Skip to Content

Business Role provisioning failure if user doesn't exist in specific system

Dear SAP experts

We are following Business Role concept for user provisioning.

Cenário: An acess request is created for business role assignment to a specific user. This Business Role has technical roles associated from 3 diferent systems: System_1, System_2 and system_3

The specific user ID exist just on System_1 and system_2; he/she cannot exist on system_3.

Request type is: Modify user

Action: Assign Object

At the end of approvals stages, during provisioning, GRC corretly assign tech roles on system_1 and system_2, but as the user doesn't exist on system_3 GRC gives an error of provisioning failure and shows message "user doesn't exist on system XXXX". Then the acess request goes to a "detour path" for provisioning failures.

My question is:Is it possible that in this cases GRC could just bypass and ignores that the the user doesn't exist on system_3 and closes the access request successfully, without provisioning failure ? Maybe a warning or something. Remember that in our cenario this user cannot has access to system_3.

[GRC Access Control 10.1 SP 17]

Regards

Andreia

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

1 Answer

  • Nov 12, 2018 at 01:53 PM

    Hi Andreia,

    Please find the below options which you may consider according to your requirement

    1. Remove the the role 3 since you have mentioned that the user shouldn't be having access to system 3

    2. If for other cases role 3 is required in the same business role, have a separate business role created for system 1 & system 2

    Regards,

    Arun

    Add comment
    10|10000 characters needed characters exceeded