Skip to Content

AC10.0/10.1 - Access Request - read single roles associated to composite roles for BRF+ routing role

Hello folks,

I am about to customize a line item brf+ routing rule for access requests which contain single roles but composite roles as well.

Though i was able to get a working rule for the single roles handling the composite roles does make some trouble.

To resolve the issue i have only two question.

  • If the Request does contain a composite roles and is getting splitted in Line Items for the routing rule does the LineItem GRAC_S_REQUEST_RULE_LINE store the name of the composite role in the component name ROLE_NAME?

  • Is there any function module or table which shows/stores the association between single and composite roles?

Thank you in advance.

Regards, Andreas

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

1 Answer

  • Best Answer
    avatar image
    Former Member
    Apr 05, 2016 at 01:28 PM


    Table AGR_AGRS in the connected system contains the relationship between the Composite and its component roles. When you do your role import and select the backend system as your Role Authorization source, this table is among those checked. We have had several instances where the import of a Composite role failed, and after some investigation, we determined that the import failure was caused by AGR_AGRS not showing the same list of component roles as we had listed in the import file ( in Column X) and actually in the Composite at that time.


    Add comment
    10|10000 characters needed characters exceeded

    • Hello Gretchen,

      Amazing, thank you!

      Though after some testing and working with the rule i found out that the function module i was using (GRAC_IDM_RISK_WITH_NO_SERVICES) was storing not only the single role name but also the name of the associated composite role in the request. This enabled me to avoid to challenges with the authorization source.

      Have a good day, Andreas