cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Disable/Remove SYSTEM and ROLE options from ARM in GRC

former_member672008
Explorer

on ‎03-29-2020 8:16 AM

0 Kudos

Hi All,

In user access tab we have ADD button in that we have ROLE and SYSTEM options. our requirements is that end user can only submit a request without adding any role or system. Roles/SYSTEMS will be added by the Managers in the next level.

Can anyone guide me how to do this from ARM request please. I already tried to change the Request Type in SPRO but didn't work.

Appreciate any help.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

madhusap
Active Contributor
‎04-02-2020 4:23 PM
0 Kudos

Hi Maj,

As mentioned earlier, GRC system does not allow submission of request without a system line item. Few options you can explore:

a. Enhance Request Submission webdynpro application and implement logic in Post Exit to proceed for submission even when there are no request lineitems added

b. Another option is to add a dummy role lineitem by default without users adding via default roles functionality so that request gets submitted without any issue

Regards,

Madhu

Show replies
Show replies
kaus19d
Active Contributor
‎03-29-2020 7:52 PM
0 Kudos

Hi majsap,

Well you see its a mandatory to select System for access request submission, otherwise why the request. Anyways coming to role, you can have a role with basic T-codes like SU53 where nothing changes can be done & also a essential for every users. If the manager is selecting the role, then do you mean that the manager is generating another ARM seperate request or modifying the existing request. Trying to Modify a existing request also does not make much sense as in this way chances are there that the request remains open forever until the employee resigns. So that is why the role & System based authorisation process is defined likewise. In you case, I would suggest to inform the other departments manager to request the system & roles themselves to achieve what you are trying to mention for the New Users. I mean that is how in many organisations do

Hope I was able to explain.

Thanks,

Kaushik

Show replies
Show replies
former_member672008
Explorer
‎03-31-2020 12:50 AM
0 Kudos

Hi Kaushik,

Thank you for your reply.

Managers/Focal point will use the same ARM request submitted by end user to add the roles. So End user will only submit a request with justification without adding any role. As I mentioned to Madhu end users will use the ARM request as a ticketing system.

Best Regards,

Maj

document-1.png

madhusap
Active Contributor
‎03-29-2020 2:49 PM
0 Kudos

Hello,

Adding a SYSTEM or ROLE is mandatory while submitting a request in GRC 10/10.1/12.0.

Please check below note for details:

Regards,

Madhu

Show replies
Show replies
former_member672008
Explorer
‎03-31-2020 12:50 AM
0 Kudos

Thank you Madhu for your feedback.

Our plan is to allow the end users to submit their requests and mention the reason for this access in the DESCRIPTION field (as shown in the attached document) without choosing any role. So for end users you can consider the ARM is a ticketing system. Once the request submitted the next level (say the Manager or the Focal point) will add the required roles and the ARM workflow will continue.

Appreciate if you can explain more regarding your suggestion by maintaining system provisioning configuration.

Maj

document-1.png

Ask a Question