Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Stop requesting same role multiple times in GRC ARM

Go to solution
ae55hs
Discoverer

on ‎2018 Mar 15 5:14 PM

0 Likes
2,530

User may have multiple roles already assigned via GRC. However, user may still use Request Type "Change Account" and request assignment of same roles again.

Eg: User A has role XYZ assigned via GRC (in existing assignment you can see role XYZ assigned to user with Start date 01.01.2017 to end date 31.12.9999).

The user may go to GRC and request access for the same role XYZ, now with start date 01.09.2017 to 31.12.9999. In the process, the user gets the same role assigned twice with different start and end date in the managed system.

Is there a way to stop users requesting access to the same role, already assigned and if within the same validity range? Isn't it logical that if an user already has the role assigned, he shouldn't able to request for it again.

P.S: I know that PRGN_COMPRESS_TIMES will resolve the issue of redundant role assignment in the managed system. But that's not the solution.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

alessandr0
Active Contributor
‎2018 Mar 19 7:38 PM
0 Likes

Hi Majumdar,

the only way to suppress is with custom modifications. For example, you can enhance the access request submission or even the web dynpro that it performs a cross-check. In case the role is already assigned, show a warning or stop the user from continuing.

Alternatively, you can add a cross-check in the initiator rule in BRFPlus. In case the role is already assigned, automatically approve the role (route it through an automated approval process). With that, you at least avoid any overhead in approving the request.

Regards, Alessandro

Show replies
Show replies

Answers (4)

Answers (4)

ae55hs
Discoverer
‎2018 Mar 24 11:22 PM
0 Likes

Thank you all for your responses. We will go for a custom enhancement in the webdynpro to inhibit access request for a role that is already assigned.

Show replies
Show replies
former_member339032
Discoverer
‎2018 Apr 03 9:44 AM
0 Likes

Hello D. Majumdar,

We are also having the same issue. Please share the method with which you made the customization in webdynpro.

former_member226273
Active Participant
‎2018 Mar 16 12:29 PM
0 Likes

Hello D. Majumdar,

As commented by Ramesh, we cannot restrict users from request same role again.

If you are not using business roles, the duplication of role assignments can be taken care by time dependency job. But only if you are not using Business roles.

Kind regards,

Yashasvi

Show replies
Show replies
ae55hs
Discoverer
‎2018 Mar 24 11:22 PM
0 Likes

We are using Business Roles. I think you meant program PRGN_COMPRESS_TIMES, not time dependency job.

ae55hs
Discoverer
‎2018 Mar 16 11:14 AM
0 Likes

Thanks for your response. I don't feel it's a training issue, it's more about controls.

We don't use BRM.

Show replies
Show replies
Former Member
‎2018 Mar 15 11:10 PM
0 Likes

Hi Majumdar,

We cannot stop user from requesting same TR again and again, the question I have here is why user is requesting same access and to me its a training issue.

Do you use SAP GRC AC BRM?

Thanks

Ramesh

Show replies
Show replies
Ask a Question