https://community.sap.com/t5/application-development-and-automation-discussions/grc-access-request-valid-dates-restriction/m-p/11627718#M1942167 <HTML><HEAD></HEAD><BODY><P>Sara,</P><P>I did not see&nbsp; a way to accomplish this through security or through EUP settings. I ran a trace just to see what authorization objects showed up. GRAC_REQ does not offer granular enough options to restrict change to just the role validity dates; if you took away change access from your requestors, it appears that they would lose a lot more. Did you try taking away change access on that object?</P><P></P><P>Of course they say that with enough time and money for customization, anything is doable, but heavy customization is probably not the path you want to take. What is the rationale for this requirement?&nbsp;&nbsp; </P><P></P><P>Regards,</P><P>Gretchen</P></BODY></HTML> Thu, 21 Apr 2016 20:21:20 GMT Former Member 2016-04-21T20:21:20Z https://community.sap.com/t5/application-development-and-automation-discussions/grc-access-request-valid-dates-restriction/m-p/11627717#M1942166 <HTML><HEAD></HEAD><BODY><P>Dear all,</P><P></P><P>I have defined some users which are requestors. So these users will create access requests.</P><P></P><P><SPAN style="font-size: 13.3333px;">Now, I would like to restrict the capability that the requestor modifies the Valid From / Valid To dates into the access request. The ones marked in red.</SPAN></P><P><SPAN style="font-size: 13.3333px;"><BR /></SPAN></P><P><SPAN style="font-size: 13.3333px;"><IMG class="migrated-image" src="https://community.sap.com/legacyfs/online/storage/attachments/storage/7/jiveimages/935747" /><BR /></SPAN></P><P><SPAN style="font-size: 13.3333px;"><BR /></SPAN></P><P><SPAN style="font-size: 13.3333px;">Is there any way to do it? I have checked this at EUP level, Authorization level and at MSMP level but I was not able able to find out.<BR /></SPAN></P><P></P><P>Kind regards and thank you,</P><P><BR />Sara.</P></BODY></HTML> Thu, 21 Apr 2016 16:16:34 GMT https://community.sap.com/t5/application-development-and-automation-discussions/grc-access-request-valid-dates-restriction/m-p/11627717#M1942166 Former Member 2016-04-21T16:16:34Z https://community.sap.com/t5/application-development-and-automation-discussions/grc-access-request-valid-dates-restriction/m-p/11627718#M1942167 <HTML><HEAD></HEAD><BODY><P>Sara,</P><P>I did not see&nbsp; a way to accomplish this through security or through EUP settings. I ran a trace just to see what authorization objects showed up. GRAC_REQ does not offer granular enough options to restrict change to just the role validity dates; if you took away change access from your requestors, it appears that they would lose a lot more. Did you try taking away change access on that object?</P><P></P><P>Of course they say that with enough time and money for customization, anything is doable, but heavy customization is probably not the path you want to take. What is the rationale for this requirement?&nbsp;&nbsp; </P><P></P><P>Regards,</P><P>Gretchen</P></BODY></HTML> Thu, 21 Apr 2016 20:21:20 GMT https://community.sap.com/t5/application-development-and-automation-discussions/grc-access-request-valid-dates-restriction/m-p/11627718#M1942167 Former Member 2016-04-21T20:21:20Z https://community.sap.com/t5/application-development-and-automation-discussions/grc-access-request-valid-dates-restriction/m-p/11627719#M1942168 <HTML><HEAD></HEAD><BODY><P style="font-size: 12px; color: #333333; background: #ffffff;"><SPAN style="font-weight: inherit; font-style: inherit; font-family: calibri, verdana, arial, sans-serif; background: transparent;">Hello Sara,</SPAN></P><P></P><P></P><P style="font-size: 12px; color: #333333; background: #ffffff;"><SPAN style="font-weight: inherit; font-style: inherit; font-family: calibri, verdana, arial, sans-serif; background: transparent;"><STRONG style="font-style: inherit; font-family: inherit; background: transparent;">Check if this is happening only to business roles or all other roles?</STRONG></SPAN></P><P></P><P style="font-size: 12px; color: #333333; background: #ffffff;"><SPAN style="font-weight: inherit; font-style: inherit; font-family: calibri, verdana, arial, sans-serif; background: transparent;">Also, Go through these SAP Notes which might help you.</SPAN></P><P></P><P style="font-size: 12px; color: #333333; background: #ffffff;"><SPAN class="title" style="font-weight: inherit; font-style: inherit; font-family: calibri, verdana, arial, sans-serif; background: transparent;"><STRONG style="font-style: inherit; font-family: inherit; background: transparent;">2119407 - UAM: Incorrect validity dates when business role is added in the simplified access request</STRONG></SPAN></P><P style="font-size: 12px; color: #333333; background: #ffffff;"><STRONG style="font-style: inherit; font-family: inherit; background: transparent;"><SPAN class="title" style="font-weight: inherit; font-style: inherit; font-family: calibri, verdana, arial, sans-serif; background: transparent;"><BR /></SPAN></STRONG></P><P style="font-size: 12px; color: #333333; background: #ffffff;"><STRONG style="font-style: inherit; font-family: inherit; background: transparent;"><SPAN class="title" style="font-weight: inherit; font-style: inherit; font-family: calibri, verdana, arial, sans-serif; background: transparent;">2042631 - Validity Dates for Business Roles</SPAN></STRONG></P><P style="font-size: 12px; color: #333333; background: #ffffff;"><STRONG style="font-style: inherit; font-family: inherit; background: transparent;"><SPAN class="title" style="font-weight: inherit; font-style: inherit; font-family: calibri, verdana, arial, sans-serif; background: transparent;"><BR /></SPAN></STRONG></P><P style="font-size: 12px; color: #333333; background: #ffffff;"><SPAN class="title" style="font-weight: inherit; font-style: inherit; font-family: calibri, verdana, arial, sans-serif; background: transparent;"><STRONG style="font-style: inherit; font-family: inherit; background: transparent;">1979538 - Simplified Access Request Role Validity Dates Validation Error messages</STRONG></SPAN></P><P></P><P></P><P style="font-size: 12px; color: #333333; background: #ffffff;"><SPAN style="font-weight: inherit; font-style: inherit; font-family: calibri, verdana, arial, sans-serif; background: transparent;">Check if this thread gives you some lead to solve your issue.</SPAN></P><P></P><P style="font-size: 12px; color: #333333; background: #ffffff;"><SPAN style="font-weight: inherit; font-style: inherit; font-family: calibri, verdana, arial, sans-serif; background: transparent;"><A class="jive-link-external-small" href="https://scn.sap.com/thread/3659245" style="font-weight: inherit; font-style: inherit; font-family: inherit; color: #3778c7; background: transparent;">https://scn.sap.com/thread/3659245</A></SPAN></P><P></P><P></P><P style="font-size: 12px; color: #333333; background: #ffffff;"><SPAN style="font-weight: inherit; font-style: inherit; font-family: calibri, verdana, arial, sans-serif; background: transparent;">Regards,</SPAN></P><P style="font-size: 12px; color: #333333; background: #ffffff;"><SPAN style="font-weight: inherit; font-style: inherit; font-family: calibri, verdana, arial, sans-serif; background: transparent;">Deepak M</SPAN></P></BODY></HTML> Fri, 22 Apr 2016 01:38:25 GMT https://community.sap.com/t5/application-development-and-automation-discussions/grc-access-request-valid-dates-restriction/m-p/11627719#M1942168 Former Member 2016-04-22T01:38:25Z