settings whereby I can get a dropdown available and I can select the connector (BI connector when I require to create BI role and Solman connector when I require to create Solamn role).

Thanks in advance.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

neerajmanocha
Product and Topic Expert
Product and Topic Expert
‎06-04-2012 12:32 PM
0 Kudos

Hi Saibal,

Ideally, You can have only one system as default system for one landscape and same system is available for Maintain Authorizations. You cannot have multiple system for maintaining authorizations.

However you have an option to add more than one system (but you can make one system as default) in one landscape and at the time of generating role, you can choose those systems to generate the role there also.

Ideally, BI & Solman are 2 different kinds of systems and need to be in 2 different landscapes. If you have an requirement to add them in one landscape to generate the roles parallely in both system, you can do that. However Maintain Authorizations will be in one systme only.

Thanks & Regards

Neeraj

Show replies
Show replies
kevin_tucholke1
Contributor
‎06-01-2012 1:38 PM
0 Kudos

Siabal:

The connector groups for risk analysis and for business role management should be different.

In risk analysis, our recommendation is to use SOD Logical Systems against the rules.  If you use our out of the box rule sets, for example BC Set 'GRAC_RA_RULESET_SAP_BASIS', it will create a connector group (logical system) witth the ID SAP_BAS_LG.  You then assign all of your SOD relevant target instances to this connector group.

In business role management, you need to have a connector group that is structured by your SAP system Landscape, i.e.  DEV / QA / PRD (basically following your transport path for roles).  In business role management, role defination is by Landscape not by individual connector.  You should not be using the same connector groups for risk analysis as you do for business role management.

Thanks,

Kevin Tucholke

Show replies
Show replies
Ask a Question