cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Access Restriction to target systems in GRC 10

Go to solution
Former Member

on ‎12-09-2013 1:37 AM

0 Kudos

Hi,

I need some advice on restricting the target system access.

Currently my GRC 10 is connected to 3 different ERM systems. We have 3 different support group users and would like to restrict them to perform RAR for a particular system.

eg. User A only can perform ARA & EAM in System A with Ruleset A, User B only can perform ARA & EAM in System B with Ruleset B  & etc

I've tried to restrict all the auth obj field GRAC_SYSID & GRAC_RSET for User A & User B.

However, the restriction only reflected on Access Dashboard. The Users still can access to all system & all ruleset when they perform User level RAR & User Level Simulation etc.

Please advise how can do the restriction on system & ruleset access?

Thank You.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member222957
Explorer
‎12-16-2013 4:04 PM
0 Kudos

Hi Rachel,

Please check if the solution mentioned at http://scn.sap.com/thread/3277336 answers you question.

BR

Sebastian

Show replies
Show replies
Former Member
‎12-18-2013 3:30 AM
0 Kudos

Hi Sebastian,

Thanks for your kind help.

The solution given there is for restricting user to access on a particular ruleset.

Do you have any idea how to restrict the user to access on a target system? The screenshot that I captured above, user can search and access to all the system (CNCCLNT205, PXECLNT100, Z9E). Is there any object that I can restrict the user to access to only 1 target system (eg. PXECLNT100) rather than all the systems?

I've restricted all the auth obj field GRAC_SYSID to connect to system PXECLNT100 only. However, user still can access to other system (CNCCLNT205, Z9E etc)

Thank you.

BR,

Rachel

former_member222957
Explorer
‎12-18-2013 11:08 AM
0 Kudos

Hi Rachel,

Did you restrict authorization object GRAC_SYS (field GRAC_SYSID)?

I have restricted this object. The result is that a user can run risk analysis only for restricted systems and also create access requests only for restricted systems. Restriction might also affect mitigation assignment and other system-specific tasks. Did not test every side-effect so far.

We are on Support Pack 12. In case you have an older SP you might need to implement notes like 1824694 - Connector authorization check missing in simulation

Since authorizations add up please make also sure that authorization is not assigned via another role.

Best Regards

Sebastian

Former Member
‎12-20-2013 2:37 AM
0 Kudos

Hi Sebastian,

Yes, I have restricted the object GRAC_SYS in the system.

I think you might be right, the Support pack is not the latest version. I will try again after we have updated our SP to 12 or later.

Thank you.

Best Regards,

Rachel

Answers (0)

Ask a Question