SAP GRC - Authorization

SAP GRC Access Control uses UME roles to control the user authorization in the system. An administrator can use actions which represent the smallest entity of UME role that a user can use to build access rights.

One UME role can contain actions from one or more apppcations. You have to assign UME roles to users in User Management Engine (UME).

Authorization in UME

When a user does not have access to a certain tab, the tab will not display upon user logon when the user tries to access that tab. When a UME action for a tab is assigned to that particular user, only then he will be able to access that function.

All available standard UME actions for CC tabs can be found in the tab “Assigned Actions” of the Admin User.

UME Roles

You should create an administrator role and this role should be assigned to Superuser to perform SAP comppance capbrator related activities. There are various CC roles that can be created under SAP GRC Access control at the time of implementation −

CC.ReportingView

Description − Comppance Capbrator Display and Reporting

CC.RuleMaintenance

Description − Comppance Capbrator Rule Maintenance

CC.MitMaintenance

Description − Comppance Capbrator Mitigation Maintenance

CC.Administration

Description − Comppance Capbrator Administration and Basis Configuration

How to open User Maintenance Engine?

Using UME, you can perform various key activities under Access Control −

You can perform user and role maintenance

It can be used for user data source configuration

You can apply security settings and password rules

To open UME, you should use the following URL −

http://<hostname>:<port>/useradmin