cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Roles in BRM not getting deleted

Former Member

on ‎09-25-2013 4:56 PM

0 Kudos

Hi All

I am trying to delete few roles in BRM POWL. But they are not getting deleted may be due to old landscape which I changed recently.so please guide me how to delete it from BRM only and not from back-end system.

Regards

Pradeep

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (6)

Answers (6)

p_gray
Discoverer
‎02-05-2014 4:04 AM
0 Kudos

I think I'm having the same problem as Pradeep.  Here is the situation.  I have 4 roles in the same situation.  The roles were deleted across the landscape through PFCG, so the roles physically do not exist in Profile Generator in DEV, QA or PRD.  However, when I attempt to remove the role from BRM, I get the following error messages:

Role ABC is being used and cannot be deleted

No roles are valid for deletion in back-end

How can the role be used if I deleted it across the landscape through PFCG?  I think I have an out-of-sync condition.  I found table GRACROLE in SE16, all 4 of these roles are on this table.  However, if I try to maintain there is no maintenance dialog.  What does one do when the role still resides on BRM but it doesn't physically exist on any users or on any landscape other than GRC on BRM?

Show replies
Show replies
Colleen
Advisor
Advisor
‎02-05-2014 4:10 AM
0 Kudos

Hi Pam

have you attempted to run the user/role/profile sync again?

Have you looked at the BRM assignments tab to see if the role is assigned a user or position (integration with CUP) and also looked to see if there if it is mitigated for a risk (can't remember how much integration with BRM and RAR)

If still stuck, run ST05 trace and attempted to delete role in GRC to see which table has the entry claiming it is still in use.

As an aside, if you are using GRC-BRM I would assume you should perform role deletions there first (since source of truth for role repository) before deleting out of PFCG.

Regards

Colleen

Former Member
‎10-02-2013 1:08 PM
0 Kudos

deleting a role is pretty straugh forward if you dont have any derived role ,used in a open or part of buisness role ,

If you have cgnage the landscape there should be two entries of same role if you have not sleected overwrite option while importing , even than deletion shuld be straight forward .

You always have option to change their status from production to development if you dont want that role to be slected in access request . You can use this as a workaround if not able to delete

Regards

Asheesh

Show replies
Show replies
Former Member
‎10-02-2013 7:34 PM
0 Kudos

Hi Asheesh

Thanks for your reply.I know deletion is a straight forward task but I am facing the issue that's the reason I had to open this post.

There are no 2 entries for the same role.Only 1 entry tagged to old connector group SAP_ECCS.

I had to delete these roles as it is part of cleanup activity,changing the status won't help here in this case.

Regards

Pradeep

Arif1
Active Participant
‎10-01-2013 6:57 PM
0 Kudos

HI,  The role deletion facilities are added in SP11. You can however simply make the role unavailable for selection to users by searching for the role in CUP and in the assignment validity set the role status to disable.However you can follow the step  > Go to CUP configuration tab --> click on Request option --> choose deleting requests > next > then its asks to delete all requests and then choose Submit option  Thanks, Arif

Show replies
Show replies
Former Member
‎10-02-2013 7:36 PM
0 Kudos

Hi Arif

Thanks for your reply but I don't understand the solution you provided is how much relevant here.

It seems you are talking of more of Access Request whereas I just wanted to delete the role from front-end as part of clean-up activity.

Regards

Pradeep

Former Member
‎10-03-2013 12:07 PM
0 Kudos

Hi Pradeep,

I think we have provided the solution in regards to deleting roles in the front end side

Former Member
‎10-03-2013 7:37 PM
0 Kudos

Hi Harinam

I don't think I got the solution which I was looking for.

Therefore still hoping to get the correct answer to resolve my issue.

Regards

Pradeep

Former Member
‎10-01-2013 5:13 PM
0 Kudos

When deleting a role from BRM front end, I usually get a message if I would like it to be deleted from the back end also:

    "Do you want to delete selected role(s) from front-end and back-end? Click 'Yes' for deleting from      both. Click 'No’ for deleting only from front-end. Click 'Cancel' to cancel deletion from both. "

(usually I select no, just in case).

