cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User Access review

Go to solution
Former Member

on ‎07-13-2015 4:42 PM

0 Kudos

Hi All,

Can you kindly help me to understand the purpose/details of the below points to implement UAR?

1.Risk and Compliance > Access Control > User Provisioning > Define Request Type Customizing activity.

What is the purpose?do we have to assign any action to the request type?If yes,then which actions are recommended?

Why a request type is needed to be created?

2.Governance, Risk and Compliance > Access Control > User Provisioning > Maintain Priority Configuration Customizing activity.

Where it is useful in whole process?

3.Governance, Risk and Compliance > Access Control > User Provisioning > Maintain Review Rejection Reasons for Provisioning Requests Customizing activity.

Any example what we can maintain here?

4.Create a new Service Level Agreement using SAP_GRAC_USER_ACCESS_REVIEW as the Process ID.

What is the purpose of this?

5.Run the Update UAR workflow job to generate the UAR requests

What is the purpose of this JOB?At which step this should be run?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-21-2015 4:57 AM
0 Kudos

We had to implement SAP note to resolve the issue.

Thanks a lot for all your help and support.

Show replies
Show replies

Answers (1)

Answers (1)

alessandr0
Active Contributor
‎07-13-2015 5:16 PM
0 Kudos

Dear Somik,

regarding your questions:

1. required for the requests to be created. SAP delivers reqtype 011 with action retain.

2. This is used to classify the requests dependend on their priority. I have seen such set ups in environments where you run UAR for productive system and also others (development, test, quality, etc.). Different landscapes used different priorities.

3. Rejection reason: e.g. "User does not belong to me", "User account is not required any longer", etc.

4. SLAs are used as a management instrument to report the UAR (it also helps to identify long runners, etc.).

5. Failed to search.

Please check:

User Access Review(UAR) Workflow Configuration and Description - Governance, Risk and Compliance - S...

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/30e75a9f-c9b9-2e10-0287-efb0e08c0...

Regards,

Alessandro

Show replies
Show replies
Former Member
‎07-14-2015 4:48 AM
0 Kudos

Thanks as always.

1.I had seen 010 is present in my system w/out any action attached.

Any other action to be added except RETAIN.

Why a request type is needed to be created for UAR?

Once I understand the above question I may be able to add proper actions.

5.I still need to understand the purpose and timing for the JOB before I run it

What exactly this does and if it's needed to be scheduled on periodic basis?

I had read that link and the document which indeed was the reason of my questions.

I am still trying to understand if that the JOB creates all UAR requests and sends to review/approve?

Then again why a request type needs to be there with actions?

I am a bit confused till now and had not seen a clear step by step guide to implement UAR.

alessandr0
Active Contributor
‎07-14-2015 6:30 AM
0 Kudos

Hi Somik,

each request requires a request type. Therefore it is recommended to create a dedicated req type for UAR requests. Within the request types you can define which action should be executed. Also request types are used within BRF+ and in BRF+ they can be routed differently based on your requirements.

The update job starts the UAR requests if they are in admin review which can be set (parameter 2007). Admin review gives the admin the opportunity to review and validate the requests before they are sent out (with the update job).

Generally you need to decide whether you plan an admin review prior to sending out the workflows. Personally I recommend to validate the requests before sending. Therefore set parameter 2007 (Admin review) to YES. After that you first need to generate the data for UAR, then review them as admin, after that send out the workflows with the update job.

Hope this helps.

Regards,

Alessandro

Former Member
‎07-14-2015 3:37 PM
0 Kudos

Thanks again.

I may sound stupid, but I am still not clear about the purpose of having a request type here and how that works for UAR purpose?

If you can kindly advise with a scenario.

Former Member
‎07-14-2015 4:42 PM
0 Kudos

Hi Somik,

Every request has has to have a type. So, even if it is auto-generated, it will have a type. This facilitates, in selecting action(s), that needs to be taken, on UAR requests.

I think, you would have understood UAR, by the explanation given by Alessandro.

Regards

Plaban

Former Member
‎07-15-2015 8:19 AM
0 Kudos

Hi Plaban,

I am trying to understand the exact purpose of this request type.

If we submit a access it's always goes through the manager and role owner review, then what is the extra advantage I gain with this UAR request?

Former Member
‎07-15-2015 8:58 AM
0 Kudos

Hi Somik,

you can customize the actions that you might want to take on UAR request. So, first you create a Request type. Then assign it to actions, as required. Then map this request type to UAR option in Maintain Configuration settings

So, customization of Actions justifies the request type availability for UAR

regards

Plaban

Former Member
‎07-15-2015 10:36 AM
0 Kudos

Hi Plaban,

I did, now I am unable to to see UAR request type in Request review Section

Former Member
‎07-15-2015 1:48 PM
0 Kudos

I am unable to create background job and assigned all possible roles to my id.

alessandr0
Active Contributor
‎07-16-2015 8:40 AM
0 Kudos

Somik,

please read the UAR guide which outlines the tasks to be performed step by step. Background job can be scheduled in "Background Scheduler".

Regards,

Alessandro

Former Member
‎07-16-2015 8:51 AM
0 Kudos

i did and as you can see that I don't have the rights in BG scheduler.

The options is disabled.

I have all the necessary roles in my Id.

alessandr0
Active Contributor
‎07-16-2015 9:13 AM
0 Kudos

Then you are missing authorization for object GRAC_BGJOB. Add activity 01.

Regards,

Alessandro

Former Member
‎07-16-2015 9:38 AM
0 Kudos

As I said I have the required roles and auths, but not working.

Ask a Question