Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC PC 3.0 - Restriction to reports

Former Member

‎06-25-2012 10:13 AM

0 Kudos

In SAP GRC PC 3.0; does first level authorization restrict users / roles to view data for other organizations in reports from Report Center? Or is this available via Second Level Authorization Activation only?

Regards,

Sush

3 REPLIES 3

rajeshwari_akkamgari
Active Participant

‎06-25-2012 10:30 AM

0 Kudos

Hi Sush,

with first level authorization, you can restrict users for other organizations in reports.

If the second-level authorizations  is active, the user selection for entity-level role assignments is restricted to users who are assigned withthe relevant PFCG role in their user profile (SU01).

You can also refer to security guide for details.

regards,

Rajeshwari

former_member205878
Contributor

‎06-25-2012 11:20 AM

0 Kudos

Hi Sush,

With first level organization, the user responsible for one organization is rescricted to view the result of the other organization for which he is not responsible.

Second level authorization is an add on that restrict the users to role assignments.

More detail over it is available in the IMG help of the node.

Governance, Risk and Compliance ->  General Settings ->  Authorizations -> Maintain Authorization Customizing.

Reards,

Silky Sharma

saksham
Advisor
Advisor

‎06-25-2012 11:50 AM

0 Kudos

Hi Sush,

The USP of second level authorization is  that it enhances the PC security model with a 2 step verification method such that the authorization engine checks for the backend roles in addition to application-level user role assignment. 

Kind Regards,

Saksham Minocha