on 11-12-2015 1:46 PM
Hello experts!
No hope to find the reason by my own, so I would like to ask you to help me a bit.
I'm configuring user screens in nwbc and I'm trying to make visible "Approver Delegation" link in "My delegation" section.
Like here
I see that Menu Item ID 0GRACCUPDELEGATN contains two authorization objects:
0GRACCUPDELEGATN 1 GRAC_REP ACTVT 16
0GRACCUPDELEGATN 2 GRAC_REP GRAC_REPID GRAC_CUP_DELGATN_RPT
I provide a user with such permissions, role contains
But user is not able to see mentioned link.
Only if I assign SAP_ALL to a user the link is showed.
Trace didn't show any related to the link objects.
I've tried to find notes and discussions but nothing useful was not found.
Could anyone give me a clue where the problem can be?
Regards,
Artem
System level:
SAP_BASIS 702 0017 SAPKB70217 SAP Basis Component
SAP_ABA 702 0017 SAPKA70217 Cross-Application Component
PI_BASIS 702 0017 SAPK-70217INPIBASIS Basis Plug-In
ST-PI 2008_1_700 0012 SAPKITLRDL SAP Solution Tools Plug-In
SAP_BW 702 0017 SAPKW70217 SAP Business Warehouse
GRCFND_A V1000 0020 SAPK-V1020INGRCFNDA GRC Foundation ABAP
ST-A/PI 01Q_700 0002 SAPKITAB7L Servicetools for other App./Netweaver 04
you need to have GRAC_REQ with activitiy 03. Then try again.
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Artem,
I cannot speak to your particular issue, but I can tell you that security in GRC Access Control is quite "quirky" and has a lot of room for improvement. When we applied SP19 we had to give our request submitters and role approvers ACTVT=78 (Assign) for GRAC_SYS just so that they could continue to do Search Requests. When I asked SAP about it, they said that they thought that only GRC admins would be doing searches. Wrong! So the authorization requirements are not always logical to us out in the real world.
Good luck,
Gretchen
Hi Gretchen,
Thank you for your sharing.
I think situations like yours and mine are not normal, so I would like to know whether you requested an improvement using customer message or idea place.
If you did use one of the option I could walk through the same procedure to put my two cents in.
Let's make GRC better together!
Regards,
Artem
Artem,
I already *do* work together with other customers to improve Access Control, via participating in the three Customer Connection projects on Access Control 10.x since 2012, which I have mentioned here on SCN from time to time and I presented on at TechEd just last month. The 2015 project is, unfortunately well past the improvement idea collection phase; my own security complaint was discovered after that phase closed, so it will probably wait for the next such project or ASUG Influence Council, whichever comes first. There is often so much noise in Idea Place that it can be difficult for improvement ideas to get enough traction; the improvement ideas suggested in Customer Connection projects and user group influence councils have a better chance of being developed and delivered.
Regards,
Gretchen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.