01-12-2013 10:14 AM
Hello,
we try to change the Status of a reason code and reset the Usage, but by both activitys a authorization error were displayed: Authorization missing for Reason Cod Modify.
This also also appears with the Profiles SAP_ALL and SAP_NEW.
We have GRC AC 10.0 SP 8
Please help me.
Thanks a lot.
Kristin
01-24-2013 12:09 PM
Hi Kristin,
As funny as this may sound, don't expect any GRC related authorisations to be included within SAP_ALL and SAP_NEW.
I Believe the authorisation object of concern is "GRAC_RCODE", where you need the have ACTVT field as Change/Create etc and the other fields are GRAC_RSCOD (reason code restriction field) and GRAC_SYSID (where you can restrict maintenance of the codes by certain system also).
Assign the EAM Admin role (or any role that provides the authorisations above) to your ID/Test ID and try to maintain the Reason codes again.
If this fails, then perform an Auth trace and let us know what you find.
I hope this helps and resolves your issue and All the best.
01-24-2013 12:27 PM
Kristin:
Please review the SAP Access Control Security guide. This explains what roles you should have.
SAP_GRAC_ALL / GRAC_NWBC should give you what you need.
01-24-2013 12:46 PM
If your job is to administrate the Emergency Access solution, then the EAM Admin role (SAP_GRAC_SUPER_USER_MGMT_ADMIN) would be sufficient enough. This contains the authorisations you are after (as mentioned in my original reply).
There is no need to give the GRAC_ALL access unnecessarily if you have a controlled environment (i.e. you are not the full time main GRC admin).
And if you are new to GRC, as suggested by Kevin, have a look at the authorisations guide mentioned.
All the best.
01-28-2013 3:01 PM
Hi,
thanks for your help. We test it with this Roles and the User have all nessary authorizations but the error is also the same.
I have now open a OSS Message.
02-03-2013 4:45 PM
02-04-2013 6:14 AM
Dear Rajesh,
the problem has not yet solved. Do you have any idea?
Regards,
Kristin Eckstein
02-04-2013 9:28 AM
Hello Kristin,
As Harinam SanKirtan has told above to assign the role "SAP_GRAC_SUPER_USER_MGMT_ADMIN" is the solution for this issue. Did you try to assign this role and then see the effect.
Also check this role is generated.
Regards,
Rajesh Nanda
02-04-2013 10:59 AM
Hello Rajesh,
yes I have assign this role, but the error is the same as before. Roles are generated.
Regards,
Kristin Eckstein