cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC Business Role question

Go to solution
Former Member

on ‎01-09-2015 12:23 PM

0 Kudos

Hi all.

I have some questions regarding Business Roles and user relationship.

Lets imagine:


  • I have a Business role BR1 containing two single roles A and B
  • Now, i assign to a new user through the R/3 SU01 transaction roles A and B.


Questions are:

  • Is GRC aware that this user has assigned the Business Role BR1?
  • Is it possible to let to GRC know what is the mapping?


I have these question due i have assigned singles roles to users and i would like the requestors would be able to create requests to remove only Business Roles. However as the initial roles load was done diretly into R/3, GRC does not contain the relationship between user-business role.


Any solution?


Kind regards and thank you,


Sara.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎01-09-2015 4:01 PM
0 Kudos

Hi Sara,

I hope you are keeping well.


In summary, GRC only knows that a Business Role has been assigned to a user If it has been assigned from the GRC front end (i.e.via a Access Request). If you try to assign the individual roles directly in SU01 (i.e. trying to mimic a manual assignment of a business role), GRC will have no knowledge of this and treat it as a direct manual technical role assignment.

It may be a good idea to create an additional workflow request type and path with minimum/no approval stages to allow you to perform mass business role assignment updates for users via GRC. You can secure the access to this request by ensuring only system admins have the ability to execute and access the new request type.


Show replies
Show replies
Former Member
‎01-14-2015 11:36 AM
0 Kudos

Hi Harinam.

Is there a OSS note where SAP indicates this behaviour? Is there a SAP Idea for this topic? I would like to have something more "official" to show to my customers.

Kind regards and thank you.

Sara.

Former Member
‎01-14-2015 12:41 PM
0 Kudos

Hi Sara,

I don't think there is a OSS note available to describe this behaviour "officially" I am only going by the experience I have had in using the Business roles concept over the last 2 years or so.

After trying many different methods of using Business roles, either via BRM or by simply uploading the definitions via the import sheets, I have found that assignments of business roles is only recognised and managed by the GRC system itself. Unfortunately, it is not smart enough to tally up manually assigned roles in the back end as a Business Role composition.

the following Notes and articles of interest could help you conclude your findings confidently to be presented back to the customer:

Business Roles concept and usability in GRC AC10 - Governance, Risk and Compliance - SCN Wiki

The following entry (plus SAP note to support article) may make you realise the certain restrictions in using Business Roles. This is where I started to get slightly frustrated with the functionality.

http://service.sap.com/sap/support/notes/1981001


I believe for Business roles to be fully utilised and fully operational, they have to be assembled and assigned from Day 1 to all initial users in the landscape.


Or a retrofit exercise takes place where the business roles are assigned to existing users to replace their technical assigned roles (i.e. ones either done manually in back end or via ARM).

Answers (0)

Ask a Question