Showing results for 
Search instead for 
Did you mean: 

Business Role provisioning failure if user doesn't exist in specific system

0 Kudos

Dear SAP experts

We are following Business Role concept for user provisioning.

Cenário: An acess request is created for business role assignment to a specific user. This Business Role has technical roles associated from 3 diferent systems: System_1, System_2 and system_3

The specific user ID exist just on System_1 and system_2; he/she cannot exist on system_3.

Request type is: Modify user

Action: Assign Object

At the end of approvals stages, during provisioning, GRC corretly assign tech roles on system_1 and system_2, but as the user doesn't exist on system_3 GRC gives an error of provisioning failure and shows message "user doesn't exist on system XXXX". Then the acess request goes to a "detour path" for provisioning failures.

My question is:Is it possible that in this cases GRC could just bypass and ignores that the the user doesn't exist on system_3 and closes the access request successfully, without provisioning failure ? Maybe a warning or something. Remember that in our cenario this user cannot has access to system_3.

[GRC Access Control 10.1 SP 17]



Accepted Solutions (0)

Answers (1)

Answers (1)

0 Kudos

Hi Andreia,

Please find the below options which you may consider according to your requirement

1. Remove the the role 3 since you have mentioned that the user shouldn't be having access to system 3

2. If for other cases role 3 is required in the same business role, have a separate business role created for system 1 & system 2