Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC AC 10.0 EAM Authorization missing for Reason Code Modify

Former Member

‎01-12-2013 10:14 AM

0 Kudos

Hello,

we try to change the Status of a reason code and reset the Usage, but by both activitys a authorization error were displayed: Authorization missing for Reason Cod Modify.

This also also appears with the Profiles SAP_ALL and SAP_NEW.

We have GRC AC 10.0 SP 8

Please help me.

Thanks a lot.

Kristin

8 REPLIES 8

Former Member

‎01-24-2013 12:09 PM

0 Kudos

Hi Kristin,

As funny as this may sound, don't expect any GRC related authorisations to be included within SAP_ALL and SAP_NEW.

I Believe the authorisation object of concern is "GRAC_RCODE", where you need the have ACTVT field as Change/Create etc and the other fields are GRAC_RSCOD (reason code restriction field) and GRAC_SYSID (where you can restrict maintenance of the codes by certain system also).

Assign the EAM Admin role (or any role that provides the authorisations above) to your ID/Test ID and try to maintain the Reason codes again.

If this fails, then perform an Auth trace and let us know what you find.

I hope this helps and resolves your issue and All the best.

kevin_tucholke1
Contributor

‎01-24-2013 12:27 PM

0 Kudos

Kristin:

Please review the SAP Access Control Security guide.  This explains what roles you should have.

SAP_GRAC_ALL / GRAC_NWBC should give you what you need.

Former Member
In response to kevin_tucholke1

‎01-24-2013 12:46 PM

0 Kudos

If your job is to administrate the Emergency Access solution, then the  EAM Admin role (SAP_GRAC_SUPER_USER_MGMT_ADMIN) would be sufficient enough. This contains the authorisations you are after (as mentioned in my original reply).

There is no need to give the GRAC_ALL access unnecessarily if you have a controlled environment (i.e. you are not the full time main GRC admin).

And if you are new to GRC, as suggested by Kevin, have a look at the authorisations guide mentioned.

All the best.

Former Member
In response to kevin_tucholke1

‎01-28-2013 3:01 PM

0 Kudos

Hi,

thanks for your help. We test it with this Roles and the User have all nessary authorizations but the error is also the same.

I have now open a OSS Message.

Former Member
In response to kevin_tucholke1

‎02-03-2013 4:45 PM

0 Kudos

Is your issue resolved ?

Regards,

Rajesh

Former Member
In response to kevin_tucholke1

‎02-04-2013 6:14 AM

0 Kudos

Dear Rajesh,

the problem has not yet solved. Do you have any idea?

Regards,

Kristin Eckstein

Former Member
In response to kevin_tucholke1

‎02-04-2013 9:28 AM

0 Kudos

Hello Kristin,

As Harinam SanKirtan has told above to assign the role "SAP_GRAC_SUPER_USER_MGMT_ADMIN" is the solution for this issue. Did you try to assign this role and then see the effect.

Also check this role is generated.

Regards,

Rajesh Nanda

Harinam SanKirtan

Former Member
In response to kevin_tucholke1

‎02-04-2013 10:59 AM

0 Kudos

Hello Rajesh,

yes I have assign this role, but the error is the same as before. Roles are generated.

Regards,

Kristin Eckstein