SAP GRC 10.0/10.1/12.0 – Automated Assignment of User Defaults & Parameters
Purpose of User Defaults:
When a new user is being created in the target system, all users of that system might require few common user defaults like Logon Language, Time Zone, Decimal Notation, Date Format, Parameters etc. Hence when a user is getting created through GRC, based on the request type these user defaults can be assigned to the users.
By including user defaults as part of request type (mostly New Account), user gets created with required user defaults in the target system.
Important SAP notes regarding User Defaults to refer before configuring User Defaults:
Steps to Implement User Defaults:
Step 1: Maintain “User Defaults “action as part of your Request Type. My Request Type 36 is for “New Account” and I have assigned “User Defaults” as shown below.
SPRO =>Governance, Risk and Compliance =>Access Control =>User Provisioning =>Define Request Type
Step 2: Go to SPRO -> IMG -> GRC -> Access Control -> User Provisioning -> Maintain User Defaults
Define User defaults for different connectors connected to your GRC system. One example as shown below:
You can assign default User Group and default Parameters based on the connector by using options “Set the User Group” and “Set Parameter ID” in the above screen as per your requirement.
Now map the BRF+ Application for user defaults under the IMG configuration shown below:
Go to IMG->Governance, Risk and Compliance->Access Control->Maintain AC Applications and BRFPlus Function Mapping
Step 4: Add Decision Table and Loop expression to BRF+ User Defaults function as shown below:
Decision Table: In the decision table maintain entries as shown below
Loop: For using “System” as one of the fields in setting the conditions for User Defaults, SAP suggested for implementing a LOOP in BRF+ Rule. This might be needed since “System” field is not available under Request Header attributes, rather it is available as Role Attributes which are called as line-item fields while calling the BRF Rule. So, in such cases LOOP is a suggested solution, rather than using the Decision Table directly. Though within the LOOP, we can still call the Decision Table or implement IF/ELSE conditions.
Now click on “Assigned Rule sets” tab in Function and click on “Create Ruleset”
Ruleset gets created as shown below. Now click on the Ruleset and navigate to Ruleset screen
Click on “Insert Rule” and select “Create” option as shown below
In the Rules screen, fill in the role description and click on “Add” button and select the options as shown below
Once the above step is completed LOOP is created. Now navigate to LOOP by clicking on LOOP_CONNECTOR_ITEMS and you will see below screen.
Once you click on “Create Rule”, you will get the below screen.
Select the decision table as you want to LOOP on the entries in your decision table. Once done click on “OK” button.
Once all above things are done, activate the Decision table, Loop, Ruleset, Function and Application.
Step 5: Now Create an Access request to test the User defaults and once the User is created please cross check the User Defaults in SU01 to check if everything is fine. If all the above steps are followed properly, User defaults will get updated properly as below in SU01.
Reference Links: http://wiki.scn.sap.com/wiki/display/GRC/Setting+up+User+Defaults