06-25-2012 10:13 AM
In SAP GRC PC 3.0; does first level authorization restrict users / roles to view data for other organizations in reports from Report Center? Or is this available via Second Level Authorization Activation only?
Regards,
Sush
06-25-2012 10:30 AM
Hi Sush,
with first level authorization, you can restrict users for other organizations in reports.
If the second-level authorizations is active, the user selection for entity-level role assignments is restricted to users who are assigned withthe relevant PFCG role in their user profile (SU01).
You can also refer to security guide for details.
regards,
Rajeshwari
06-25-2012 11:20 AM
Hi Sush,
With first level organization, the user responsible for one organization is rescricted to view the result of the other organization for which he is not responsible.
Second level authorization is an add on that restrict the users to role assignments.
More detail over it is available in the IMG help of the node.
Governance, Risk and Compliance -> General Settings -> Authorizations -> Maintain Authorization Customizing.
Reards,
Silky Sharma
06-25-2012 11:50 AM
Hi Sush,
The USP of second level authorization is that it enhances the PC security model with a 2 step verification method such that the authorization engine checks for the backend roles in addition to application-level user role assignment.
Kind Regards,
Saksham Minocha