Hierarchy
GRCFND_A (Software Component) GRC Foundation ABAP⤷
GRC-SPC (Application Component) Process Controls⤷
GRPC_CUSTOMIZING (Package) Customizing
IMG Activity
| ID | GRFN_MAINAUTHSET | Maintain Authorization Customizing |
| Transaction Code | S_GR4_71000043 | (empty) |
| Created on | 20081202 | |
| Customizing Attributes | GRFN_MAINAUTHSET | Maintain Authorization Customizing |
| Customizing Activity | GRFN_MAINAUTHSET | Maintain Authorization Customizing |
Document
| Document Class | SIMG | Hypertext: Object Class - Class to which a document belongs. |
| Document Name | GRFN_MAINAUTHSETTINGS |
Use
In this Customizing activity, you can activate or deactivate second-level authorizations, the use of shared memory for role definitions in Risk Management and Process Control, and the role inheritance function.
Second-Level Authorizations
- If the second-level authorizations setting is active, the user selection for entity-level role assignments is restricted to users who have been assigned the corresponding PFCG role in their user profile.
- If the second-level authorizations setting is deactivated, the user selection for entity-level role assignments is enabled for all users who have been assigned the SAP_GRC_SPC_BUSINESS_USER PFCG role to their user profile.
Role Inheritance for Organizations
By activating the role inheritance for organizations, you can specify that authorizations are to be passed on to lower levels of the organization. Note that setting this checkmark activates the role inheritance for all roles in the organization used by Process Control and Risk Management.
User-Shared Memory for Role Definitions
For performance reasons, you can activate the use of shared memory for role definitions. This stores the definitions of the modeled roles in the shared memory and will improve performance.
However, be aware that the changes in role definitions - made using transaction PFCG - are then not immediately and automatically reflected in a shared memory. For this reason, consider using this option only for your production environment (not in your development and test environments).
Note: You can display the updated role data and see whether the role definitions are up to date by running the refresh report GRFN_SHM_ROLE _CHECK..
Requirements
Second-Level Authorizations
- The individual roles must be created and maintained with transaction PFCG.
- Users that are assigned to roles via user-role assignment must first have the corresponding PFCG-modeled role assigned to their user profile if second-level authorizations are active.
Standard settings
In the SAP standard delivery, second-level authorizations and use of shared memory for role definitions are deactivated.
Activities
- Select the Active flag to activate one or several of the options.
- Clear the Active flag to deactivate one or several of the options.
Example
Business Attributes
| ASAP Roadmap ID | 201 | Make global settings |
| Mandatory / Optional | 2 | Optional activity |
| Critical / Non-Critical | 2 | Non-critical |
| Country-Dependency | A | Valid for all countries |
Maintenance Objects
| Maintenance object type | C | Customizing Object |
| Assigned objects | ||||||
|---|---|---|---|---|---|---|
| Customizing Object | Object Type | Transaction Code | Sub-object | Do not Summarize | Skip Subset Dialog Box | Description for multiple selections |
| GRFNAUTHCUSTVCM | V - View | SM30 |
History
| Last changed by/on | SAP | 20100615 |
| SAP Release Created in | 300 |
