on 12-16-2012 8:06 AM
Hi All,
I have created a test user called "REQUESTOR". As name itself says, this user should only be able to raise access request in ARQ. I have assigned below roles to this user:
SAP_GRAC_ACCESS_REQUESTER
SAP_GRAC_NWBC
SAP_GRC_FN_BASE
What I have observed that, this user can access any part of ARQ as the administrator can! Meaning, it has all the links enabled in Access Management. May anyone please tell me how I can restrict him to access only certain part of the application like: Create Access Request, Search a Request's status.
I would like to enable only certain links in the Access Management page which he is supposed to access.
Please help.
Regards,
Faisal
Can anybody help me?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Faisal
We have created our own Role and the Object GRAC_RQTYP we have specified 001, 002 and 006, which are "New Account", Change Account" & "Superuser Access"
I have noticed that the SAP standard Roles have a lot of Astrix "*"
Please investigate the Roles and this should help you correct your problem.
Regards
Mustafa
Mustafa,
Thanks for your kind reply.
I created a test role (Z_GRC_TEST_ROLE) and included object "GRAC_RQTYP" and made necessary settings. I also created a test user and then added below roles to it:
1. SAP_GRAC_NWBC
2. SAP_GRC_FN_BASE
3. Z_GRC_TEST_ROLE
I noticed that now this has only access to create and submit a request.
Thanks for your help
Regards,
Faisal
SAP Note 1718540 provides a little introduction to the problem you are facing.
you might modify via SM34 the view cluster GRFNVC_ITEMAUTH ,where these menu items are configured. Here you will see also authorization objects linked to specific items.
As the option "Template Based Request" is linked to a general authorization object, you might replace this authorization object for this entry and replace it with some other objects or vice versa.
Keep in mind that a upgrade might overeride your settings..
regards
Johannes
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.