Skip to Content
Dec 03, 2018 at 05:58 PM

GRC AC 10.1 Managing expired and expiring roles: how to extend role assignment validity


Dear SAP Community,

During the configuration of GRC 10.1 Access Request, I was trying to find the best way to manage expired and expiring role assignments. From my understanding, the only tool available is the security report "List Expired and Expiring Roles for Users", which does not offer a way of extending the role assignment validity or to notify either managers or end users of the incoming access limitation.

How did you tackle this issue in your implementations?

  • must users (or managers) create a new access request, each time their roles are about to expire?
  • do you notify the users (or managers) that their roles are about to expire?
  • did you create a workflow for role assignment validity extension, where managers review their users' assignments and extend the necessary ones?

Is there a standard way to achieve any of this?

I was hoping that role reaffirm or user access review would provide this funcionality, but unfortunately they only serve to remove assignments, not to extend them...

Thanks and best regards,