Hi IIona,

Yes BP & BSP are required for CR import or upload,you can align your CR's to closely match SAP standard process or you can create a brand new BP & SBP that matches your roles. By Creating a new BP & BSP will not impact ARA rules,but by creating your own(custom) BP/BSP with same name as SAP standard might confuse users as the BP/BSP are used across GRC Access control(AR,BRM)

SAP Business Process: BS00 : Basis

Custom Business Process : BS : Basis you will have two entries in the table,thats the reason users will be both Business Process:)

Just an FYI:As part of the SAP Security Role Strategy(naming convention) you should have defined the role as per the BP/SBP..but I agree you might not be the one who defined:)

The BP/BSP are used to enforce naming convention in BRM and also can be used to create a BRF+ rule to route the role for approver/condition methodology/approver methodology etc

Thanks

Ramesh

Hello Ramesh and thanks for the answer,

my scenario is not BR-CR-TR, but CR-SINR-TR. We only have composite roles that contain single roles. So far, the roles have been developed in ERP, but now in GRC BRM.

Unfortunately, I can not create a composite role without business process and subprocess in BRM. I also have to upload all existing composite roles in BRM. These composite roles are built according to specialist departments and now must be assigned to the processes in BRM. Otherwise I can not save and generate the roles in the BRM.

bildschirmfoto-2019-12-10-um-120523.png

My problem is with the composite roles, which can not be assigned to any SAP standard process, such as board, management, risk controlling, business organization….

Grüße

Ilona

Hi IIona,

First I am not sure why you would want to create a composite role inside a business role, that would create a another hierarchy within the Business Role, instead you can achieve the same with the Business role itself.

Your current scenario ==> BR ==> CR ==> TR for ECC

==> CR ==> TR or DRM etc

instead you can use the following scenario ==> BR ==> TR for ECC

==> TR for SRM

Second..Regarding the Business Process and Sub Process there is no such SAP standard process..Its up to your current process what you are following...

Do you have a Role Naming convention defined for BRM?

BRM Business Process and Sub Process can be totally independent of ARA ruleset, but if you want to be consistent then align the Roles/BP/SBP with your process(role naming convention).

Example

Business Process : FI00 Business Sub Process : AP/GL/AR etc for BRM

Business Process : FI00 for ARA Ruleset,so that both will be in sync.

I hope I was able to answer your question.

Thanks

Ramesh

Thanks for the answer. Unfortunately, I meant something else.

The business and sub-processes must be present in the SPRO. In the BRM I have to select a business and sub-process when creating the composite role. These business processes can also be found in the function IDs in the rule set - ARA. (See image)

What is recommended here? What is the best way?

Composite roles such as finance or IT are still easy = FI and Basic. What do I do with composite rolls, which are built according to departments. What do I do in composite roles with departments like: board, projects, organization, appraisal, revision ....

Thanks for the help

Ilona

I would suggest to design you composite role based on business process, for example, All basis related roles can be in organized in different composite role i.e. Z_CMP_BASIS_USR_CRE where you can have all single roles related to user creation or security related role same wise, you can do for ROLE modification (Z_CMP_BASIS_RL_CRE) I guess, this will not affect anything with your ARA ruleset business process.