Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to remove Business roles from terminated user accounts?

Former Member

‎07-07-2015 2:24 PM

0 Kudos

There are many user accounts in production whose network accounts have been deleted but their SAP accounts exist. This has eliminated the option of removing the associated business roles via GRC Access Request. Is there any way these hanging business roles can be removed from the user accounts that show up in User to Business role report?

9 REPLIES 9

former_member197694
Active Contributor

‎07-07-2015 3:02 PM

0 Kudos

Hello Shreya,

Go to NWBC>Role Maintainance

Open the Business role

Go to Users tab and select the users  Then delete

This will works for your requirement

Regards

Baithi

Former Member

‎07-23-2015 4:26 PM

I believe the official way is to create a "remove" request for the assigned business role from the user.

"Assigned Users" in the "Additional Details" sub area will only display who has the business  role assigned and the validity dates.

If you have enabled the "Provisioning" methodology step in BRM, you would be able to set up background jobs to update the content assignment, i.e. new single role added to business role would also get propegated to the users who alreayd have the business role.

I don't think there is a "delete" option within the role maintenance screen for business roles (unless a nice update has been given in a new support pack).

Former Member

‎07-24-2015 5:14 AM

0 Kudos

Hi Shreya,

I would to like to add another observation, in relation to provisioning. i had initially assigned Business role to a user. And then later removed the technical role from backend. But, the business role still shows the user assignment under Assigned users tab.

So, i tried Update Assignment(under provisioning) as suggested by Harinam, but came across ABAP error, which will require a note/SP. So, could you  try this Update , and see if this removes the 'Assigned users' list.

Hi Harinam,

By the background job, did you mean the 'Update Assignment' option. Also there are options Summary by user . Does this show the job created through  'Update Assignment

Regards

Plaban

Former Member
In response to Former Member

‎07-24-2015 1:10 PM

0 Kudos

Hi,

refer to the blog i made a while ago in regards to getting the "Provisioning" step in BRM.

the background job updates existing business role assignments the GRC system recognises as virtue of having the Business role assigned via ARM (there is no other way).

Former Member

‎07-24-2015 12:58 PM

0 Kudos

Hi Shreya,

How to delete Business roles from users existing accounts.

1) Remove all single/composite roles from users who left organization

2)Make sure parameter 4019 to NO

3)Run full synchronization with connector.

4) BR will be removed automatically from user.

Thanks

Mohan

Former Member
In response to Former Member

‎07-24-2015 1:13 PM

0 Kudos

Mohana,

If someone has assigned a business role, it is 100% only possible to assign it via an Access Request.

Your solution of removing the technical roles manually defies the whole point of managing user access via the Business Role concept.

Whilst your solution does work, there is a very good chance of the Object Repository sync update causing more damage later on. GRC may still see the business role assigned to the user, as it was not removed via a proper "remove role" request.

Also worth pointing out, "Retain" action is not supported for Business Roles at the moment, making the purpose of the business role concept for GRC questionable.

Former Member
In response to Former Member

‎07-26-2015 9:50 AM

0 Kudos

Hi,

GRC will never show BR role assignments to users if some one followed my instructions.

We have tested this scenario and it is working fine  and we are using this functionality.

I can confirm this only Sp18, not on earlier packs.

You no longer required to create a Access request to remove BR role from user if parameter 4019 to NO and remove all roles from satellite system.On top of it, there will not any inconsistencies will happen with this practice and it wont damage anything in system if you do not change anything directly in satellite system.

We can ask Shreya to test it on her Development system.

Please remember this functionality is working in GRC10  SP18.

Thanks

Mohan

aryendradalal
Explorer

‎04-28-2021 4:20 PM

0 Kudos

This is again an issue in GRC 12 as parameter setting for 4019 = No not working since SAP updated the code.

Aaaaaaanysolution now for this same problem?

former_member757639
Member
In response to aryendradalal

‎07-07-2021 12:28 AM

Hi Aryendra,

Did you find an answer for this? We are also on GRC 12 and have been struggling with this very issue.

Thanks

Robert