Skip to Content
0

User group assignment issue via ARM in SAP GRC Access Control 10.1

Feb 08, 2017 at 10:09 PM

371

avatar image

We am required to have a new user workflow that assigns user groups input in GRC ARM to SU01 logon tab. The user groups are assigned in the groups tab in SU01 than assigning under "Logon data" tab in SU01 upon request completion.

Is it possible to assign user groups in SU01 logon data tab in the standard or a custom field need to be created in the ARM request to have the user groups assigned in the logon data tab? What would be the procedure.

The GRC version is 10.1 SP15.

Thanks,

Kashif

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

5 Answers

Best Answer
Mohammed Kashif Feb 15, 2017 at 06:00 AM
0

Hi All,

I found that the user groups tab in ARM request was provisioning to the user groups tab in SU01 as expected. The End User Personalization config in IMG had another user group field which was not visible. Once I enabled it, I could see user group under system details next to the system field. The provisioning went fine using this field which displayed the required user group in SU01 logon data tab.

Thank you Rakesh and Plaban for responding to the question. Appreciate your help.

Thanks,

Kashif

Share
10 |10000 characters needed characters left characters exceeded
Rakesh Ram Feb 09, 2017 at 01:55 AM
0

Hello Mohammed,

Please Check these 2 Notes for your issue.

1987981 - User Group not Passed to Logon Data in SU01 via web service

1754687 - UAM: Unable to assign UserGroups to user using webservice

Regards,

Rakesh Ram M

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Thanks Rakesh,

We are at a higher version 10.1 and SP 15 than the Note 1754687 . Do you think this is still applicable as the instructions are for v.10?

Kashif.

0
Rakesh Ram Feb 10, 2017 at 01:40 AM
0

Hello Kashif,

This note 1987981 has steps that can be performed to meet your requirement.

The note 1754687 has detailed explanation.

That's the reason why I mentioned both the notes.

Regards,

Rakesh Ram m

Show 2 Share
10 |10000 characters needed characters left characters exceeded

Thanks Again Ram. The note says "For web service GRAC_USER_ACCES_WS, it is expected to enter System in field UserGroupDesc. If the User group under Logon data in SU01 has to be assigned, then pass the data as LOGON-systemname".

I see that the webservice contains the field 'USER_GROUP_DESC' and it has two views listed (External and ABAP).

Are we suggesting that the 'LOGON-systemname' (SIDCLNTXXX) be replaced from in the Comp. Name field of External which lists the field name as UserGroupDesc as in the picture attached?

Would you kindly suggest to explain how to implement this SNOTE?

Thanks,

Kashif

web-services.png (33.9 kB)
0

To add to my previous comment.

How do we maintain multiple systems in the same field as per the description in NOTE 1754687 instructions below?

"Apply the correction instructions along with Pre implementation manual steps. Since the web service has no field to take the value of the System, it is expected to enter System in field UserGroupDesc. If the User group under Logon data in SU01 has to be assigned, then pass the data as LOGON-systemname. For example LOGON-GI7CLNT600. If the User Group under Group tab in SU01 has to be assigned to user then pass the system value in the field UserGroupDesc. For example GI7CLNT600"

Thanks,

Kashif

0
plaban sahoo Feb 11, 2017 at 03:27 PM
0

Hi,

Could you try using user defaults.

Regards

Plaban

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi Plaban,

The system is using user defaults. Or may be I did not understand your answer. Kindly advise.

Kashif

0
Rakesh Ram Feb 15, 2017 at 02:06 AM
0

Hello Mohammed,

Can you try taking some help from ABAPer if someone is available around in your team?

Regards,

Rakesh Ram M

Share
10 |10000 characters needed characters left characters exceeded