cancel
Showing results for 
Search instead for 
Did you mean: 

BRF+: Need to use User Group for Authorization Check in Decision Table

Former Member
0 Kudos


Dear GRC Experts,

in SU01 of plug-in system we are using the User Group for Authorization Check under SU01 Log on data also to define the assignment of the SAP IDs to e.g. countries/departments rather than attributes SU01 company address or SU01 User Group tab.

So in GRC access requests we need to define the User Group for Authorization Check in tab User System Details as a mandatory field.

Because of this we are required to use the User Group for Authorization Check in BRF+ decision table to define the rule result values per company/department.

Does anybody know how to include the User Group for Authorization Check as a Condition Column into the BRF+ Decision table?

Thanks and best regards,

Markus

Accepted Solutions (1)

Accepted Solutions (1)

madhusap
Active Contributor
0 Kudos

Hi Markus,

If I have understood correctly your requirement is, User Group will be mentioned under System details during access request creation.

Based on the User Group mentioned in the access request, you need to retrieve the User group and you need to define the conditions in your decision table. User Group field is available both in Header and Item structure in BRF+

So, what kind of conditions you will define in BRF+ based on User Group? Can you provide more details on this so that it will be easy to assist you.

Regards,

Madhu.

Former Member
0 Kudos


Dear Madhu,

thanks for your reply.

The User Group in the header structure refers to SU01 User Group field USERGROUP but the User Group for Authorization Check we are using refers to field CLASS.

This field relates to user group under user system details tabs and is different to user group under tab user group. It is not part of the standard header structure.

Thanks and regards,

Markus

madhusap
Active Contributor
0 Kudos

Hi Markus,

I saw a discussion today in the forum. Please check below link this may help.

Regards,

Madhu.

Former Member
0 Kudos

Hi Madhu,

thanks for your help!

Regards,

Markus

Former Member
0 Kudos

HI Markus,

In the table settings for the "Decision table" expression in the BRF+ rule, add the "User Group" object from the "GRAC_S_REQUEST_RULE_LINE" structure to your condition column.

This is the SU01 usergroup you want to utilise based on the entries within "User System Details" tab in the Request screen.

See the screenshots below from BRF+

the one you require to select is highlighted

Hope that makes things clear for you

Former Member
0 Kudos

Hi Hari,

we do not have the user group under GRAC_S_REQUEST_RULE_LINE but only under GRAC_S_REQUEST_RULE_HEADER which relates to the user group maintained in tab user group but not in user system details.

Regards,

Markus

madhusap
Active Contributor
0 Kudos

Hi Markus,

Please scroll down GRAC_S_REQUEST_RULE_LINE" structure and expand it, you can find User Group object.

Regards,

Madhu.

Former Member
0 Kudos

Hi Madhu,

thanks but we do not have the user group under GRAC_S_REQUEST_RULE_LINE.

We are on GRC 10 SP12 - is this parameter in a later SP?

Thanks and regards,

Markus

madhusap
Active Contributor
0 Kudos

Hi Markus,

User Group object will be in the last line in the structure GRAC_S_REQUEST_RULE_LINE. Scroll up to end and check.

Regards,

Madhu.

Former Member
0 Kudos

HI Markus,

You need to ensure you created your BRF+ Agent rule as a Flat line (Line Item by Line Item rule). This will enable you to get the Line Items structure in your Agent rule and allow you to select attributes in relation to line items (such as Roles as well as Systems i.e. the User Groups)

Hope that helps

santosh_krishnan2
Participant
0 Kudos

Hi Madhu,

Quick question - outside of the BRF+, where is the user group being taken from?  I need it to be taken from the data source that's been configured. 

Instead, it's being taken from the systems associated with the roles that are selected. 

Where might I set it to pick the user group supplied by the data source?

Santosh

Answers (0)