Skip to Content

Regarding ARA Sync Jobs vs Ruleset

Hi Experts,

I have the following issues/questions while working on the ARA.

1. I know that PFCG_AUTHORIZATION_SYNC job will bring in the new Auth objects, values from SU24 to GRAC tables/Ruleset but wanted to know the below.

1. All new objects either brought in initially with actions or as part of changes for actions are at inactive status when loaded in to GRC and it is up to us to active the required critical objects? same with values/permission level? irrespective of check "YES" "NO" in SU24.

2. What if an object is removed or tcode is deleted? will it reflect the same in GRAC tables, i mean will it be removed from permissions under actions, actions will be automatically deleted from functions?

3. Also, if we update the GRC Ruleset (Action Permission, Actions) files (deactivating or changing couple of t-codes, permissions, values) will the PFCG_AUTHRIZATION_SYNC program will bring back the deactivated objects as active once the sync job is run. will any of the SYNC job overwrite the changes we make using GRAC_UPLOAD_RULES t-code. are they dependent? If not the sync jobs are to only update the Authorizations master data in to GRC?



Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    Mar 15, 2017 at 09:37 AM

    Hi Sri.

    The PFCG_AUTHORIZATION_SYNC only updates authorization master data in GRC AC. They will be used only when creating new functions or inserting actions or permissions in your existing ones. This synch job alone doesn't mess with your existing functions (and rules, consequently).



    Add comment
    10|10000 characters needed characters exceeded