Skip to Content

Disable/Remove SYSTEM and ROLE options from ARM in GRC

Hi All,

In user access tab we have ADD button in that we have ROLE and SYSTEM options. our requirements is that end user can only submit a request without adding any role or system. Roles/SYSTEMS will be added by the Managers in the next level.

Can anyone guide me how to do this from ARM request please. I already tried to change the Request Type in SPRO but didn't work.

Appreciate any help.

Add a comment
10|10000 characters needed characters exceeded

Related questions

3 Answers

  • Posted on Mar 29 at 01:49 PM

    Hello,

    Adding a SYSTEM or ROLE is mandatory while submitting a request in GRC 10/10.1/12.0.

    Please check below note for details:

    Regards,

    Madhu


    note-2641235.png (99.2 kB)
    Add a comment
    10|10000 characters needed characters exceeded

    • Thank you Madhu for your feedback.

      Our plan is to allow the end users to submit their requests and mention the reason for this access in the DESCRIPTION field (as shown in the attached document) without choosing any role. So for end users you can consider the ARM is a ticketing system. Once the request submitted the next level (say the Manager or the Focal point) will add the required roles and the ARM workflow will continue.

      Appreciate if you can explain more regarding your suggestion by maintaining system provisioning configuration.

      Maj

      document-1.png

      document-1.png (3.4 kB)
  • Posted on Mar 29 at 06:52 PM

    Hi Maj SAP,

    Well you see its a mandatory to select System for access request submission, otherwise why the request. Anyways coming to role, you can have a role with basic T-codes like SU53 where nothing changes can be done & also a essential for every users. If the manager is selecting the role, then do you mean that the manager is generating another ARM seperate request or modifying the existing request. Trying to Modify a existing request also does not make much sense as in this way chances are there that the request remains open forever until the employee resigns. So that is why the role & System based authorisation process is defined likewise. In you case, I would suggest to inform the other departments manager to request the system & roles themselves to achieve what you are trying to mention for the New Users. I mean that is how in many organisations do

    Hope I was able to explain.

    Thanks,

    Kaushik

    Add a comment
    10|10000 characters needed characters exceeded

    • Hi Kaushik,

      Thank you for your reply.

      Managers/Focal point will use the same ARM request submitted by end user to add the roles. So End user will only submit a request with justification without adding any role. As I mentioned to Madhu end users will use the ARM request as a ticketing system.

      Best Regards,

      Maj

      document-1.png

      document-1.png (3.4 kB)
  • Posted on Apr 02 at 03:23 PM

    Hi Maj,

    As mentioned earlier, GRC system does not allow submission of request without a system line item. Few options you can explore:

    a. Enhance Request Submission webdynpro application and implement logic in Post Exit to proceed for submission even when there are no request lineitems added

    b. Another option is to add a dummy role lineitem by default without users adding via default roles functionality so that request gets submitted without any issue

    Regards,

    Madhu

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.