on 06-03-2014 9:13 PM
Hi Gurus!
I'm having an issue with BRM component.
I've configured all steps necessary for role maintenance, as it's indicated in document "AC 10.0 - Business Role Management".
I'll be creating derived roles, composite roles, simgle roles and profiles. There is a methodology defined, and 5 phases for the creation are set.
When creating a single role, methodology works OK. However, the rest of the roles doesn't have those 6 phases: composite has 4 and derived and profile have 2.
Do you know ahy this happens and how can I solve it? Prints will be given if needed.
Thank you in advance!
Hi Almiron
Role methodology steps will change depending on the role type. I think table GRACROLEPHASE contains the mappings for them.
For example, a business role is logical so you will not see the Authorisation Data Phase or Derive Role.
If you need different methodology beyond the default you then need to configure the BRF+ rule and mapping for condition group.
Regards
Colleen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI Almiron
After configuring your BRF+ rules did you complete IMG steps:
I assume you did Define Methodology Processes and Steps to create you different methodologies
If you have, maybe put up some screens shots for assistance
Regards
Colleen
PS - methodology on a role is not calculated until you press save on the role definition phase.
Hi!
I found out that table GRACRULEPHASES, that has the phases/steps for each typr of role (and application), does not show the methodologies I selected for each type of role, which means IMG configurations and/or BRF+ rule are not maintaining it.
Do you have any idea why this happens? I think it may resolve my issue.
Hi Melisa
Can you please show a screen shot for what you mean by that?
Role Methodology configuration has the following:
There is no direct mapping of Condition Group to Steps
Condition Group --> Methodology --> Steps (limited to allowed mappings). I think the restricted mappings are based on definitions in tables GRACROLEPHASE and GRACMTHACTION
Regards
Colleen
Hi Colleen!
What I meant is that table GRACROLEPHASE does not have the methodologies I configured in SPRO and BRF+, e.g. for Single Role the methodologies I defined (where the application is 000; I think the application is Default) are ok.
However, for Composite Role (Derived Roles and Profile as well) the methodology configurations I've made did not update in the table. I realized this because there's a step missing (the authorization step).
Derived Role and Profile as well.
I think there might be some config. o setting I'm not populating.
Colleen, I forgot to ask you something. There two things you said I did not understand. Can you explain them please?
2 SAP pre delivers the default methodology and it will apply when you create a new role until you press save on role definition phase unless you have created your own BRF+ rule and maintained additional methodologies
5 You then map your BRF+ results to your rule steps
Thanks!
Hi Melisa
I think I may have mixed some of my tables up (sorry memorising stuff from 18 months back). BC set GRAC_ROLE_MGMT_METHODOLOGY contains the initial values for the steps and actions in methodology (tables/views GRACV_MTH, GRACV_MTHSTEP, GRACVSTEP). Did you have this BC set activated? These tables/views are where your configuration of methodology will be stored.
In addition, the GRACROLEPHASE table is delivered by SAP (have a look at SE11/12) to map the valid actions per role type. I believe APPL_TYPE_ID = 000 applies as the default for the role_type unless role type is specified. SAP is controlling which methodology steps can apply for a specific role type for a specific system type.
You will notice in GRACROLEPHASE only SIN roles that are SAP technical roles have their own APPL_TYPE entry. This is because SAP knows that PFCG is handled differently for the different technical roles. For example, a single (SIN) role would have MTH_ACTION 004 to Derive but a composite (COM) would not have 004 as you cannot derive a composite role in SAP.
Another example, is BUS role. Business Roles are logical roles that do not exist in SAP PFCG. The only steps they can have are 1, 5, 6 and 8 - Definition, Risk Analysis, Approval and Testing - none of these steps are SAP PFCG steps (2, 4 and 7).
In you define methodology, did you double-click and maintain the actions/steps?
Do you have an example of your the steps for a role type that you have tried to configure and a screen shot of what methodology has been calculated? That is, what outcome do you expect for your methodology?
Regards
Colleen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.