on 06-19-2015 10:35 AM
Hello Gurus,
I am trying to assign a user as control tester and reviewer for controls for a particular sub-process but I am getting an error "You are not authorized to perform role assignment on Control (GRFN_ENTITY_API036). We have assigned the below roles to the user who is performing the activity as per GRC PC Security guide. I also tried after assigning role SAP_GRC_SPC_SOX_ICMAN and SAP_GRC_SPC_REG_ORG_OWNER_1 but this is not working.
SAP_GRC_FN_BASE |
SAP_GRC_FN_BUSINESS_USER |
SAP_GRC_NWBC |
SAP_GRC_SPC_CUSTOMIZING |
SAP_GRC_SPC_SCHEDULER |
SAP_GRC_SPC_SOX_CTL_OWNER |
We have entity based authorizations for GRC PC, so we cannot use GRFN_USER object with ACTVT =02 as this gives access to all organizations. In SPRO --> GRC --> General Settings --> Authorizations --> Maintain Entity Role Assignment, the role SAP_GRC_SPC_SOX_CTL_OWNER is mainatined under ORGUNIT entity.
Please help with the possible resolution for this.
Thanks,
GV
Hello Gaurav,
Not sure if this has been solved already or not, however I can suggest you the following. The authorization values which you have mentioned are the appropriate ones
GRFN_API
ACTVT: 01, 02, 03
GRC_DATPAT: ROLES & ROLES_PC
GRC_ENTITY: ORGUNIT
GRC_SUBTYP: *
Make sure that these values are also maintained in the role which you're assigning in the front end. In your case I think you are using SAP_GRC_SPC_SOX_CTL_OWNER under ORGUNIT however if you haven't modified the values of the standard role you will notice that this role only contains 03 activity for GRC_ENTITY:ORGUNIT so probably that is the issue.
Probably you can create a custom role based on the standard one, add one new node with the values mentioned, maintain it under SPRO and do the front end assignment; that should do the trick
Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Gaurav,
if you are using entity based authorizations,you should have access to authorization object
GRFN_API with activity as change, entity as ORGUNIT, sub entity as * and data part as ROLES or ROLES_PC.
ROLES is used for role assignment to shared entities such as controls
ROLES_PC is used for role assignment to PC entities such as sub process
You can check component of entities in table GRFNENTITY
i hope this will resolve your issue.
Regards
Baithi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.