cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Basic Concept of Business Roles in GRC & their working

Go to solution
Former Member

on ‎07-16-2012 4:20 AM

0 Kudos

Hello Gurus,

I would like to know the basic concept behind Business Roles in GRC AC10 & how do they work ?

Can any one please provide me a link/document explaining the same ?

Also i have seen certain things in BRM related to ROLE certification , does it play any part in Business Roles ??

Please help.

Thanks & Regards,

Victor

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-16-2012 4:48 AM
0 Kudos

Hi Victor,

Business Roles are the enhanced process for mapping Techincal access Authorizations to Business functions.

While Importing or Defining a Business Role, Application Type is always BUSINESS ROLES and Landscape is always ROLE MANAGEMENT BUSINESS GROUPS.

You can refer BRM Guide on Service Market Place or follow the Below link:

http://scn.sap.com/docs/DOC-1570

Please follow the below links for the discussion about Business Roles.

http://scn.sap.com/thread/3204683

http://scn.sap.com/thread/3182062

SAP Notes to know more about Business Roles related issues.

1696320

1696647

1736960

1692561

Role Certification - It is a different concept. It is similar like User Access Review. It allows the Role owner to review and certify the role content on a periodic basis.

We give the certification period in number of days. After the defined days, an email reminder is sent to Role Owner to notify him that the Role needs to be certify.

Hope this helps!

Regards,

Shreya Gupta

Show replies
Show replies
Former Member
‎07-18-2012 8:27 AM
0 Kudos

Hello Shreya,

We tried to implement the same ,but there are few queries.

1) In which system do these roles(business roles) get created ??

e.g) we created a business role : Z_BUSINESS & assigned it 2 roles , Role A belonging to system xx & Role B  belonging to system zz.

Now if we want to assign the request to a user who is present in system "xx" only then how will it work ??

Or am i understanding it wrong ??

Regards,

Victor

Former Member
‎07-19-2012 5:27 AM
0 Kudos

Hi Victor,

Business Roles can be created in any system.

The idea of Business Roles is to simplify access procedures for end user. When end user requests Business Role, he does not need to know about technical roles it consists of. So when Business Role is assigned by request, end user should see that 1 Business Role is assigned but not several technical roles.

So, you can create in any system.

Therefore, when you create a request for a user who is present in xx system, the Business Role Z_BUSINESS will get assigned to it.

There are few SAP Notes, which you may refer:

Note 1668386 - UAM: update assignment from BRM is not correct

Note 1665863 - RUGRCAC: update assignment problem

Note 1671232 - RUGRCAC: update assignment problem (2)

Best Regards,

Shreya Gupta

Former Member
‎07-19-2012 5:47 AM
0 Kudos

Hi Victor,

Adding to Shreys point, Actually you can not see the Business role actually created in the R/3 system, It is just the BRM concept. When you provision any Business Role, it means that you are actually provisioning group of technical roles in the backend system.

So, when you assign the Business role to the user in the request (having tow technical role from different system) you will not select the system for this business role. It will automatically take both the technical role's system.

For detail Ref SAP Note #1694826: Business roles and System combination search in Access Request

Hope this answers your query.

Regards,

Shaily

Former Member
‎07-20-2015 9:28 AM
0 Kudos

This message was moderated.

Answers (1)

Answers (1)

Former Member
‎07-16-2012 5:10 AM
0 Kudos

Hi Victor,

Business Role is an efficient way of managing roles in an organization and model them based on a job function. Each business role represents a Job role or function and is associated to one or more related Technical Roles.

An example of a business role is “ AP Clerk”  which has all the authorizations that Accounts Payable Clerk needs to perform his activities

Navigate to the Role Maintenance Screen and create a role with role type as Business Role

Specify the Role Attributes for Business Role

For Business Roles, Application Type is BUSINESS ROLES.

Role Certify: (In addition to Shrey's reply)

Role Certification allows the Role owner to review and certify the role content on a periodic basis

This is similar to User Access Review, except that, instead of user assignment, the role is certified

Role certification attributes are defined in the Role Properties.

Certification period is defined in days

Next certification is calculated based on the period and the last certification date

After the defined days, an email reminder will be sent to Role Owner

The reminder template can be customized in IMG

Regards

Shaily

Show replies
Show replies
Ask a Question