on 07-16-2012 4:20 AM
Hello Gurus,
I would like to know the basic concept behind Business Roles in GRC AC10 & how do they work ?
Can any one please provide me a link/document explaining the same ?
Also i have seen certain things in BRM related to ROLE certification , does it play any part in Business Roles ??
Please help.
Thanks & Regards,
Victor
Hi Victor,
Business Roles are the enhanced process for mapping Techincal access Authorizations to Business functions.
While Importing or Defining a Business Role, Application Type is always BUSINESS ROLES and Landscape is always ROLE MANAGEMENT BUSINESS GROUPS.
You can refer BRM Guide on Service Market Place or follow the Below link:
http://scn.sap.com/docs/DOC-1570
Please follow the below links for the discussion about Business Roles.
http://scn.sap.com/thread/3204683
http://scn.sap.com/thread/3182062
SAP Notes to know more about Business Roles related issues.
1696320
1696647
1736960
1692561
Role Certification - It is a different concept. It is similar like User Access Review. It allows the Role owner to review and certify the role content on a periodic basis.
We give the certification period in number of days. After the defined days, an email reminder is sent to Role Owner to notify him that the Role needs to be certify.
Hope this helps!
Regards,
Shreya Gupta
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Shreya,
We tried to implement the same ,but there are few queries.
1) In which system do these roles(business roles) get created ??
e.g) we created a business role : Z_BUSINESS & assigned it 2 roles , Role A belonging to system xx & Role B belonging to system zz.
Now if we want to assign the request to a user who is present in system "xx" only then how will it work ??
Or am i understanding it wrong ??
Regards,
Victor
Hi Victor,
Business Roles can be created in any system.
The idea of Business Roles is to simplify access procedures for end user. When end user requests Business Role, he does not need to know about technical roles it consists of. So when Business Role is assigned by request, end user should see that 1 Business Role is assigned but not several technical roles.
So, you can create in any system.
Therefore, when you create a request for a user who is present in xx system, the Business Role Z_BUSINESS will get assigned to it.
There are few SAP Notes, which you may refer:
Note 1668386 - UAM: update assignment from BRM is not correct
Note 1665863 - RUGRCAC: update assignment problem
Note 1671232 - RUGRCAC: update assignment problem (2)
Best Regards,
Shreya Gupta
Hi Victor,
Adding to Shreys point, Actually you can not see the Business role actually created in the R/3 system, It is just the BRM concept. When you provision any Business Role, it means that you are actually provisioning group of technical roles in the backend system.
So, when you assign the Business role to the user in the request (having tow technical role from different system) you will not select the system for this business role. It will automatically take both the technical role's system.
For detail Ref SAP Note #1694826: Business roles and System combination search in Access Request
Hope this answers your query.
Regards,
Shaily
Hi Victor,
Business Role is an efficient way of managing roles in an organization and model them based on a job function. Each business role represents a Job role or function and is associated to one or more related Technical Roles.
An example of a business role is “ AP Clerk” which has all the authorizations that Accounts Payable Clerk needs to perform his activities
Navigate to the Role Maintenance Screen and create a role with role type as Business Role
Specify the Role Attributes for Business Role
For Business Roles, Application Type is BUSINESS ROLES.
Role Certify: (In addition to Shrey's reply)
Role Certification allows the Role owner to review and certify the role content on a periodic basis
This is similar to User Access Review, except that, instead of user assignment, the role is certified
Role certification attributes are defined in the Role Properties.
Certification period is defined in days
Next certification is calculated based on the period and the last certification date
After the defined days, an email reminder will be sent to Role Owner
The reminder template can be customized in IMG
Regards
Shaily
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.