Skip to Content
avatar image
Former Member

No dropdown available for selecting connector in "Maintain Authorizations" of role methodolgy phase in BRM role maintenance

Hi GRC gurus

I have a requirement that roles for BI and Solman need to analysed for access risks against GLOBAL ruleset in BRM. For this purpose I have assigned the BI and Solman connector to a connector group for which I have loaded to GLOBAL ruleset. Then I have assigned these 2 connectors to all the 4 integration scenararios(AUTH, PROV, ROLEMG and SUPMG). Also I have mapped both the BI and Solman connectors as default connector in Access Control--> Maintain mapping for actions and connector groups.

Now when I try to create a single role in BRM, I am selecting the connector group(to which I had assigned the BI and Solman connectors) as landscape in the "define Role"phase. But in the "Maintain authorizations" phase , only the BI connector is appearing as "Backend System for Maintenance" . There is no dropdown available here so that I can select Solman connector if I have to create Solman role and not BI role.

Is there any config. settings whereby I can get a dropdown available and I can select the connector (BI connector when I require to create BI role and Solman connector when I require to create Solamn role).

Thanks in advance.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Jun 01, 2012 at 12:38 PM


    The connector groups for risk analysis and for business role management should be different.

    In risk analysis, our recommendation is to use SOD Logical Systems against the rules.  If you use our out of the box rule sets, for example BC Set 'GRAC_RA_RULESET_SAP_BASIS', it will create a connector group (logical system) witth the ID SAP_BAS_LG.  You then assign all of your SOD relevant target instances to this connector group.

    In business role management, you need to have a connector group that is structured by your SAP system Landscape, i.e.  DEV / QA / PRD (basically following your transport path for roles).  In business role management, role defination is by Landscape not by individual connector.  You should not be using the same connector groups for risk analysis as you do for business role management.


    Kevin Tucholke

    Add comment
    10|10000 characters needed characters exceeded

  • Jun 04, 2012 at 11:32 AM

    Hi Saibal,

    Ideally, You can have only one system as default system for one landscape and same system is available for Maintain Authorizations. You cannot have multiple system for maintaining authorizations.

    However you have an option to add more than one system (but you can make one system as default) in one landscape and at the time of generating role, you can choose those systems to generate the role there also.

    Ideally, BI & Solman are 2 different kinds of systems and need to be in 2 different landscapes. If you have an requirement to add them in one landscape to generate the roles parallely in both system, you can do that. However Maintain Authorizations will be in one systme only.

    Thanks & Regards


    Add comment
    10|10000 characters needed characters exceeded