Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

SAP GRC AC, table relationship ROLE_ID & ACTION_ID for ARA

javierdry82
Explorer

on ‎2020 Oct 02 8:03 AM

0 Likes
2,080

Hola,

Me gustaría saber que tabla relaciona el ROLE_ID con el ACTION_ID, en relación con ARA.

He chequeado todas las tablas y no encuentro esta relación por ningún lado, entonces, ¿Cómo es capaz GRC de determinar que tcodes tiene un usuario en el backend?, a través de la tabla GRACUSERROLE, se determina que roles tiene, pero ¿como determina las tcodes para el análisis de riesgos?

Muchas gracias

Saludos.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
vijayakumarsuth
Product and Topic Expert
Product and Topic Expert
‎2020 Oct 02 7:51 PM
0 Likes

Hi Francisco,

It will be helpful to provide your question in English as many of our communities experts understands English and can help to provide you useful guidances

Accepted Solutions (0)

Answers (3)

Answers (3)

javierdry82
Explorer
‎2020 Oct 04 8:23 PM
0 Likes

Thank you.

Show replies
Show replies
vijayakumarsuth
Product and Topic Expert
Product and Topic Expert
‎2020 Oct 02 8:13 PM
0 Likes

Hi Francisco,

Based google translation, I understand your question is to find relation between role and action when risk analysis is executed. As it sounds simple on question but it is too complex flow at background to fetch all these details to show up in screen because there are alot of table involved to get the results.

In simple way, I tried to explain for your understanding

(1) All role exists in table GRACROLE and get the roleid value from here

(2) Access table GRACROLEACT and provide the roleid fetched from step 1, here you can find actions assigned in for that particular role

FYI - The above shows the role and its action alignment

(3) Now with this actions based on role, the risk analysis Rule Engine will find the actionid of each action from table GRACACTION to determine the conflict based on risk and functions

Show replies
Show replies
Monsores
Active Participant
‎2020 Oct 02 8:43 PM
0 Likes

Hi Vijaykumar.

Sorry for my answer in Spanish above. I have pasted a translation in English right after that one.

But in my answer I was explaining that GRACROLEACT isn't used for risk Analysis so we need to take care when crossing it with Risk Analysis results. If you don't use BRM this table will be empty but the risk analysis will be performed anyway.

Regards,

Marcelo Monsores

Monsores
Active Participant
‎2020 Oct 02 7:52 PM
0 Likes

Hola Francisco.

Los tcodes contenidos en los roles no se almacenan en GRC Access Control para fines de Análisis de Riesgos. Los roles de usuario se traducen en tcodes y autorizaciones en tiempo de ejecución directamente en los sistemas backend durante el análisis de riesgos online. Si utiliza el análisis de riesgos offline, esta traducción se realiza previamente a través del job de Batch Risk Analysis.

Si usas la función de sincronización con PFCG en BRM, también tiene esta información en las tablas GRACROLEACT y GRACROLEPERM. Pero debe tener en cuenta que no se utilizan para análisis de riesgos y que existe un alto riesgo de tener información desactualizada ya que esta sincronización se ejecuta manualmente.

Regards,

Marcelo Monsores

Show replies
Show replies
Monsores
Active Participant
‎2020 Oct 02 8:39 PM
0 Likes

Hello Francisco.

The tcodes contained in roles are not stored in GRC Access Control for Risk Analysis purposes. User roles are translated into tcodes and authorizations at runtime directly in the backend systems during online risk analysis. If you use offline risk analysis, this translation is previously done through the Batch Risk Analysis job.

If you use the "Sync with PFCG" feature in BRM, you also have this information in the GRACROLEACT and GRACROLEPERM tables. But you should keep in mind that they are not used for risk analysis and there is a high risk of having outdated information as this synchronization is performed manually.

Regards,

Marcelo Monsores

Ask a Question