cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC 10: How to restrict requestor authorization???

Go to solution
former_member184114
Active Contributor

on ‎12-16-2012 8:06 AM

0 Kudos

Hi All,

I have created a test user called "REQUESTOR". As name itself says, this user should only be  able to raise access request in ARQ. I have assigned below roles to this user:

SAP_GRAC_ACCESS_REQUESTER

SAP_GRAC_NWBC

SAP_GRC_FN_BASE

What I have observed that, this user can access any part of ARQ as the administrator can! Meaning, it has all the links enabled in Access Management. May anyone please tell me how I can restrict him to access only certain part of the application like: Create Access Request, Search a Request's status.

I would like to enable only certain links in the Access Management page which he is supposed to access.

Please help.

Regards,

Faisal

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member184114
Active Contributor
‎12-18-2012 7:53 AM
0 Kudos

Can anybody help me?

Show replies
Show replies
former_member208271
Participant
‎12-18-2012 11:51 AM
0 Kudos

Hi Faisal

We have created our own Role and the Object GRAC_RQTYP we have specified 001, 002 and 006, which are "New Account", Change Account" & "Superuser Access"

I have noticed that the SAP standard Roles have a lot of Astrix "*"

Please investigate the Roles and this should help you correct your problem.

Regards

Mustafa

former_member184114
Active Contributor
‎12-19-2012 2:27 PM
0 Kudos

Mustafa,

Thanks for your kind reply.

I created a test role (Z_GRC_TEST_ROLE) and included object "GRAC_RQTYP" and made necessary settings. I also created a test user and then added below roles to it:

1. SAP_GRAC_NWBC

2. SAP_GRC_FN_BASE

3. Z_GRC_TEST_ROLE

I noticed that now this has only access to create and submit a request.

Thanks for your help

Regards,

Faisal

Former Member
‎06-04-2013 9:40 AM
0 Kudos

My problem is a little bit difference. I have to create a menu in which for example, in the access request options, only the option "Template Based Request" would be available.

Do you know how could it be done?

Thanks so much in advance.

Former Member
‎10-28-2013 1:36 PM
0 Kudos

SAP Note 1718540 provides a little introduction to the problem you are facing.

you might modify via SM34 the view cluster GRFNVC_ITEMAUTH ,where these menu items are configured. Here you will see also authorization objects linked to specific items.

As the option "Template Based Request" is linked to a general authorization object, you might replace this authorization object for this entry and replace it with some other objects or vice versa.

Keep in mind that a upgrade might overeride your settings..

regards

Johannes

Answers (0)

Ask a Question