Access & Authorization Management


Advertisements

In SAP GRC solution, you can manage authorization objects to limit the items and data that a user can access. Authorization controls what a user can access in regards to work centers and reports in SAP system.

To access GRC solution, you should have following access −

  • Portal authorization
  • Applicable PFCG roles
  • PFCG roles for access control, process control and risk management

The authorization types listed below are required as per GRC components − AC, PC and RM.

Role Name Typ Description Component
SAP_GRC_FN_BASE PFCG Basic role PC, RM
SAP_GRAC_BASE PFCG Basic role(includes SAP_GRC_FN_BASE) AC
SAP_GRC_NWBC PFCG Role to run GRC 10.0 in NWBC AC, PC, RM
SAP_GRAC_NWBC PFCG Role to run simplified NWBC work centers for AC AC
GRC_Suite Portal Portal role to run GRC in 10.0 in portal AC, PC, RM
SAP_GRC_FN_BUSINESS_USER PFCG Common user role AC*, PC, RM
SAP_GRC_FN_ALL PFCG Power user role; bypasses entity-level authorization for PC and RM PC, RM
SAP_GRAC_ALL PFCG Power user role AC
SAP_GRC_FN_DISPLAY PFCG Display all user role PC, RM
SAP_GRAC_DISPLAY_ALL PFCG Display all user role AC
SAP_GRAC_SETUP PFCG Customizing role (used to maintain configuration in IMG) AC
SAP_GRC_SPC_CUSTOMIZING PFCG Customizing role (used to maintain configuration in IMG) PC
SAP_GRC_RM_CUSTOMIZING PFCG Customizing role (used to maintain configuration in IMG) RM
SAP_GRAC_RISK_ANALYSIS PFCG The role grants the authority to run SoD jobs AC, PC, RM

Authorization in Portal Component and NWBC

In SAP GRC 10.0 solution, work centers are defined in PCD roles for the Portal component and in PFCG roles for NWBC (NetWeaver Business Client). The work centers are fixed in each base role. SAP delivers these roles however; these roles can be modified by the customer as per requirement.

The locations of application folders and subordinate applications within the service map are controlled by the SAP NetWeaver Launchpad application. Service map is controlled by user authorization so if user doesn’t have authorization to see any application they will be hidden in NetWeaver Business client.

Work Center

How to review role assignments in Access Management Work Center?

Follow these steps to review role assignments −

Step 1 − Go to Access Management Work Center in NetWeaver Business Client.

Role Assignments

Step 2 − Select business process under GRC Role assignment and go to sub-process role level. Click next to continue to assign role sections.

How to review role assignments in the Master Data Work Center?

Step 1 − Go to Master Data Work Center → Organizations

Master Data

Step 2 − In next window, select any organization from the list, then click Open.

Step 3Note that the triangle next to the organization means that there are suborganizations and the dot next to the organization means that it is the lowest level.

Sub Organizations

Step 4 − Click on subprocess tab → Assign subprocess. Now select one or two subprocesses and click on Next.

Step 5 − Without making any changes, click Finish on the Select Controls step.

Step 6 − Choose the first subprocess from the list, then click Open. You should see the subprocess details.

Step 7 − Click the Roles Tab. Choose a role from the list, then click Assign.

Roles Tab
Advertisements