Role Maintenance

Use

The application provides a standardized and centralized framework to design, test, and maintain roles. The basic role maintenance process, used by most system and security administrators, involves the steps described below.

Maintaining and Changing Role Settings

The process described is an end-to-end process for creating roles. Once you have created a role, you can use the Go to Phase button to go directly to a stage and change the information. For example, to change the authorizations, open the role and go to the Maintain Authorization phase.

When you change a business role, for example, by adding or deleting a technical role, any users who are assigned to that business role are automatically notified of those changes via e-mail after you click Update Assignment.

We deliver a template that you can use for the notifications. You can also create your own custom template for user notifications in Customizing under Start of the navigation path SAP Reference IMG Next navigation step Governance, Risk, and Compliance Access Control Workflow for Access Control Maintain Customer Notification Messages End of the navigation path .

Prerequisites

Outside the application, you have identified your business needs, and evaluated your approach for managing roles.
In the application, you have maintained the role methodology process and steps by:
- Completing the activities in the Customizing activity Define Methodology Processes and Steps, under Governance, Risk, and Compliance Access Control Role Management
- Activating the business configuration (BC) set for Role Management Methodology Process and Steps

Process

Role Maintenance consists of the following procedures:

Defining roles
Maintaining authorizations
Deriving roles
Analyzing access risks
Approving roles
Generating roles
Maintaining test cases