cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User Access Review Workflow - GRC 10.1, SP 8

former_member1005
Explorer

on ‎03-15-2016 5:31 PM

0 Kudos

Hello All,


UAR generated data also contains the roles which are not assigned to users directly(roles are assigned to users thorough some composite roles also).

BG: We have some single roles that are assigned directly to users and same single role is assigned to a different users via  composite role as well.

when we generate the data, UAR request has the complete list of users that the single role is assigned with(Direct and In-direct).


Ideally the UAR request should only contain the line items which are directly assigned right?

Could anyone please let me know if you ever had this issue and solved?

Please Suggest.

We are on GRC 10.1 and SP 8.

PS: i have tried to implement 1970118 - UAM : Expired and locked Users and indirect role assignment, and this cannot be implemented as well in our system.

Thanks

Rajeev Varma

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

alessandr0
Active Contributor
‎03-17-2016 7:09 AM
0 Kudos

HI Rajeev,

try and check note http://service.sap.com/sap/support/notes/2096567

It's highly appreciated to search the SAP support portal prior to asking here on SCN.

Keep us posted if that helps to solve the issue.

Regards,

Alessandro

Show replies
Show replies
former_member1005
Explorer
‎03-17-2016 3:37 PM
0 Kudos

Hi Alessandro,

i have already implemented this note, but no luck.

Issue is : - Lets Say, If Single Role "A" is assigned to User "X" directly and to User "Y" indirectly(assigned via composite role).

and

If i generate the the UAR data for Role A, UAR request shows the details of both the users for that role i.e., user X and user Y.

My question is this the case in general?

because, if the reviewer select both the users for "remove action", only role is removed from user X and not from Y as the role is not assigned to user Y directly.

My belief is for Role A, uar request should contain only one line item i.e., user X.

Am i understanding correctly? Please suggest

Thanks

Rajeev Varma

plaban_sahoo6
Contributor
‎03-18-2016 5:42 AM
0 Kudos

Hi Rajeev,

UAR is showing correct data, as role is assigned directly or via composite role. Removal for user Y is also behaving correctly, as composite roles can only be removed for this user. It would behave the same, through SU01, as well.

Regards

Plaban

Former Member
‎03-17-2016 4:41 AM
0 Kudos

Try the snote 1910670 -   UAR Request shows indirect roles and wrong usage count

Show replies
Show replies
former_member1005
Explorer
‎03-17-2016 3:44 PM
0 Kudos

Hi Thye,

Thanks for the response, i have checked all the details as per the note, but no luck.

Thanks

Ask a Question