cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC AC 10: End User Personalization, disable role selection

Go to solution
Former Member

on ‎07-04-2014 12:58 PM

0 Kudos

Dear experts,

We are implementing a new Access Request for provisioning process.

We need that users will not be able to select roles in Access Request Creation.

In order to implement this procesure, we have modified the Default (999) End User Personalization and we have disabled the role value:

But from Access Request Creation menu, the option is still available:

We also try to create a new template for New Account Request and we have disable the role selection and we have change the priority to "High":

Now, in access details the solution is working properly:

But in template based request the role option is appearing:

The role selection is visible but the priority was update as we want.

Could you help me with this issue?

Thanks & Regards.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member204204
Active Participant
‎07-04-2014 1:05 PM
0 Kudos

HI,

This action can be restricted in Define request type. Select the account type for which you don't want the role tab to appear in the access request screen and remove the action assign objects from that then you will not see roles tab in the access request.

Regards,

Neeraj

Show replies
Show replies
Former Member
‎07-04-2014 1:26 PM
0 Kudos

Hi Neeraj,

Thank you for the explanation. I was thinking that this was the correct solution but this scenario is only to create the user. The user cannot select roles but the security team (who is responsible for processing the request) either.

We want to have the two options in the same request (user creation and role assignment). We want rhe user will not be able to select roles but the security team yes.

Is it possible this scenario?

Thanks & Regards.

former_member204204
Active Participant
‎07-04-2014 1:42 PM
0 Kudos

Hi,

Try assigning a new EUP form for Approvers in the stage settings in which you can give both the actions create and assign object and in the main request submission form select only create option.

Regards,

Neeraj

Former Member
‎07-04-2014 2:33 PM
0 Kudos

HI,

I have implemented your explained solution, but the Security Team is not able to assign roles.

I will detail the steps:

Create a new EUP (number 500):

Active Roles:

Select EUP 500 in Security Stage:

Then we active the MSMP and the security stage do not show the role option:

I do not know if this is possible. I will try to open a SAP Note.

Thanks and Best Regards.

former_member204479
Active Participant
‎07-05-2014 10:35 AM
0 Kudos

Hi Jose,

If this is a system / user wide requirement then probably you can handle this using security roles. Change the requestor role that you assign to GRC users for whom you want not to select roles. In the role's auth object GRAC_ROLEP remove ACTVT 78, assign. Try with this if it solves your issue.

EDIT: - Use this with the request type's actions both - create user and assign object. Also in the security stage's task settings you might want to select the "Path for reval of new role" to No revalidation(continue) option.

Thanks,

Sammukh

Message was edited by: Sammukh Gupta

Answers (0)

Ask a Question