cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BRM: Can roles be moved to multiple systems???

Go to solution
former_member184114
Active Contributor

on ‎03-26-2014 1:19 PM

0 Kudos

Hi,

While creating roles in BRM, it picks up the default system maintained in "Action Mapping" in SPRO. I was wondering if the same role can be moved (created/modified) in multiple systems at the same time.

Please advise.

Regards,

Faisal

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

AndrzejP
Active Participant
‎03-26-2014 1:35 PM
0 Kudos

Hi Faisal,

Yes, if you create connection group (roles will be automatically created on each connector / system in group), maintain also parameter 3012 (Allow Role Generation on Multiple Systems).

Best regards, Andrzej

Show replies
Show replies
former_member184114
Active Contributor
‎03-27-2014 5:28 AM
0 Kudos

Hi Andrez,

Does it mean that roles will not be transported using TRs, which is a traditional method for transporting roles to different systems?

If these roles are created in multiple systems, then will they be created at once as soon as the role owner has approved or first development, then quality, and once UAT is completed in quality, it is moved to production system?

Please help me understand this further.

Regards,

Faisal

AndrzejP
Active Participant
‎03-27-2014 8:35 AM
0 Kudos

Hi Faisal,

if you create roles directly from BRM (e.g. in DEV & QA environments) those roles will be created directly in those systems together with generated profiles. BRM does not generate transports.

If your change management process requires transports to QA, you could create roles in DEV only (if you have more then one client/mandant roles could be created on all of them), then after unit testing create a transport and move them to QA and PROD.

Regards, Andrzej

Former Member
‎04-24-2014 5:27 PM
0 Kudos

Hi Andrzej / Faisal

So after generating a role from BRM in DEV, QA & PRD simultaneously, if that role was assigned to a user in PRD, this user could bypass testing in QA. Do you know any way to restrict access to generate roles in PRD, but without changing the connection group?

Thanks and regards!

Fernando

former_member184114
Active Contributor
‎04-25-2014 5:40 PM
0 Kudos

Hi,

I think you can do it by removing it from Action#3 in Mapping for actions and connectors

Just got a thought, so shared.

By the way, how a user can bypass the testing? It is a role which will be tested first and then generated.

Regards,

Faisal

Former Member
‎04-28-2014 12:43 PM
0 Kudos

Hi Faisal, thanks for your reply.

In my BRM methodology, role generation is before testing because I need the role to be generated in QA to assign it to the user.

The thing is that when I generate the role, I can select every connector in the same connector group. So, if parameter 3012 is enabled, I could regenerate an existing role that is assigned to users in PRD without testing new changes.

If I remove Action 3 then I won't be able to generate the role and will have to create a transport request.

Regards,

Fernando

former_member184114
Active Contributor
‎04-28-2014 1:53 PM
0 Kudos

Fernando,

Have you tried restricting the same with authorization? May be you can find something there?

Regards,

Faisal

Former Member
‎04-28-2014 5:02 PM
0 Kudos

Faisal,

I've tried doing so, but there's not an authozation object to restrict role generation on a particular system. The object GRAC_ROLED with ACTVT 64 restricts access to generate role, but this object doesn't have any field like connector or system.

Thanks again.

Regards,

Fernando

former_member184114
Active Contributor
‎04-29-2014 7:42 AM
0 Kudos

Fernando,

Can you please check using GRAC_SYS and restrict GRAC_SYSID to the desired system?

Regards,

Faisal

former_member184114
Active Contributor
‎05-04-2014 1:25 PM
0 Kudos

Fernando,

Can you please check how you can use parameter 3012?

Regards,

Faisal

Answers (0)

Ask a Question