Showing results for 
Search instead for 
Did you mean: 

SAP IDM & GRC Issue - Cumulative Privilege Assignment

0 Kudos


We are working with version 8.0 SP6 of SAP Identity Management.

IDM and GRC Access Control were integrated for risk analysis and mitigation when assigning S/4HANA system privileges to users.

When we assign at the same time two privileges (or more) of this system (S/4HANA) which generate a risk (when assigned to the same user) and must go through GRC for validation, we notice that the IDM approver receives only one request for a single role among the 2 assigned.

If the IDM approver chooses to validate the request he received:

- The 2 privileges are validated in IDM and the AC Request is sent to GRC (both are displayed in the GRC approver Interface)

If the IDM approver chooses to reject the request:

- The privilege that he received is rejected and therefore it has a “Rejected” status in IDM, but the other privilege goes directly to OK status without needing validation / rejection from the IDM approver.

We want the IDM approver to receive 2 requests for the 2 privileges assigned to manage them separately.

Is there anyone who has encountered the same problem before?

Could you please help us resolve this issue?

Thank you.

Best regards,


0 Kudos

Does this always happen when you have 2 or more privileges? I'm wondering if it's because the attribute for risk analysis has not been set on one of the privs... Just trying to rule out the easy ones first 🙂

0 Kudos

Hi Henrik,

Thank you for your reply.

Yes it always happens when we assign 2 or more privileges of the S/4HANA system to a user.

I checked and the triggers are set the same for all privileges of this system so I don't think it was because of the risk analysis attribute not being set for one of the privileges.

We found the cause of the problem, it is a P:-4 choice of privilege grouping in the MX_PRIV_GROUPING_RULE repository constant. And when changed to P:-1 the privileges arrive separately in the UI of the IDM approver.

Best regards,


Accepted Solutions (0)

Answers (0)