cancel
Showing results for 
Search instead for 
Did you mean: 

How to assign roles to ECC from GRC

Former Member
0 Kudos

Hello Everyone,

I am completely new to GRC and we have got a new request and here are the details,

We are on GRC 10.0 and there was some kind of a mass role update done on our GRC production system which has removed a role for a group of users in ECC PRD.

So, If I need to add that role back to the user how do I do it from GRC? I know it can be done directly from ECC PRD, but I have heard from clients that it should not be done directly on ECC.

So Please help me out with any suggestions/solutions.

Regards,

Nikil

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Thank you for your response Faizal and Madhu. And thanks for making me understand the process.

Is there a way to directly assign the role without sending it to approver? Also, What happens after the role is approved? How is it assigned to users in GRC?

Regards,

Nikilesh

madhusap
Active Contributor
0 Kudos

Hi Nikilesh,

Once the request is approved roles will be auto provisioned to the user in target system. This depends on your provisioning settings.

Anyways since you are new to GRC, I can suggest you to go through different links, blogs and documents available in SCN to understand the functionality and I also suggest to go for GRC 300 training to understand the module better and if possible practice in your sandbox for learning.

If you are directly assigning the roles with out any approvals then there is no compliance being followed and GRC is a security and SOD audit tool to make sure that there is proper audit trial and system is risk free.during all user and role changes.

Regards,

Madhu.

Former Member
0 Kudos

Hi Madhu,

As you said i do need to go through documents on GRC security and I will do that.


But, my question is, is it possible to push a role from GRC to ECC without going through approval? I am trying this scenario on our Sandbox server just to make sure it works.


Thanks in advance.

Regards,

Nikilesh

madhusap
Active Contributor
0 Kudos

Hi Nikilesh,

It works, just create a path with no stages. Route your access request for which you don't need approvals based on request type to this path. Then once u submit the request it goes to that path and since no stages, it gets auto approved.

Regards,

Madhu.

Former Member
0 Kudos

Thanks for your reply Madhu.

Now, how do I achieve that? Can you share any documents or link for it?

Regards,

Nikilesh

Former Member
0 Kudos

Hi Nikilesh,

     PFB the Documents which would help you understand the concepts in SAP GRC.

Second and the third link will give u information about MSMP workflow where you can design the workflow which Madhu is talking about.

Let us know if you need anything.

Regards,

Fazil

Former Member
0 Kudos

Thank you so much Fazil and Madhu. I will go through these links and may be get a little better in GRC

Thanks again.

Regards,

Nikilesh

Answers (2)

Answers (2)

Former Member
0 Kudos

Hi Nikilesh,

    Go to NWBC Page --> Access Management --> Access Request Creation -->Access Request. PFB the screen.

In the new screen that opens, select 'Multiple' under Request For and select the Business Process and the mandatory fields that appear. And add the users below as shown.

After this go to User Access and click on Add->Role. You will see a search pop up. Search for the Role by giving the correct search criteria and add the role. Once this is done, review and submit. Ask the appropriate approvers to approve the same. But make sure that the role is imported before you search it here. Let us know if you face any difficulty.

Regards,

Fazil

madhusap
Active Contributor
0 Kudos

Hi Nikilesh,

If it is the same role which is removed from all users then you can use Request For "MULTIPLE" option and can raise grc requests which goes for approvals based on your workflow paths and once approved user roles will be restored back.

You can check lot of discussions and blogs in this space to understand more about MULTIPLE request type for users.

Regards,

Madhu.

Former Member
0 Kudos

This message was moderated.