Maintain Authorizations for Application Links
In this Customizing activity, you maintain menu authorization of all Governance, Risk, and Compliance (GRC) applications. The autorizations are then used in SAP NetWeaver Portal (portal) or in the NetWever Business Client (NWBC).
Menu items represent individual navigation links. The text is used for reference and to provide an indication about the purpose of the application. Each menu item must belong to at least one or more of the application components listed below:
- FN, which is the common component used for all GRC
- Process Control (PC)
- Risk Management (RM)
- Access Control (AC)
The application displays the group items and menu items in accordance with the authorizations granted by the user role. For example, if the user role is not authorized to view any objects and entities in a group, the application will also not display the related menu item.
Note: If you are upgrading from Process Control 3.0, you can use the delivered BC Set for this Customizing activity. For more information, see the SAP GRC Process Control 10.0 Upgrade Guide.
You have maintained each menu item ID in Web Dynpro and in Launchpad Customizing.
To customize the authorizations, perform the following steps:
1. Choose the New Entries pushbutton and enter a menu item ID. This is the referenced text for the application item.
2. Choose the required Authorization Mode from the following:
3. Choose the Entity Evaluation. You can specify if the item can be enabled by providing authorization only for one entity or object, or if it is necessary to provide authorization for all entities and objects. If no entity or object is defined for the item, then the item is always displayed.
4. Choose the Authorization Class.
5. Choose the Logical Operation to provide an additional authorization check.
You can use an exit class for the ABAP code-based authorization check for a menu item. To do this, follow the requirements listed below:
- Use the interface IF_GRFN_MENU_ITEM_AUTH.
- The interface contains the method IS_AUTHORIZED. The method has the following parameters:
- IO_SESSION type, referring to class CL_GRFN_API_SESSION
- IV_REGULATION of type GRFN_REGULATION
- IS_ITEM of type GRFN_S_API_MENU_ITEM
- EV_AUTHORIZED of type GRFN_BOOLEAN.
The results from the exit class can be combined with the entity-level and if required with PFCG authorization by specifying the type of operation (NO, AND, OR). You can make the required selection and save your data.
6. If you want the authorization to be evaluated by all regulations, then select the Regulation Relevence checkbox. That is if one of the regulations is authorized, the menu item is shown.
7. Choose Used in Application Components.
8. Choose the New Entries pushbuttonand select the menu items that you created.
9. Select one of the application components used in the application. In field Application Component, select whether you want to customize the entire GRC, or select the required components from the following: PC, RM, and AC.
10. If the authorization for the application is evaluated by Entity-Level Authorization or Entity-Level and PFCG Authorization, then do the following:
a) Choose Authorized Entities.
b) Choose the New Entries pushbutton and select one of the menu items you created.
c) Select an entity from the dropdown list to be used with the selected menu item.
d) Save your entry.
Proceed in the same manner with all other menu items.
Eskom Configuration: Not used