Use

In this Customizing activity, you maintain menu authorization of all Governance, Risk, and Compliance (GRC) applications. The authorizations are then used in SAP NetWeaver Portal (portal) or in the NetWever Business Client (NWBC).

Menu items represent individual navigation links. The text is used for reference and to provide an indication about the purpose of the application. Each menu item must belong to at least one or more of the application components listed below:

• FN, which is the common component used for all GRC
• Process Control (PC)
• Risk Management (RM)
• Access Control (AC)

The application displays the group items and menu items in accordance with the authorizations granted by the user role. For example, if the user role is not authorized to view any objects and entities in a group, the application will also not display the related menu item.

Note: If you are upgrading from Process Control 3.0, you can use the delivered BC Set for this Customizing activity. For more information, see the SAP GRC Process Control 10.0 Upgrade Guide.

Requirements

You have maintained each menu item ID in Web Dynpro and in Launchpad Customizing.

Standard settings

Activities

To customize the authorizations, perform the following steps:

1. Choose the New Entries pushbutton and enter a menu item ID. This is the referenced text for the application item.
2. Choose the required Authorization Mode from the following:
• Entity-Level Authorization Check
• PFCG Authorization Check
• Entity-Level and PFCG Authorization Check
3. Choose the Entity Evaluation. You can specify if the item can be enabled by providing authorization only for one entity or object, or if it is necessary to provide authorization for all entities and objects. If no entity or object is defined for the item, then the item is always displayed.
4. Choose the Authorization Class.
5. Choose the Logical Operation to provide an additional authorization check.
   You can use an exit class for the ABAP code-based authorization check for a menu item. To do this, follow the requirements listed below:

• Use the interface IF_GRFN_MENU_ITEM_AUTH.
• The interface contains the method IS_AUTHORIZED. The method has the following parameters:

        Importing Parameters

• IO_SESSION type, referring to class CL_GRFN_API_SESSION
• IV_REGULATION of type GRFN_REGULATION
• IS_ITEM of type GRFN_S_API_MENU_ITEM
• IT_ITEM_APP_COMP

        Exporting Parameters

• EV_AUTHORIZED of type GRFN_BOOLEAN.

• The results from the exit class can be combined with the entity-level and if required with PFCG authorization by specifying the type of operation (NO, AND, OR). You can make the required selection and save your data.

1. If you want the authorization to be evaluated by all regulations, then select the Regulation Relevence checkbox. That is if one of the regulations is authorized, the menu item is shown.
2. Choose Used in Application Components.
3. Choose the New Entries pushbutton and select the menu items that you created.
4. Select one of the application components used in the application. In field Application Component, select whether you want to customize the entire GRC, or select the required components from the following: PC, RM, and AC.
5. If the authorization for the application is evaluated by Entity-Level Authorization or Entity-Level and PFCG Authorization, then do the following:
1. Choose Authorized Entities.
2. Choose the New Entries pushbutton and select one of the menu items you created.
3. Select an entity from the dropdown list to be used with the selected menu item.
4. Save your entry.

Proceed in the same manner with all other menu items.

Example