SAP GRC Authorization Object Names

Object Description
1 GRAC_ACTN This object grants the authorization to perform different actions.
2 GRAC_ALERT This object allows you to generate, clean up, and create alerts.
3 GRAC_ASIGN The object allows you to assign owner types to firefighter IDs.
The object allows you to create, read, update, and delete business
4 GRAC_BPROC
processes, and to assign business processes to risks and functions.
5 GRAC_BGJOB The object allows you to execute background jobs.
6 GRAC_CGRP This object allows to maintain an Access Control Custom Group.
The object allows you to create, read, update, and delete SoD critical
7 GRAC_CPROF
profiles.
The object allows you to create, read, update, and delete SoD critical
8 GRAC_CROLE
roles.
The object allows you to restrict activities based on the following
attributes: cost center, department, company, location. You use this
9 GRAC_EMPLY
object to maintain authorization for attributes not in the in the
GRAC_USER object.
The object allows you to restrict FFID or FFROLE based on system user ID,
10 GRAC_FFOBJ
system, or activity.
The object allows you to create, read, update, and delete FFID owners
11 GRAC_FFOWN
based on the owner type, user ID, or system ID.
The object allows you to maintain authorizations for the SoD function
12 GRAC_FUNC based on the following attributes: activity, function ID, action (SOD
transaction), and permission.
The object allows you to restrict activities for the HR object based on
13 GRAC_HROBJ
specific attributes: activity, connector ID, HR object type, HR object ID.
14 GRAC_MITC The object allows you to maintain mitigation controls.

15 GRAC_ORGRL The object allows you to maintain SoD organization rules.

16 GRAC_OUNIT The object allows you to maintain org units for access control.

17 GRAC_OWNER The object allows you to maintain owners in access control.

18 GRAC_PROF The object allows you to maintain the SoD profile.

The object allows you to perform risk analysis. You can specify if the user
19 GRAC_RA has authorizations to only execute risk analysis, or has administrator
rights.
20 GRAC_RCODE The object allows you to maintain the reason code.

21 GRAC_REP The object allows you to excute all reports.

22 GRAC_REQ The object allows you to maintain access requests.
23 GRAC_RISK The object allows you to maintain SoD access risk.
24 GRAC_RLMM The object allows you to perform role mass maintenance.

WWW.SAPBUDDY.COM
 This object allows you to enforce authorizations for accessing roles
25 GRAC_ROLED
during role definition.
26 GRAC_ROLEP This object allows you to control which roles a user can request.
27 GRAC_ROLER This object allows you to perform role risk analysis.
28 GRAC_RSET The object allows you to create, read, update, and delete SoD rule sets.
The object allows you to create, read, update, and delete SoD
29 GRAC_SUPP
supplementary rules.
The object allows you authorize access to specific connectors or systems
30 GRAC_SYS
based on application type and system ID.
31 GRAC_SYSTM This object allows system level access to Access Control.
The object allows you to restrict activities based on the following
32 GRAC_USER
attributes: user group, user ID, connector, user group, orgunit.
This object allows you to access connectors in CCITS (the GRC integration
33 GRFN_CONN
engine).

WWW.SAPBUDDY.COM