- SAP Community
- Products and Technology
- Additional Q&A
- Access Control View All Role
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Access Control View All Role
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 07-07-2008 9:06 AM
Hello Experts,
We are currently implementing GRC Compliant User Provisioning for the client. Apart from the configuration team with role AEAdmin, we have few client experts to look into the sandox system and understand the cnfiguration we made is as per the requirement.
In doing so, they tend to modify some or other configuration at times knowingly/ unknowingly which lead us to longer debugging time.
Is there a way I can create a UME role with only View Configuration Action to avoid such circumstances.
Thanks
Rashmi
Accepted Solutions (0)
Answers (4)
Answers (4)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Rashmi,
1- Assign following actions to Role:-
ViewReject
ViewHold
ViewCopyRequest
ViewCreateRequest
ViewSearchRequestAll
ViewRequstAuditTrail
ViewForwardRequest
ViewReRoute
ViewAccessEnforcer
ViewSelectPDProfiles
ViewMitigation
ViewRiskAnalysis
ViewSelectRoles
ViewReaffirms
ViewRiskAnalysis
ViewSelectRoles
ViewReaffirms
ViewApprove
ViewApproverDelegation
Using this action You can saw following Tabs in Access Enforcer
1- Access Enforcer
-Requests For Approval
-Create Request
- Search Requests
-Requests On Hold
-Approver Delegation
-Copy Request
-Search Request Audit Trail
-Role Reaffirms
2-Informer Tab
-Services Level For Requests
-Conflicts And Mitigations
-Request By Roles And Role Owners
-List Roles And Owners
-Requests By PD/Structural Profiles
3-Configuration Tab
-Monitoring
-System Log
-Application log
- Upgrade
Rest of the Tabs in Configuration is running along with Modify action in AE5.2.
2- Some new actions are added by SAP GRC RND Team In Compliant User Provisioning 5.3( Access Enforcer 5.3) for only view the Initiators,Stages,Path,Connectors,Provisioning,HR Trigger,Userdefaults Etc.
In AE 5.3 independent View and Modify actions are available
for each tab like for initiators ,Connectors Ect, But this type of provision is not available in AE 5.2.
Regards,
Jagat
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Thanks for the response Ankur.
I want to limit the access of the user with View only to all the configurational data. Assigning Modify* Actions will let them editing the workflows, initiators etc.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Rashmi-
Yes, you can.
Create an ID with the action, ViewConfiguration and you can control their actions within the tab by assigning any of these actions:
ModifyRequestConfiguration
ModifyMitigationConfiguration
ModifyRiskAnalysisConfiguration ModifyServiceLevelConfiguration ModifyCustomFieldsConfiguration
ModifyWorkflowConfiguration
ModifyProvisioningConfiguration
ModifyApproversConfiguration
ModifyReaffirmsConfiguration
ModifyChangeLogConfiguration
ModifySearchChangeLog
ModifyNumberRangeConfiguration
Configuration
ModifySupportConfiguration
ModifyConnectorsConfiguration
ModifyAuthenticationConfiguration
ModifyBackgroundJobsConfiguration
ModifyRolesConfiguration
ModifyAttributeConfiguration
ModifyHRTriggersConfiguration ModifyUserDefaultsConfiguration
ModifyInitialSystemDataConfiguration
ModifyAttachmentFolder
ViewConfigSystemLogAction
ViewConfigApplicationLogAction ModifyConfigLDAPMappingAction
Ankur
GRC Consultant
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Supporting Multiple API Gateways with SAP API Management – using Azure API Management as example in Technology Blogs by SAP
- SAP Sustainability for Financial Services - Portfolio and Solutions in Financial Management Blogs by SAP
- SAP Cloud ALM and Identity Authentication Service (IAS) in Technology Blogs by SAP
- Jumpstart your cloud ERP journey with guided enablement in RISE with SAP Methodology in Enterprise Resource Planning Blogs by SAP
- Configuring SAP CI/CD pipeline for Deploying ReactJS application in Cloud Foundry in Technology Q&A
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.