Академический Документы
Профессиональный Документы
Культура Документы
0 | SAP Blogs
Products
Products Industries
Industries Support
Support Training
Training Community
Community Developer
Developer Partner
Partner
About
About
Home / Community / Blogs + Actions
Former Member
Retagging required
governance risk and compliance sap grc
share
0 share
0 tweet share
0
Follow RSS
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 1/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
When a new user is being created in the target system, all users of that
system might require few common user defaults like Logon Language, Time
Zone, Decimal Notation, Date Format, Parameters etc. Hence when a user is
getting created through GRC, based on the request type these user defaults
can be assigned to the users.
By including user defaults as part of request type (mostly New Account), user
gets created with required user defaults in the target system.
Important SAP notes regarding User Defaults to refer before con guring
User Defaults:
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 2/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
Step 2: Go to SPRO -> IMG -> GRC -> Access Control -> User Provisioning -
> Maintain User Defaults
Define User defaults for different connectors connected to your GRC system.
One example as shown below:
You can assign default User Group and default Parameters based on the
connector by using options “Set the User Group” and “Set Parameter ID” in
the above screen as per your requirement.
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 3/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
Once you define the User Defaults as mentioned above and save it, a unique
“Default-Id” gets created as shown below. This is the User Default Id which will
be used in BRF+ decision table while configuring User Defaults.
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 4/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 5/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 6/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
Now map the BRF+ Application for user defaults under the IMG configuration
shown below:
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 7/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
Step 4: Add Decision Table and Loop expression to BRF+ User Defaults
function as shown below:
Loop: For using “System” as one of the fields in se ng the condi ons for User
Defaults, SAP suggested for implemen ng a LOOP in BRF+ Rule. This might be
needed since “System” field is not available under Request Header a ributes,
rather it is available as Role A ributes which are called as line-item fields while
calling the BRF Rule. So, in such cases LOOP is a suggested solu on, rather than
using the Decision Table directly. Though within the LOOP, we can s ll call the
Decision Table or implement IF/ELSE condi ons.
Step 1:
Change the Mode of the BRF+ User Defaults Function from “Functional and Event
Mode” to “Event Mode”
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 8/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
Now click on “Assigned Rule sets” tab in Function and click on “Create Ruleset”
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 9/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
Ruleset gets created as shown below. Now click on the Ruleset and navigate to
Ruleset screen
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 10/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 11/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
In the Rules screen, fill in the role description and click on “Add” button and select
the options as shown below
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 12/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
Once the above step is completed LOOP is created. Now navigate to LOOP by
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 13/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
Once you click on “Create Rule”, you will get the below screen.
Select the decision table as you want to LOOP on the entries in your
decision table. Once done click on “OK” bu on.
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 14/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 15/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
Once all above things are done, activate the Decision table, Loop, Ruleset,
Function and Application.
Step 5: Now Create an Access request to test the User defaults and once the
User is created please cross check the User Defaults in SU01 to check if
everything is fine. If all the above steps are followed properly, User defaults
will get updated properly as below in SU01.
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 16/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
Reference Links:
http://wiki.scn.sap.com/wiki/display/GRC/Setting+up+User+Defaults
Alert Moderator
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 17/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
23 Comments
You must be Logged on to comment or reply to a post.
Former Member
Hi Madhu.
Hi Sara,
As far as I know few actions like Sending Mail, Starting ABAP workflows etc
can be done from BRF+. I am not sure whether role assignment can be
done through an action in BRF+
Regards,
Madhu.
Former Member
Hi Madhu,
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 18/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
Really nice document. We were going up and down with the loop implementation
Your document helped!!!
Thanks
Sammukh
Former Member
Hi Madhu,
Can you please help on detailed steps to create Rules under Loop expression. Your
screenshot is at very high level and i’m facing hard time to get these rules created under
loop.
loop.JPG
Regards,
Yuvaraj
Former Member
Hi Madhu,
This is a great document and it might address the issue we’re trying to solve.
Please note in this screenshot the field User Group. All we want to do is to have this be
retrieved from our user data source, instead of from the target system.
Capture.PNG
Thanks,
Santosh
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 19/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
Former Member
Helpful document!
/wp-content/uploads/2015/01/loop_1_633271.jpg
next
/wp-content/uploads/2015/01/loop_2_633296.jpg
next
next
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 20/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
next
/wp-content/uploads/2015/01/loop_5_633299.jpg
next
/wp-content/uploads/2015/01/loop_6_633300.jpg
/wp-content/uploads/2015/01/loop_7_633301.jpg
Former Member
Hi Madhu,
Really appreciate your generosity in sharing this document. But could you also let know,
how to include values(create rules), as shown in loop and Ruleset.
