cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC AC 10.0 - BRM - Methodology is not working

Former Member

on ‎06-03-2014 9:13 PM

0 Kudos


Hi Gurus!

I'm having an issue with BRM component.

I've configured all steps necessary for role maintenance, as it's indicated in document "AC 10.0 - Business Role Management".

I'll be creating derived roles, composite roles, simgle roles and profiles. There is a methodology defined, and 5 phases for the creation are set.

When creating a single role, methodology works OK. However, the rest of the roles doesn't have those 6 phases: composite has 4 and derived and profile have 2.

Do you know ahy this happens and how can I solve it? Prints will be given if needed.

Thank you in advance!

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Colleen
Advisor
Advisor
‎06-03-2014 10:55 PM
0 Kudos

Hi Almiron

Role methodology steps will change depending on the role type. I think table GRACROLEPHASE contains the mappings for them.

For example, a business role is logical so you will not see the Authorisation Data Phase or Derive Role.

If you need different methodology beyond the default you then need to configure the BRF+ rule and mapping for condition group.

Regards

Colleen

Show replies
Show replies
Former Member
‎06-04-2014 1:07 PM
0 Kudos

Hi Colleen, thanks for helping me!

I've done a BRF+ rule where I mapped condition group and role type but it still brings me the default methodologies for each role.

Colleen
Advisor
Advisor
‎06-04-2014 1:36 PM
0 Kudos

HI Almiron

After configuring your BRF+ rules did you complete IMG steps:

  • Assign Condition Groups to BRFplus Functions - map the METHODOLOGY type to you BRF+ application and function
  • Associate Methodology Process to Condition Group - mapping entry for each condition group in your BRF+ rule set to the methodology ID.

I assume you did Define Methodology Processes and Steps to create you different methodologies

If you have, maybe put up some screens shots for assistance

Regards

Colleen

PS - methodology on a role is not calculated until you press save on the role definition phase.

Former Member
‎06-04-2014 2:30 PM
0 Kudos

Hi Colleen,

I've configured all settings you mentioned, you can see them in the screen shots. Also, i've pressed "Save" button but it did not bring the methodology.

BRFplus rule was created from SPRO and BRF+.

Former Member
‎06-05-2014 2:21 PM
0 Kudos

Hi!

I found out that table GRACRULEPHASES, that has the phases/steps for each typr of role (and application), does not show the methodologies I selected for each type of role, which means IMG configurations and/or BRF+ rule are not maintaining it.

Do you have any idea why this happens? I think it may resolve my issue.

Colleen
Advisor
Advisor
‎06-05-2014 11:03 PM
0 Kudos

Hi Melisa

Can you please show a screen shot for what you mean by that?

Role Methodology configuration has the following:

  1. SAP pre delivers a table allowed methodology steps per role type. For example, if you attempted to add 'maintain authorisations step to the business role type you will not see the step as it is impossible in SAP standard to do so (I think this is table GRACROLEPHASE but would need to log in to a system to check)
  2. SAP pre delivers the default methodology and it will apply when you create a new role until you press save on role definition phase unless you have created your own BRF+ rule and maintained additional methodologies
  3. You can then create your own methodologies (which I can see you have done) but SAP mapping of allowable step (action) to role type will still apply
  4. You can then maintain your BRF+ rule and add it to the conditions table
  5. You then map your BRF+ results to your rule steps

There is no direct mapping of Condition Group to Steps

Condition Group --> Methodology --> Steps (limited to allowed mappings). I think the restricted mappings are based on definitions in tables GRACROLEPHASE and GRACMTHACTION


Regards

Colleen

Former Member
‎06-06-2014 3:32 PM
0 Kudos

Hi Colleen!

What I meant is that table GRACROLEPHASE does not have the methodologies I configured in SPRO and BRF+, e.g. for Single Role the methodologies I defined (where the application is 000; I think the application is Default) are ok.

However, for Composite Role (Derived Roles and Profile as well) the methodology configurations I've made did not update in the table. I realized this because there's a step missing (the authorization step).

Derived Role and Profile as well.

I think there might be some config. o setting I'm not populating.

Former Member
‎06-06-2014 3:54 PM
0 Kudos

Colleen, I forgot to ask you something. There two things you said I did not understand. Can you explain them please?

2 SAP pre delivers the default methodology and it will apply when you create a new role until you press save on role definition phase unless you have created your own BRF+ rule and maintained additional methodologies

5 You then map your BRF+ results to your rule steps

Thanks!

Colleen
Advisor
Advisor
‎06-08-2014 7:34 AM
0 Kudos

Hi Melisa

I think I may have mixed some of my tables up (sorry memorising stuff from 18 months back). BC set GRAC_ROLE_MGMT_METHODOLOGY contains the initial values for the steps and actions in methodology (tables/views GRACV_MTH, GRACV_MTHSTEP, GRACVSTEP). Did you have this BC set activated? These tables/views are where your configuration of methodology will be stored.

In addition, the GRACROLEPHASE table is delivered by SAP (have a look at SE11/12) to map the valid actions per role type. I believe APPL_TYPE_ID = 000 applies as the default for the role_type unless role type is specified. SAP is controlling which methodology steps can apply for a specific role type for a specific system type.

You will notice in GRACROLEPHASE only SIN roles that are SAP technical roles have their own APPL_TYPE entry. This is because SAP knows that PFCG is handled differently for the different technical roles.  For example, a single (SIN) role would have MTH_ACTION 004 to Derive but a composite (COM) would not have 004 as you cannot derive a composite role in SAP.

Another example, is BUS role. Business Roles are logical roles that do not exist in SAP PFCG. The only steps they can have are 1, 5, 6 and 8 - Definition, Risk Analysis, Approval and Testing - none of these steps are SAP PFCG steps (2, 4 and 7).

In you define methodology, did you double-click and maintain the actions/steps?

Do you have an example of your the steps for a role type that you  have tried to configure and a screen shot of what methodology has been calculated? That is, what outcome do you expect for your methodology?

Regards

Colleen

Ask a Question