cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP GRC Access Control - Impact deleting Process and Subprocess control over roles

Go to solution
Former Member

on ‎03-11-2013 8:05 PM

0 Kudos

Dear all.

I would like to know what is the impact of deleting from Access Control a Process and Subprocess that are already assigned to roles. I have done some testing with the following:

  • The roles are still available for Access Request Management and the provisioning
  • The roles lost the information regading process and subprocess in some menus.

i would like to know which impact regarding reporting, BRM and so on could carry to delete the process and subprocess inserted for Access Control.

many thanks in advanced.

best regards.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Colleen
Advisor
Advisor
‎03-11-2013 11:18 PM
0 Kudos

I would assume if you fix the roles first and swap them over to new process/sub process names first you will not have too much reporting impacts

Other potential impacts:

1. Does your naming convention use those field? It won't cause an error but it may form part of role conventions and make this mismatch

2. Do you have any BRF+ rules with the decision table using the values you are deleting? If so, removing them will remove some of the potential routing options.

3. Consider non-BRM/UAR usage of the business process and sub process. Do you have any risks, functions, mitigating controls, org unit, etc which also use the business process and sub process? You may need to check impacts here as well.

Message was edited by: Colleen Lee - Adding point 3

Show replies
Show replies
Former Member
‎03-12-2013 9:17 AM
0 Kudos

Hi Collen.

First, tahnk you for your reply. Regarding your questions:

  • Yes, my naming conventions corresponds to some process and subprocess. I would assume that would make in some cases a mismatch
  • We don't have implemented BRF+
  • We are pending update mitigation control. That's why i need to modify some business process and subprocess, due they have to mapp against process and subprocess for Process Control, in order to take advantatge of integration between AC and PC

Thank you.

Colleen
Advisor
Advisor
‎03-12-2013 11:22 PM
0 Kudos

It sounds like you have done your impact analysis

If you are going to remove them check your data first. If no references, I can't see an issue. I don't use RM or PC to comment on that side

I don't think any of the AC data has either of these fields in primary key/reference keys of tables. They are classifications to use for reporting and business rules (BRF).

Good luck with the PC implementation.

Former Member
‎03-18-2013 5:15 PM
0 Kudos

Yes, i did.

So i will see how impact this changes in the future.

Many thanks

Colleen
Advisor
Advisor
‎03-18-2013 11:21 PM
0 Kudos

I'm not entirely sure

Possibly instead of deleting the configuration you use authorizations to restrict access to the business processes?

GRAC_BPROC    Authorization object for SOD Business Process.

GRAC_REQ    Authorization object for CUP access request

GRAC_RISK    Authorization object for SOD Access Risk

GRAC_ROLED    Access Control Role Design

GRAC_ROLEP    Access Control Role Provisioning

they all contain the field GRAC_BPROC   - Business  Process

You can then look at objects for filed GRAC_BSUBP - Subprocess (I can't seen it in use though)

That way you have no risk of configuration missing and it's all master data changes?

Answers (0)

Ask a Question