- SAP Community
- Products and Technology
- Additional Q&A
- GRC 10.0 (SP21) ARA - need to restrict end user ro...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
GRC 10.0 (SP21) ARA - need to restrict end user role by connector group
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 03-07-2016 4:07 PM
We need to restrict our ARA end user roles by connector group however I have been unable to find a GRC delivered object that allows this restriction. GRFN_CONN allows restriction by connector but not connector group.
Does anyone know if restriction by connector group is possible and if so, how?
Thank you!
Jane Landreth
Accepted Solutions (0)
Answers (2)
Answers (2)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello,
Yes,the authorization object GRAC_ROLED is to restrict the role with respect of connector group only,
I dont think we have any other authorization objects with field GRAC_LDSCP (Connector Group) to restrict create/updatem of risk and functions in GRC
As a work aroung you can create custom authorization objects by copying GRAC_RISK,GRAC_FUNC and include the field GRAC_LDSCP (Connector Group)
Regards
Baithi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Jane,
The authorization object GRAC_ROLED has the field GRAC_LDSCP (Connector Group).
You can check it in the Security Guide: http://service.sap.com/~sapidb/011000358700000596352013E
Best Regards,
Zoltan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi, Zoltan. Thank you for your quick response. I looked up the GRAC_ROLED definition in the Security Guide (thanks for sending the link!) and found that the description of the object is:
"This object allows you to enforce authorizations for accessing roles during role definition."
The object appears to be used in the role build process. What I am looking for is the ability to restrict ARA users to be able to update Functions and Risks for their own connector group. I don't think this object will do that.
Thank you,
Jane
- Restriction on number of consolidation units in SAP Group Reporting Public Cloud edition. in Enterprise Resource Planning Q&A
- Managing PFAS with SAP: Regulations and Business Challenges in Product Lifecycle Management Blogs by Members
- Is it possible to restrict which Business Role is assignable to a Business User? in Enterprise Resource Planning Q&A
- It has never been easier to print from SAP with Microsoft Universal Print in Technology Blogs by Members
- Consuming SAP with SAP Build Apps - Connectivity options for low-code development - part 2 in Technology Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.