Skip to Content
0

GRC AC 10.1 Role Removal should expire the role

Jan 24, 2017 at 03:32 AM

306

avatar image

Hello Experts,

In our current scenario, if the user requests for Role Removal, the role should not be removed from the user record in SU01. Instead, it should become expired, e.g. the validity date of the role should be changed to yesterday (effective date of provisioning minus 1).

Is it possible to achieve that without writing any code, e.g. using MSMP and/or BRF+? Would you please have some insights on how?

Thanks and best regards,
Gustavo

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Alessandro Banzer Jan 26, 2017 at 12:47 PM
1

Hello Gustavo,

why don't you change the provisioning type from "Delete" to "Change/Retain"? In that case you can terminate roles based on the "Valid to" date. There is also the option to define the provisioning type as default when selecting roles from "Existing Assignments".

Hope that helps.

Regards, Alessandro

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hello Alessandro, thanks for your reply. Indeed that is the alternative way that we will use for the time being till we get an ABAPer. The downside however is that it is not explicit to the users and to the approvers, though a short training should address it. Best regards.

0
Prasant Kumar Paichha Jan 27, 2017 at 04:24 AM
1

Yes, Possible.. you would need an abaper for the same.

you can always write explicit function,good thing is it will not have side effect on SP update also.

Regards,

Prasant

Share
10 |10000 characters needed characters left characters exceeded