GRC Access Request Valid Dates restriction

Former Member · ‎04-21-2016

Dear all,

I have defined some users which are requestors. So these users will create access requests.

Now, I would like to restrict the capability that the requestor modifies the Valid From / Valid To dates into the access request. The ones marked in red.

Is there any way to do it? I have checked this at EUP level, Authorization level and at MSMP level but I was not able able to find out.

Kind regards and thank you,

Sara.

Former Member · ‎04-21-2016

Sara,

I did not see a way to accomplish this through security or through EUP settings. I ran a trace just to see what authorization objects showed up. GRAC_REQ does not offer granular enough options to restrict change to just the role validity dates; if you took away change access from your requestors, it appears that they would lose a lot more. Did you try taking away change access on that object?

Of course they say that with enough time and money for customization, anything is doable, but heavy customization is probably not the path you want to take. What is the rationale for this requirement?

Regards,

Gretchen

former_member185447 · ‎04-22-2016

Hello Sara,

Check if this is happening only to business roles or all other roles?

Also, Go through these SAP Notes which might help you.

2119407 - UAM: Incorrect validity dates when business role is added in the simplified access request

2042631 - Validity Dates for Business Roles

1979538 - Simplified Access Request Role Validity Dates Validation Error messages

Check if this thread gives you some lead to solve your issue.

https://scn.sap.com/thread/3659245

Regards,

Deepak M