Skip to Content
avatar image
Former Member

[PROCESS CONTROL] Remove Button on Hierarchy Structure

Hi Everybody:

I'm trying to map Roles by Activities to GRC Process Control. However, when I enter to fill out the Hierarchical Structure, I'm not Able to Remove Organizations. I Can do That using SPRO, but I need the User to do that on the Front End. Until this point, we can create another structure on front end, after follow this tutorial:

But I haven't figured out what am I doing wrong. It seem just an authorization problem (Nothing with BC Sets), because when I use an user called admin, i'm able to remove organizations. The problem lies on the fact that this admin user have 175 roles to analyze.

Could you help me?

Regards

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Best Answer
    avatar image
    Former Member
    Apr 03, 2014 at 05:20 PM

    Hi Guys:

    Sorry for being late. I appreciate all your help. Because of the need, I asked for the role  with object GRFN_USER with ACTVT 02 and 03. This solve my problem. ( I read the manual and this object should be used carefully, because it is only given to power users).

    Best Regards for all

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Feb 26, 2014 at 07:15 AM


    Hi Caio,

    Ideally only the Org Admin has the authorizations to remove the organizations below a Corporate node.

    Please create an Org Admin user and assign the basic BASE,BUSINESS USER and the NWBC roles so that the user has basic authorizations for the GRC PC appllication.

    Apart from these, the specific business role for ORG Admin is SAP_GRC_SPC_GLOBAL_ORG_ADMIN. Assign this role in addition to the above roles to your Org Admin user and then assign this user as the Cross Regulation Org Admin at the Corporate level.

    This user should be able to delete the organizations for the corporates that he has been assigned to.

    Please note that the following auth object should be present in this particular SAP_GRC_SPC_GLOBAL_ORG_ADMIN role: OBJECT - GRFN_API, ACTVT - 01 & 06, GRC_DATAPT - *, GRC_ENTITY - ORGUNIT, GRC_SUBTYP - *. Then this will work.

    Thanks,

    Himanshu

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member


      Hi Shikha,

      There should not be any problem if you are using a Z role if it is an exact copy and has been maintained in all the required configuration settings.

      Thanks,

      Himanshu

  • avatar image
    Former Member
    Apr 04, 2014 at 05:55 AM

    Hi All,

    I could find the solution where we need to give two authorization  objects to get remove button enabled in Org hierarchy under Master Data tab , they are as below :

    GRFN_API - ACTVT - 01 & 06, GRC_DATAPT - *, GRC_ENTITY - ORGUNIT, GRC_SUBTYP - *

    GRAC_OUNT  -  ACTVT - 01,02,06  , GRAC_OUNIT -  *  ,  GRAC_OUTYP - *

    This will also, avoid us to give GRFN_USER with ACTVT 02 and 03., which is quite a powerful access.

    You can also go through SAP KBA 1986542.

    Regards,

    Shikha

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Feb 25, 2014 at 01:08 PM

    Hi Caio ,

    I am also facing the same issue ,REMOVE button is disabled in Org Hierarchy,were u able to get any resolution to it,I tried to give role Org Admin at the top node  to users , as this role has GRFN_API object  with ACTVT = Delete and Entity = ORGUNIT, but still button is disabled for users.

    Please let me know if you have any resolution to it.

    Thanks,

    Shikha

    Add comment
    10|10000 characters needed characters exceeded

  • Apr 08, 2015 at 04:19 PM

    Hello everybody,

    for us it was helpful to restrict the Admin-Role to only used Applications - instead of "Process Control and Risk Management" in our case to just "Process Control".

    To get there follow the link:

    TA: SPRO -> GRC -> General Settings -> Authorizations -> Maintain Entity Role Assignment

    Maintain for your Role the Entity (OrgUnit or Corporate) and Application.

    Hope it will work for you too!

    Cheers,

    Katja

    Add comment
    10|10000 characters needed characters exceeded