cancel
Showing results for 
Search instead for 
Did you mean: 

Restrict User Role Selection

Former Member
0 Kudos

Hi Experts,

I´m currently trying to restrict the roles that a GRC user can select to create the request. After some research, I came across the function provisioning object GRAC_ROLEP.

I know it is possible to restrict by Process (GRAC_BPROC) but, due to project requirements I would like to restrict by subprocess, so that the user only see the functions mapped to a specific subprocess.

Is this possible? Is there any object or element for this restriction?

Thank you.

Accepted Solutions (0)

Answers (2)

Answers (2)

Colleen
Advisor
Advisor

Are you planning on doing this for the End User ARQ or other request (where named users have accounts). If for end user, remember that all users will get the same restrictions as the service user gets the access.

If you want to limit which roles are in scope can exclude some roles in BRM by making them not-productive. This would mean no one can request them via GRC. It might be better to put those roles in a dummy business process area that aren't being used instead and then using the objects.

javier_huerta2
Explorer
0 Kudos

Hello Vasco,

Seems like there isn't any specific fields in terms of authorizations for sub process; GRAC_BPROC looks like the closest one available for your requirement, however as you mentioned GRAC_ROLEP seems like a good option, this authorization object also contains some additional fields which you can probably use in combination in order to achieve your requirement.

For example you can use GRAC_BPROC along with GRAC_ROLE(Role Name) fields in order to define the specific roles within the business process that they should only be having access.

Also I'm not sure if you have explored the option of using 2033 & 2034 parameters in the SPRO configuration(Restrict on Business Process/Functional Area).

Regards

Javier