on 03-07-2016 4:07 PM
We need to restrict our ARA end user roles by connector group however I have been unable to find a GRC delivered object that allows this restriction. GRFN_CONN allows restriction by connector but not connector group.
Does anyone know if restriction by connector group is possible and if so, how?
Thank you!
Jane Landreth
Hello,
Yes,the authorization object GRAC_ROLED is to restrict the role with respect of connector group only,
I dont think we have any other authorization objects with field GRAC_LDSCP (Connector Group) to restrict create/updatem of risk and functions in GRC
As a work aroung you can create custom authorization objects by copying GRAC_RISK,GRAC_FUNC and include the field GRAC_LDSCP (Connector Group)
Regards
Baithi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Jane,
The authorization object GRAC_ROLED has the field GRAC_LDSCP (Connector Group).
You can check it in the Security Guide: http://service.sap.com/~sapidb/011000358700000596352013E
Best Regards,
Zoltan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi, Zoltan. Thank you for your quick response. I looked up the GRAC_ROLED definition in the Security Guide (thanks for sending the link!) and found that the description of the object is:
"This object allows you to enforce authorizations for accessing roles during role definition."
The object appears to be used in the role build process. What I am looking for is the ability to restrict ARA users to be able to update Functions and Risks for their own connector group. I don't think this object will do that.
Thank you,
Jane
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.