Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

SAP GRC 10.1 Business Role User Assignments

Go to solution
former_member594130
Explorer

on ‎2019 Jan 17 8:37 PM

3,408

We have implemented SAP GRC 10.1 ARM and are utilizing Business Roles. prior to using SAP GRC we already used a Business Role concept for mapping the technical roles to a persons job title/function. These mappings where used by the training department to request user access. We have now created Business Roles that map to the job titles and that is what is requested when creating user. What I need to do now is take all the existing users with existing job titles and have them assigned to SAP GRC 10.1 Business Roles that match there current job titles mappings. The Job Title Mappings is purely logical and exist only on an Access database. Does anyone know if there is a mass update function for Business Roles and User Assignments or away to add user assignments to Business Roles without actually performing a ARM request.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

madhusap
Active Contributor
‎2019 Jan 18 3:10 AM

Hi Michael,

As you mentioned already, Business role in GRC is nothing but grouping of technical roles from different systems based on user's appointment or job title or function etc.

Business roles are designed to make end user selection easy while submitting an access request but at the end of the day users get provisioned with technical roles which are inside the business role.

Only GRC system will store the User to Business role assignment details as this helps if the biz role need to be de-provisioned from users or to push the updates to the business role to the users from GRC BRM.

Currently there is no mass business role assignment function available. You can refer below SAP Notes.

2511074 - Is there a program for Mass Business Role Update Assignment in GRC AC 10 ?

2116829 - Mass load of Business role assignments to users

Workaround

  1. Create a new workflow path with some new request type which can route corresponding requests go to 'No Approval' path (i.e. requests get auto approved and auto provisioned).
  2. Then create Multi user requests to assign business role to your Users using the new request type and make sure that they get routed to No APPROVAL path.

Note: Make sure that the role assignments does not cause any SoD/CA risk violations.

Regards,

Madhu

Show replies
Show replies
former_member689548
Explorer
‎2020 Aug 15 1:34 AM
0 Likes

Hi Madhu, can you please instruct me on what is the proper setting for the "no approval path"?

I've created the "No approval" request type and updated the BRF+ definition table with NOAPPROVAL trigger, but somehow it's still going through the MANAGER_ONLY path.

If you could answer, I'd appreciate it a lot.

Thank you!

Answers (1)

Answers (1)

former_member594130
Explorer
‎2019 Feb 11 3:42 PM
0 Likes

Thank you for your reply. We will follow your recommendation for creating the no approval path to assign Business role to user. We have some technical hurdles to overcome but nothing major. the real benefit for this exercise is to easily remove access from users during the User Life Cycle. Since the requestors do not understand technical roles only Business Roles requesting the removal of a business role is complicated. Again thank you for your time and effort in responding to my question.

Show replies
Show replies
Ask a Question