07-07-2015 2:24 PM
There are many user accounts in production whose network accounts have been deleted but their SAP accounts exist. This has eliminated the option of removing the associated business roles via GRC Access Request. Is there any way these hanging business roles can be removed from the user accounts that show up in User to Business role report?
07-07-2015 3:02 PM
Hello Shreya,
Go to NWBC>Role Maintainance
Open the Business role
Go to Users tab and select the users Then delete
This will works for your requirement
Regards
Baithi
07-23-2015 4:26 PM
I believe the official way is to create a "remove" request for the assigned business role from the user.
"Assigned Users" in the "Additional Details" sub area will only display who has the business role assigned and the validity dates.
If you have enabled the "Provisioning" methodology step in BRM, you would be able to set up background jobs to update the content assignment, i.e. new single role added to business role would also get propegated to the users who alreayd have the business role.
I don't think there is a "delete" option within the role maintenance screen for business roles (unless a nice update has been given in a new support pack).
07-24-2015 5:14 AM
Hi Shreya,
I would to like to add another observation, in relation to provisioning. i had initially assigned Business role to a user. And then later removed the technical role from backend. But, the business role still shows the user assignment under Assigned users tab.
So, i tried Update Assignment(under provisioning) as suggested by Harinam, but came across ABAP error, which will require a note/SP. So, could you try this Update , and see if this removes the 'Assigned users' list.
Hi Harinam,
By the background job, did you mean the 'Update Assignment' option. Also there are options Summary by user . Does this show the job created through 'Update Assignment
Regards
Plaban
07-24-2015 1:10 PM
07-24-2015 12:58 PM
Hi Shreya,
How to delete Business roles from users existing accounts.
1) Remove all single/composite roles from users who left organization
2)Make sure parameter 4019 to NO
3)Run full synchronization with connector.
4) BR will be removed automatically from user.
Thanks
Mohan
07-24-2015 1:13 PM
Mohana,
If someone has assigned a business role, it is 100% only possible to assign it via an Access Request.
Your solution of removing the technical roles manually defies the whole point of managing user access via the Business Role concept.
Whilst your solution does work, there is a very good chance of the Object Repository sync update causing more damage later on. GRC may still see the business role assigned to the user, as it was not removed via a proper "remove role" request.
Also worth pointing out, "Retain" action is not supported for Business Roles at the moment, making the purpose of the business role concept for GRC questionable.
07-26-2015 9:50 AM
Hi,
GRC will never show BR role assignments to users if some one followed my instructions.
We have tested this scenario and it is working fine and we are using this functionality.
I can confirm this only Sp18, not on earlier packs.
You no longer required to create a Access request to remove BR role from user if parameter 4019 to NO and remove all roles from satellite system.On top of it, there will not any inconsistencies will happen with this practice and it wont damage anything in system if you do not change anything directly in satellite system.
We can ask Shreya to test it on her Development system.
Please remember this functionality is working in GRC10 SP18.
Thanks
Mohan
04-28-2021 4:20 PM
This is again an issue in GRC 12 as parameter setting for 4019 = No not working since SAP updated the code.
Aaaaaaanysolution now for this same problem?
07-07-2021 12:28 AM