04-21-2016 5:16 PM
Dear all,
I have defined some users which are requestors. So these users will create access requests.
Now, I would like to restrict the capability that the requestor modifies the Valid From / Valid To dates into the access request. The ones marked in red.
Is there any way to do it? I have checked this at EUP level, Authorization level and at MSMP level but I was not able able to find out.
Kind regards and thank you,
Sara.
04-21-2016 9:21 PM
Sara,
I did not see a way to accomplish this through security or through EUP settings. I ran a trace just to see what authorization objects showed up. GRAC_REQ does not offer granular enough options to restrict change to just the role validity dates; if you took away change access from your requestors, it appears that they would lose a lot more. Did you try taking away change access on that object?
Of course they say that with enough time and money for customization, anything is doable, but heavy customization is probably not the path you want to take. What is the rationale for this requirement?
Regards,
Gretchen
04-22-2016 2:38 AM
Hello Sara,
Check if this is happening only to business roles or all other roles?
Also, Go through these SAP Notes which might help you.
2119407 - UAM: Incorrect validity dates when business role is added in the simplified access request
2042631 - Validity Dates for Business Roles
1979538 - Simplified Access Request Role Validity Dates Validation Error messages
Check if this thread gives you some lead to solve your issue.
https://scn.sap.com/thread/3659245
Regards,
Deepak M