Solved: [PROCESS CONTROL] Remove Button on Hierarchy Struc...

Former Member · ‎02-04-2014

Hi Everybody:

I'm trying to map Roles by Activities to GRC Process Control. However, when I enter to fill out the Hierarchical Structure, I'm not Able to Remove Organizations. I Can do That using SPRO, but I need the User to do that on the Front End. Until this point, we can create another structure on front end, after follow this tutorial:

But I haven't figured out what am I doing wrong. It seem just an authorization problem (Nothing with BC Sets), because when I use an user called admin, i'm able to remove organizations. The problem lies on the fact that this admin user have 175 roles to analyze.

Could you help me?

Regards

Former Member · ‎04-03-2014

Hi Guys:

Sorry for being late. I appreciate all your help. Because of the need, I asked for the role with object GRFN_USER with ACTVT 02 and 03. This solve my problem. ( I read the manual and this object should be used carefully, because it is only given to power users).

Best Regards for all

Former Member · ‎02-25-2014

Hi Caio ,

I am also facing the same issue ,REMOVE button is disabled in Org Hierarchy,were u able to get any resolution to it,I tried to give role Org Admin at the top node to users , as this role has GRFN_API object with ACTVT = Delete and Entity = ORGUNIT, but still button is disabled for users.

Please let me know if you have any resolution to it.

Thanks,

Shikha

Former Member · ‎02-26-2014

Hi Caio,

Ideally only the Org Admin has the authorizations to remove the organizations below a Corporate node.

Please create an Org Admin user and assign the basic BASE,BUSINESS USER and the NWBC roles so that the user has basic authorizations for the GRC PC appllication.

Apart from these, the specific business role for ORG Admin is SAP_GRC_SPC_GLOBAL_ORG_ADMIN. Assign this role in addition to the above roles to your Org Admin user and then assign this user as the Cross Regulation Org Admin at the Corporate level.

This user should be able to delete the organizations for the corporates that he has been assigned to.

Please note that the following auth object should be present in this particular SAP_GRC_SPC_GLOBAL_ORG_ADMIN role: OBJECT - GRFN_API, ACTVT - 01 & 06, GRC_DATAPT - *, GRC_ENTITY - ORGUNIT, GRC_SUBTYP - *. Then this will work.

Thanks,

Himanshu

Former Member · ‎02-26-2014

Hi Himanshu,

I am also facing the issue where Remove button is disabled,however I have already done the assignment of role SAP_GRC_SPC_GLOBAL_ORG_ADMIN at corporate level to users along with 3 basic roles you mentioned in backend, but still Remove button is not enable for them.

Am I missing something here?

Regards,

Shikha

Former Member · ‎02-26-2014

Hi Shikha,

If the role assignment at the backend and frontend is complete then you can probably check the authorizations that are there in the role that you have assigned.

This should be present - SAP_GRC_SPC_GLOBAL_ORG_ADMIN role: OBJECT - GRFN_API, ACTVT - 01 & 06, GRC_DATAPT - *, GRC_ENTITY - ORGUNIT, GRC_SUBTYP - *.

One question over here.. are you trying to delete the top node corporate or the organizations below it??

Thanks,

Himanshu

Former Member · ‎02-26-2014

Hi Himanshu,

Thanks for your response.

Yes, the mentioned object and relevant fields are available in the role.

Just want to confirm as we are not directly using the standard role, we are using the Z* role which is exact copy of Org admin role and same has been maintained in SPRO config at entity role assignment node,we have taken care the maintenance of Z role in SPRO config where ever required .So, either we use SAP standard or our Z version it should not be an issue..right?

And we are trying to remove the Organization only not Corporate node.

Regards,

Shikha

Former Member · ‎02-27-2014

Hi Shikha,

There should not be any problem if you are using a Z role if it is an exact copy and has been maintained in all the required configuration settings.

Thanks,

Himanshu

Former Member · ‎04-03-2014

Hi Guys:

Sorry for being late. I appreciate all your help. Because of the need, I asked for the role with object GRFN_USER with ACTVT 02 and 03. This solve my problem. ( I read the manual and this object should be used carefully, because it is only given to power users).

Best Regards for all

Former Member · ‎04-04-2014

Hi All,

I could find the solution where we need to give two authorization objects to get remove button enabled in Org hierarchy under Master Data tab , they are as below :

GRFN_API - ACTVT - 01 & 06, GRC_DATAPT - *, GRC_ENTITY - ORGUNIT, GRC_SUBTYP - *

GRAC_OUNT - ACTVT - 01,02,06 , GRAC_OUNIT - * , GRAC_OUTYP - *

This will also, avoid us to give GRFN_USER with ACTVT 02 and 03., which is quite a powerful access.

You can also go through SAP KBA 1986542.

Regards,

Shikha

Former Member · ‎04-08-2015

Hello everybody,

for us it was helpful to restrict the Admin-Role to only used Applications - instead of "Process Control and Risk Management" in our case to just "Process Control".

To get there follow the link:

TA: SPRO -> GRC -> General Settings -> Authorizations -> Maintain Entity Role Assignment

Maintain for your Role the Entity (OrgUnit or Corporate) and Application.

Hope it will work for you too!

Cheers,

Katja

[PROCESS CONTROL] Remove Button on Hierarchy Structure