cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Custom role for GRC RFC user & WF-BATCH

Former Member

on ‎02-11-2015 3:44 AM

Hi

My client is not okay with assigning SAP_ALL/ SAP_NEW profiles to the Non dialog users, hence i have run into an issue.

Has any one created a custom role to be assigned to the RFC user which connects between GRC & ECC system.

Also for WF-BATCH user id sitting in GRC box.

if you can share the role contents or the permissions of the role - then it would be of great help.

Raju

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎02-16-2015 1:03 PM

The Security Guide for GRC 10.0/1 is a good starting point (available on SAP support page), but you will realise over time that additional authorisations like S_LDAP will need to be added.

as Colleen suggests earlier on the thread, refinement will come over time by resolving any additional authorisation issues you personally experience via traces and troubleshooting etc.

Show replies
Show replies
Colleen
Advisor
Advisor
‎02-11-2015 6:16 AM
0 Kudos

sharing a role won't cover your requirements. It will come down to what you have implemented (which modules and what workflow and which connected systems).

You'll find it easier to run a trace for the user when you execute a workflow or run system/sync jobs to track it.

Great to hear no SAP_ALL is allowed Tedious to set up bet removes risk later on.

Regards

Colleen

Show replies
Show replies
Former Member
‎02-11-2015 7:45 AM
0 Kudos

Hi Colleen

we have the standard ARA, ARM, EAM modules in scope. would be great if the Auth objects were shared which needs to be built in the custom role.

I was thinking of reusing roles which has already been engineered for GRC in many other projects, which could help to speed up my implementation time.

Raju

Colleen
Advisor
Advisor
‎02-11-2015 12:58 PM
0 Kudos

Hi Kamaraju

That's a great idea for the community to share the roles.

Perhaps you could make an attempt to design and build them (use the suggestions I gave to get started) and then write a blog/document with the community. This could be your way to give back!

You might find a more receptive audience if you make and attempt and ask for assistance instead of asking for the answer

I get that someone providing the answer "speeds up your implementation time" but it comes across as "do my job for me".

Regards

Colleen

Ask a Question