cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC PC -You are not authorized to perform role assignment on Control

gaurav_234
Participant

on ‎06-19-2015 10:35 AM

0 Kudos

Hello Gurus,

I am trying to assign a user as control tester and reviewer for controls for a particular sub-process but I am getting an error "You are not authorized to perform role assignment on Control (GRFN_ENTITY_API036). We have assigned the below roles to the user who is performing the activity as per GRC PC Security guide. I also tried after assigning role SAP_GRC_SPC_SOX_ICMAN and SAP_GRC_SPC_REG_ORG_OWNER_1 but this is not working.

SAP_GRC_FN_BASE
SAP_GRC_FN_BUSINESS_USER
SAP_GRC_NWBC
SAP_GRC_SPC_CUSTOMIZING
SAP_GRC_SPC_SCHEDULER
SAP_GRC_SPC_SOX_CTL_OWNER

We have entity based authorizations for GRC PC, so we cannot use GRFN_USER object with ACTVT =02 as this gives access to all organizations. In SPRO --> GRC --> General Settings --> Authorizations --> Maintain Entity Role Assignment, the role SAP_GRC_SPC_SOX_CTL_OWNER is mainatined under ORGUNIT entity.

Please help with the possible resolution for this.

Thanks,

GV

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

javier_huerta2
Explorer
‎03-15-2016 6:05 PM
0 Kudos

Hello Gaurav,

Not sure if this has been solved already or not, however I can suggest you the following. The authorization values which you have mentioned are the appropriate ones

GRFN_API

ACTVT: 01, 02, 03

GRC_DATPAT: ROLES & ROLES_PC

GRC_ENTITY: ORGUNIT

GRC_SUBTYP: *

Make sure that these values are also maintained in the role which you're assigning in the front end. In your case I think you are using SAP_GRC_SPC_SOX_CTL_OWNER under ORGUNIT however if you haven't modified the values of the standard role you will notice that this role only contains 03 activity for GRC_ENTITY:ORGUNIT so probably that is the issue.

Probably you can create a custom role based on the standard one, add one new node with the values mentioned, maintain it under SPRO and do the front end assignment; that should do the trick

Regards

Show replies
Show replies
former_member197694
Active Contributor
‎06-19-2015 11:46 AM
0 Kudos

Hello Gaurav,

if you are using entity based authorizations,you should have access to authorization object

GRFN_API with activity as change, entity as ORGUNIT, sub entity as * and data part as ROLES or ROLES_PC.

ROLES is used for role assignment to shared entities such as controls

ROLES_PC is used for role assignment to PC entities such as sub process

You can check component of entities in table GRFNENTITY

i hope this will resolve your issue.

Regards

Baithi

Show replies
Show replies
gaurav_234
Participant
‎06-19-2015 3:55 PM
0 Kudos

Hi Baithi,

The user was already assigned the below values for the object GRFN_API but it is not working.

Activity                       01, 02, 03

Data Part                    ROLES, ROLES_PC

Authorization Entity     ORGUNIT                                                             

Subentity                      *

Thanks,

GV

former_member197694
Active Contributor
‎06-19-2015 4:19 PM
0 Kudos

Hello Gaurav,

Double check the configuration settings and mapping at entity level assignment

if you thinks everything is fine

Then try with trace to find out user missing access

Regards

Baithi

gaurav_234
Participant
‎06-19-2015 5:24 PM
0 Kudos

Hi Baithi,

Trace shows nothing more than GRFN_USER. Activity values 16, 10 and 58 have been assigned to the user for this object (since the user is not power user).

Everything from config perspective also seems fine.

Thanks,

GV

Former Member
‎11-02-2015 6:51 PM
0 Kudos

Hi Gaurav, how are you?

I am having the same problem, how did you solve it?

Thank you!

Regards!

singhsmi
Advisor
Advisor
‎03-17-2016 11:45 AM
0 Kudos

Hi Gaurav,

Make sure the  role which you are using for the user who wants to edit roles on Control should be assigned on Orgunit level.

Regards,

Smita.

Ask a Question