Show replies
Show replies
Former Member
‎10-01-2013 7:13 PM
0 Kudos

Hi Harinam

Thanks for your reply. I do the same.

Regards

Pradeep

Colleen
Advisor
Advisor
‎09-26-2013 1:52 AM
0 Kudos

Hi Pradeep

Before deleting roles in BRM you need to check that they are not assigned to any other roles (e.g. composites or business roles) or users. If it is an imparting role, make sure you delete the derived roles first.Ensure that you have no workflow in progress.

I'm not sure if GRC also checks if the role is used in a Agent Determination in MSMP or not (what I think Arif is alluding to). There is no harm in checking that.

Also, check if the role is mitigated in RAR (again, not entirely sure if there is a dependency for that but nor harm in looking)

Regards

Colleen

Show replies
Show replies
Former Member
‎10-01-2013 3:48 PM
0 Kudos

Hi Colleen

I am not sure exactly what you are referring to but I check the roles are not linked to any parent or composite role.

Also I checked all the workflow requests they don't contain either.

However,I believe the sole reason is the change of system landscape and these few roles are tagged to that old landscape which doesn't exists in the system.

Please suggest if that is the case how to delete them.

Regards

Pradeep

Colleen
Advisor
Advisor
‎10-01-2013 11:59 PM
0 Kudos

Hi Pradeep

What do you mean by the old landscape? Did the role exist against a different connector that is no longer in the system

I did have issues doing BRM role deletion a while back. For some reason re-running sync jobs a few times did clear this (can't remember exact issue)

also, is the role assigned to a user in a the actual system (not showing in BRM)?

Former Member
‎10-02-2013 7:30 PM
0 Kudos

Hi Colleen

Actually earlier I selected the Connector group as SAP_ECCS wrongly due to which Risk analysis  was not happening properly.After that I changed it to the connector group SAP_R3.

Now the roles which I am not able to delete it are tagged to SA__ECCS.

I want these roles to be deleted just from BRM as they are assigned to some important users in backend. Since it is a cleanup activity therefore I need to remove these roles from the system.

Regards

Pradeep

Colleen
Advisor
Advisor
‎10-10-2013 2:57 AM
0 Kudos

is there any way you can switch it back to the previous connector group and then attempt to delete?

Former Member
‎10-11-2013 10:50 PM
0 Kudos

Hi Colleen

I found the reason why I am not able to delete the role.It's not because of the change in landscape but I cancelled few requests for UAR workflow out of which few got cancelled with status Finished and there are some requests with status aborted & approval status as decision pending.

These requests captures those roles which does not allows to delete it.

Please advise me how to free these roles from the requests.

Regards

Pradeep

Colleen
Advisor
Advisor
‎10-11-2013 11:59 PM
0 Kudos

Hi Pradeep

Have a look at post below for the two program's you can use to cancel wf

http://scn.sap.com/thread/3340760

Cheers

Colleen

Former Member
‎10-14-2013 8:18 PM
0 Kudos

Hi Colleen

I tried this but it didn't work for me.Since the instance status is in Aborted but the Approval status is still Decision Pending.

Is there a way to make the instance status as Finished and Approval status as cancelled?

Regards

Pradeep

Arif1
Active Participant
‎09-25-2013 5:07 PM
0 Kudos

Hi,  the role is in used in workflow, so you need to delete using T-Code GRFNMW_CONFIGURE  Thanks, Arif

Show replies
Show replies
Former Member
‎09-25-2013 7:32 PM
0 Kudos

Hi Arif

I am not sure how these roles are used in the workflow and how can I delete these from the above transaction.Please guide me.

Regards

Pradeep

Arif1
Active Participant
‎09-25-2013 8:11 PM
0 Kudos

Hi,  please send error screen print while deleting.  Thanks, Arif

Ask a Question