Regards
Plaban
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 21/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
Hi Plaban,
Please check comment prior to you where George has posted the
screenshots which i didn’t mention in blog. I will update the blog with
missing screenshots but for time being you can follow as mentioned by
George
Regards,
Madhu.
Former Member
Hello Madhu,
Hope you are doing good. Thanks a lot for all the time you are
investing to share tons on knowledge on GRC AC 10.0
Thanks in advance.
Regards,
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 22/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
Deepak M
Hi Deepak,
Regards,
Madhu.
Former Member
Hello Madhu,
Regards,
Deepak M
Former Member
Hi Madhu,
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 23/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
i tried, but could not understand. So, could you please clarify
my doubt:
/wp-content/uploads/2015/05/as_696993.png
Regards
Plaban
Former Member
Hi Madhu,
Using the above concept i was able to achieve User defaults for 3 test connectors.
How is this possible when there are 15 different time zones(so 15 User default Ids) and
44 different connectors?
Do we need to maintain 15 X 44 = 660 entries at both places i) SPRO –>GRC –> AC –>
User Provisioning–> User defaults
I see that we can have asterix(*) in Connector column in Decision table but not in SPRO.
Please advise.
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 24/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
Regards
Sri
Former Member
Regards,
Venu
Former Member
I need the user group in user system details tab given in ARM request to be reflected in
SU01 after provisioning, not the usergroup maintained in the Userdefaults in SPRO for that
connector. How can i proceed on this,?
Kind regards,
Trilok Kola
Former Member
FYI…
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 25/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
I maintained… 15 X 44 = 660 entries at both places i) SPRO –>GRC –> AC –> User Provisioning–>
User defaults
Thanks Madhu
Former Member
Hi Madhu,
I am a new learner and getting it tough to implement the rule set and loop part?
Former Member
FYI.
Learned today from sap support that desired outcome is not working when CUA is used
and where note 1983814 thus is relevant. (Tested on 10.1 SP6)
SAP support is now in the process of deciding whether this is ‘as designed’ or ‘to be
fixed’.
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 26/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
Rgds,
George
——————————————————————————————————-
CUA_USER_DEFAULTS_PER_ROLE.jpg
and
2_CUA_USER_DEFAULTS_PER_ROLE.jpg
I just hoped 10.1 architectured classes would cover this requirement, which is not that
exotic I feel. But hey, nobody is perfect so I’ll open an SAP influence request for this that
you may want to vote on. (remember: Don’t vote = Don’t complain
https://ideas.sap.com/D30205?status_id_filter=335897B6-05D7-4568-8804-
3F55E3B39025¤t_tab=Recent&row_num=1&getparameters=1
Cheers,
George
Jeanne Grimes
I have a question as well. When adding the user defaults master data through SPRO; is
there a way to do a mass change or upload? I have 50 systems being provisioned from
GRC and one of the user defaults is based on the user’s country so I have a lot of
entries that need to be added.
Kevin Tucholke
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 27/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
Jeanne: I don’t know of a mass upload, but you can copy. Please see note
2203962 before you do this as there was an issue in the number
incrementation for them.
Kevin Tucholke
Former Member
Hi Jeanne
I used GUI scripting to maintain 660 Userdefault IDs and associated user default entries
to table GRACUSERDEFAULT (SPRO –>GRC –> AC –> User Provisioning–> User
defaults).
Each system have 15 user defaults ids(one for each Time zone) and had 44 connectors
and based on the company code(location of the company) of the employee the
respective user defaults get assigned to the user.
Former Member
Dear experts,
I am having some issues regarding to steps in this document. I would really appreciate if
one of the experts could help me.
Secondly, I could not see status and execution tabs under function
“USER_DEFAULT_FUNCTION”
my loop as follows;
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 28/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
Former Member
Hi Madhu ,
This is a good article on how to achieve the user group provisioning using GRC and
really helps in understanding the concept of looping and ruleset too.
I do have one query though, I executed all the steps as mentioned but still the user
groups are not getting provisioned, whereas the normal Access request is going
through and user created.
Created user defaults ( group) for each connector and generated the default ID.
Ensured Request type ‘Create user’ has ‘User defaults’ mentioned in its actions.
Ensured that the ‘User Defaults’ Application ID is mapped to the access req. process
ID.
Created a decision table providing the output to User_default_ID associated with the
application. Our logic is based on Business process and Sub process selections
(Decision table simulations are providing us with as expected results).
Created loop for condition to process multiple line items that maybe part of a request –
We do have multiple systems provisioning through a single request.
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 29/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
Created Ruleset with the rule to change USER_DEFAULT_ID after processing the
loop… also ensured that the function has the ruleset associated and the result data
object mentioned.
——————————-
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 30/31
28/05/2018 User Defaults – GRC 10.0 | SAP Blogs
———————————
Please advise.
Regards,
Akhil
https://blogs.sap.com/2014/10/07/user-defaults-grc-100/ 31/31