Delivered Roles

Feature Role Name Description

All AC SAP_GRAC_ALL Super administrator for Access Control.

Note
You must assign this role to the WF-BATCH
user.

All AC SAP_GRAC_BASE Gives basic authorizations required for all AC

users. You must assign this role to all AC
users.

All AC SAP_GRAC_REPORTS Ability to run all AC reports and have the

display access for all drill-downs.

All AC SAP_GRAC_NWBC Gives the authorizations to launch NWBC.

You must assign this role to all AC users.

All AC SAP_GRAC_SETUP Gives authorizations to set up and customize

AC.

All AC SAP_GRAC_DISPLAY_ALL Gives display-only access to all master data

and application data.

Role management SAP_GRAC_ROLE_MGMT_USER Role management business user

Role management SAP_GRAC_ROLE_MGMT_DESIGNER Role management designer

Role management SAP_GRAC_ROLE_MGMT_ROLE_OWNER The Role Management role owner

Access request SAP_GRAC_ACCESS_REQUESTER The role for the access request end user

Access request SAP_GRAC_ACCESS_APPROVER The role for the access request approver

Access request SAP_GRAC_ACCESS_REQUEST_ADMIN The role for the access request administrator

Emergency Access management SAP_GRAC_SUPER_USER_MGMT_ADMI Emergency Access management

N administrator for centralized firefighting

Emergency Access management SAP_GRAC_SUPER_USER_MGMT_OWNE Emergency Access management owner

R

Emergency Access management SAP_GRAC_SUPER_USER_MGMT_CNTL Emergency Access management controller

R

Emergency Access management SAP_GRAC_SUPER_USER_MGMT_USER Emergency Access management firefighter

for centralized firefighting

Emergency Access management SAP_GRIA_SUPER_USER_MGMT_ADMI Emergency Access management

N administrator for plug-in firefighting

Emergency Access management SAP_GRIA_SUPER_USER_MGMT_USER Emergency Access management firefighter

for plug-in firefighting

Access risk analysis SAP_GRAC_RULE_SETUP This role has the authorization to define
access rules

Access risk analysis SAP_GRAC_RISK_ANALYSIS This role has the authorization to perform
access risk analysis
Access risk analysis SAP_GRAC_ALERTS This role has the authorization to generate,
clear and delete access risk alerts

Access risk analysis SAP_GRAC_CONTROL_OWNER This role has the authorization to create
mitigating controls.

Access risk analysis SAP_GRAC_RISK_OWNER This role has the authorization to run access
risk maintenance and access risk analysis.

Access risk analysis SAP_GRAC_CONTROL_MONITOR This role has the authorization to run risk
analysis, mitigating control assignment, and
assign mitigating controls to an access risk.

Access risk analysis SAP_GRAC_CONTROL_APPROVER This role is used for control and control
assignments. It has the authorization to run
risk analysis, mitigating control assignment,
and workflow approval for access risk alerts.

Access risk analysis SAP_GRAC_FUNCTION_APPROVER This role is the delivered agent for workflow
in access control. It has authorization to
approve, create, read, update, and delete
workflow requests.

Workflow SAP_GRC_MSMP_WF_ADMIN_ALL Administrator role for MSMP workflows

Workflow SAP_GRC_MSMP_WF_CONFIG_ALL Configurator role for MSMP workflows