- SAP Community
- Products and Technology
- Additional Q&A
- GRC PC -You are not authorized to perform role ass...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
GRC PC -You are not authorized to perform role assignment on Control
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 06-19-2015 10:35 AM
Hello Gurus,
I am trying to assign a user as control tester and reviewer for controls for a particular sub-process but I am getting an error "You are not authorized to perform role assignment on Control (GRFN_ENTITY_API036). We have assigned the below roles to the user who is performing the activity as per GRC PC Security guide. I also tried after assigning role SAP_GRC_SPC_SOX_ICMAN and SAP_GRC_SPC_REG_ORG_OWNER_1 but this is not working.
| SAP_GRC_FN_BASE |
| SAP_GRC_FN_BUSINESS_USER |
| SAP_GRC_NWBC |
| SAP_GRC_SPC_CUSTOMIZING |
| SAP_GRC_SPC_SCHEDULER |
| SAP_GRC_SPC_SOX_CTL_OWNER |
We have entity based authorizations for GRC PC, so we cannot use GRFN_USER object with ACTVT =02 as this gives access to all organizations. In SPRO --> GRC --> General Settings --> Authorizations --> Maintain Entity Role Assignment, the role SAP_GRC_SPC_SOX_CTL_OWNER is mainatined under ORGUNIT entity.
Please help with the possible resolution for this.
Thanks,
GV
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Gaurav,
Not sure if this has been solved already or not, however I can suggest you the following. The authorization values which you have mentioned are the appropriate ones
GRFN_API
ACTVT: 01, 02, 03
GRC_DATPAT: ROLES & ROLES_PC
GRC_ENTITY: ORGUNIT
GRC_SUBTYP: *
Make sure that these values are also maintained in the role which you're assigning in the front end. In your case I think you are using SAP_GRC_SPC_SOX_CTL_OWNER under ORGUNIT however if you haven't modified the values of the standard role you will notice that this role only contains 03 activity for GRC_ENTITY:ORGUNIT so probably that is the issue.
Probably you can create a custom role based on the standard one, add one new node with the values mentioned, maintain it under SPRO and do the front end assignment; that should do the trick
Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- How to enhance the Focused Build Post-Cutover Activities in Technology Blogs by SAP
- Integrate SAP S/4HANA authorizations into SAP Datasphere in Technology Blogs by SAP
- End to end Configuration for Project Interest calculation in Financial Management Blogs by Members
- Securing Your Data with Data Access Controls in Datasphere in Technology Blogs by Members
- UI5 custom control input in Planning Calendar don't get focus in Technology Q&A
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.