Skip to Content
author's profile photo Former Member
Former Member

GRC AC 10 security object question: GRAC_REP and Report Name (GRAC_REPID)


I am looking to limit visability to AC reports in various roles via object GRAC_REP. Can someone point me to a listing of the Report Names (GRAC_REPID)? I do not want this value to be '*'. The only one I am able to dig up so far is GRAC_SPM*. I am admittedly very new to GRC 10 security.

The Security Guide from SAP does not contain the information I am looking for.

Any info or guidance would be greatly appreciated.



Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • Best Answer
    Posted on Apr 02, 2013 at 01:42 AM


    Note 1718540 helped here - SM34 View GRFNVC_ITEMAUTH has the mapping of Menu Item Id to "Authorizated Objects"

    The SM34 view comprises of

    • GRFNMENUAPPCOMP Menu Authorization Entity Mapping
    • GRFNMENUITEM Menu Item (Item Auth Mode is PFCG)
    • GRFNMENUPFCG PFCG Auth Mapping Table

    Within table GRFNMENUPFCG you will see the references to the Menu Item Ids with descriptions

    The link to which report you are launching is based on the launchpad (LPD_CUST). The item configuration will contain the "Add Information" for MENUITEMID = xxxx which is under the "Advanced Parameters".

    Note - SAP mentions not to make changes to this SM34 data. If you do make changes and maintain them incorrectly, then the link will not show in NWBC. You also risk changes being overwritten if SAP delivers patches/upgrades

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Apr 01, 2013 at 12:51 PM


    Following is the list of various GRC AC reports which can be restricted through GRAC_REP / GRAC_REPID -

    GRAC_ACTIONUSAGE_LOG Transaction Log Reporting GRAC_CUP_DELGATN_RPT Report for Approver Delegation GRAC_CUP_HISTORY_RPT SOD Review History Report GRAC_CUP_MTIGATN_RPT Report for Requests with Conflicts And Mitigations GRAC_CUP_PD_PROF_RPT Report for Requests By PD/Structural Profiles GRAC_CUP_ROL_APR_RPT Report for Request By Roles And Role Approvers GRAC_CUP_SLR_RPT Service level for request report GRAC_CUP_USR_HIS_RPT User Access Review History Report GRAC_CUP_USR_RVW_RPT User Review Status Report GRAC_DAB_CUPAR CUP Dashboard Access Request GRAC_DAB_CUPPV CUP Dashboard for Provisioning Log GRAC_DAB_CUPRV CUP Dashboard Risk Violation GRAC_DAB_CUPSL CUP Dashboard for Service Level Violation GRAC_ERM_ACTION_USG Action usage report by User GRAC_ERM_ACT_IN_ROLE List Transaction in Roles GRAC_ERM_ACT_ROLES Action in roles not in rules GRAC_ERM_AUTH_CT_RL Count Authorizations in Roles GRAC_ERM_AUTH_CT_USR Count Authorizations for Users GRAC_ERM_COMP_TRANS Compare Transactions in Menu and Authorizations Search Role GRAC_ERM_COM_USR_RL Compare User Roles GRAC_ERM_EXPROLES
    GRAC_ERM_MAS_DER_REL Master to Derived Role Relationship GRAC_ERM_PERM_ROLES Permission in roles not in rules GRAC_ERM_PFCG_CHG_LG
    GRAC_ERM_RL_BY_GENDT Roles by Date of Generation GRAC_ERM_RL_USR_LINK Role Relationship with User / User Group GRAC_ERM_ROLE_OWNERS List role owenrs and assignment approvers GRAC_ERM_SIN_COMPRL Single to Composite Role Relationship GRAC_ERM_USRROLE_REL User Role Relationship GRAC_RISK_TERMINATOR Risk Terminator Report GRAC_SOD_ACCESS_DTL Access Rule Detail report GRAC_SOD_ACCESS_SUMM Access Rule Summary GRAC_SOD_ACT_ROLES Action in roles not in rules GRAC_SOD_CALLTRANS Embedded Action Calls in Programs of SAP systems GRAC_SOD_MITIGATION Mitigation Object Report for User, User Org, Role, Role Org, Profile, HR GRAC_SOD_MIT_CTL_REP Mitigation Control Report GRAC_SOD_RULESET_CMP Ruleset Comparison GRAC_SPM_AUDIT_LOG Audit GRAC_SPM_CHANGE_LOG Change Log Reporting GRAC_SPM_CONS_REPORT SPM Consolidated Reporting GRAC_SPM_FFLOG_SUM Firefighter Log Summary Log Reporting GRAC_SPM_INV_SUP_USR Invalid Super User Report GRAC_SPM_OSCMD_LOG OS Command GRAC_SPM_RSN_ACT_LOG Reason Code And Activity Log Reporting . GRAC_SPM_SOD_REPORT Firefighter SoD Conflict report GRAC_SPM_SYSTEM_LOG System Log Reporting GRAC_USER_RISK_VOIL User Risk Voilation report



    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Aug 07, 2020 at 10:34 AM


    I had the same question, the right answer is the following.

    1. Run the Tcode ST01 trace.

    2. Click on each report that you want to display only in NWBC

    3. Display the trace, here you will see the technical name of each report

    4. Into the object GRAC_REP, insert the technical name into the authorization field GRAC_REPID.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.