Hi Michael,
It is good that you have already created "Business Roles" in SAP GRC.
As you already understood, Business roles are designed to make end user selection easy while submitting an access request but at the end of the day users get provisioned with technical roles which are inside the business role.
Only GRC system will store the User to Business role assignment details as this helps if the biz role need to be de-provisioned from users or to push the updates of the business role to the users from GRC BRM.
For your scenario you may need to reassign the roles to the users via GRC Business roles to achieve your objective. This could be a tedious exercise as you have to remove the existing roles and assign the same roles via GRC Business roles.
Adding to it currently there is no mass business role assignment function available too.
You can refer below SAP Notes.
2511074 - Is there a program for Mass Business Role Update Assignment in GRC AC 10.0?
2116829 - Mass load of Business role assignments to users
Proposed Workaround
Create a new MSMP workflow path with some new request type which can route the requests with that request type 'No Approval' path (i.e. requests get auto approved and roles are auto provisioned).
Then create Multi-User access request to assign business role to your Users using the new request type which will get routed to No APPROVAL path.
Note: Make sure that the role assignments does not cause any SoD/CA risk violations.
Since this is a big and tedious exercise try to do it in batches with different groups or departments of users.
Regards,
Madhu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.