Skip to Content
Jan 05, 2022 at 03:47 PM

SAP IDM & GRC Issue - Cumulative Privilege Assignment

257 Views Last edit Jan 05, 2022 at 05:33 PM 2 rev


We are working with version 8.0 SP6 of SAP Identity Management.

IDM and GRC Access Control were integrated for risk analysis and mitigation when assigning S/4HANA system privileges to users.

When we assign at the same time two privileges (or more) of this system (S/4HANA) which generate a risk (when assigned to the same user) and must go through GRC for validation, we notice that the IDM approver receives only one request for a single role among the 2 assigned.



If the IDM approver chooses to validate the request he received:

- The 2 privileges are validated in IDM and the AC Request is sent to GRC (both are displayed in the GRC approver Interface)

If the IDM approver chooses to reject the request:

- The privilege that he received is rejected and therefore it has a “Rejected” status in IDM, but the other privilege goes directly to OK status without needing validation / rejection from the IDM approver.


We want the IDM approver to receive 2 requests for the 2 privileges assigned to manage them separately.

Is there anyone who has encountered the same problem before?

Could you please help us resolve this issue?

Thank you.

Best regards,



assigning.png (117.8 kB)
idm-approver-ui.png (279.6 kB)
status.png (118.4 kB)