on 03-11-2013 8:05 PM
Dear all.
I would like to know what is the impact of deleting from Access Control a Process and Subprocess that are already assigned to roles. I have done some testing with the following:
i would like to know which impact regarding reporting, BRM and so on could carry to delete the process and subprocess inserted for Access Control.
many thanks in advanced.
best regards.
I would assume if you fix the roles first and swap them over to new process/sub process names first you will not have too much reporting impacts
Other potential impacts:
1. Does your naming convention use those field? It won't cause an error but it may form part of role conventions and make this mismatch
2. Do you have any BRF+ rules with the decision table using the values you are deleting? If so, removing them will remove some of the potential routing options.
3. Consider non-BRM/UAR usage of the business process and sub process. Do you have any risks, functions, mitigating controls, org unit, etc which also use the business process and sub process? You may need to check impacts here as well.
Message was edited by: Colleen Lee - Adding point 3
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Collen.
First, tahnk you for your reply. Regarding your questions:
Thank you.
It sounds like you have done your impact analysis
If you are going to remove them check your data first. If no references, I can't see an issue. I don't use RM or PC to comment on that side
I don't think any of the AC data has either of these fields in primary key/reference keys of tables. They are classifications to use for reporting and business rules (BRF).
Good luck with the PC implementation.
I'm not entirely sure
Possibly instead of deleting the configuration you use authorizations to restrict access to the business processes?
GRAC_BPROC Authorization object for SOD Business Process.
GRAC_REQ Authorization object for CUP access request
GRAC_RISK Authorization object for SOD Access Risk
GRAC_ROLED Access Control Role Design
GRAC_ROLEP Access Control Role Provisioning
they all contain the field GRAC_BPROC - Business Process
You can then look at objects for filed GRAC_BSUBP - Subprocess (I can't seen it in use though)
That way you have no risk of configuration missing and it's all master data changes?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.