Page tree
Skip to end of metadata
Go to start of metadata

AC 10.0 Role Import


The Purpose of this document is to explain the functionality of Role Import in GRC Business Role Management 10.0.This provides various configuration steps for importing the Role and tells you the points to remember to avoid errors and issues 


We can import the Role either from Backend system or through a file by placing it on server or desktop which can be downloaded from backend system. There are various steps included in the process of Role Import.

I. Role Definition

The Role Import in BRM is divided into the two parts which is together known as Import Source:

Role Attribute Source : It is further divided in three ways:

  • User inputs – User can manually fill all the relevant values in the Attribute fields.
  • File on Server -  User can upload the Attribute file from the server by giving its location
  • File On Desktop – User can upload the Attribute file from the Desktop specifying its location.  

You can download the Template from the below template links to maintain the Role Attributes

Role Authorization Source

  • Backend System : You can choose this option to bring the Authorizations from the Backend system.
  • File on Server : Role files can be downloaded from Backend system through a program /GRCPI/AC_ROLE_DNLD and then file can be placed anywhere on the desktop                           
  • File on Desktop : Role files can be downloaded from Backend system through a program /GRCPI/AC_ROLE_DNLD and then file can be placed anywhere on the desktop.

Definition Criteria

  • Application Type: It should be selected as SAP. If you are creating a Business Role, then it must be selected as Business Role.
  • Landscape:  This should be selected as the connector group name and in case of a Business Role, select it as ‘Role Management Business Groups’
  • Overwriting Existing Roles: This option overwrites the roles already existing in the system if this selected as ‘Yes’. If you do not want to overwrite the Roles, select it as No.  

Role Selection Criteria:

  • Source System*:* System name from where the Role will be fetched.
  • Role Updated After: Specify a date after which the Role was updated.
  • All Roles except SAP Predefined Roles: Tick the check box if you want to import all the Roles into BRM except SAP Predefined Roles.
  • Role From and Role To: Specify a range in between the Roles should be fetched.
  • Methodology Status: This is important because this will decide whether the Role will be imported as ‘Complete’ or ‘Initial’.

II. Select Role Data

  • Select Role Attribute Source as User Defined Attributes
  • Critical Level: Select the level of Role in terms of Low, Medium, High
  • Project Release: This is the Mandatory field. Select the Project Release from the drop down list which is maintained in SPRO
  • Role Status:  Select the Status as Development or Production. It is important to set the status of the Role as ‘Production’, to use it in the Request
  • Business Process and Sub process: These are mandatory fields which define the Business Area of the Role where it lies
  • Owners/Approvers: Here we can add the owner or Approver, who will be responsible for the approval of this Role. This will be required while performing the Risk Analysis when the analysis results will be sent.
  • Similarly we can add Functional Area, Company and Custom Fields 

III. Review

Here we can review the Roles before they are imported them into BRM. This will help us to verify the Roles.

We have three options:

  • No Preview: We can select this option to skip the preview of Roles.
  • Preview all Roles:  This allow you to preview all the Roles which are going to be imported
  • Preview Subset of Roles: This allows you to see the sub set of the Roles. 

IV. Schedule

  • Foreground: Once you tick this option, it will fill up all relevant data.
  • Background: A job will be scheduled in the background mode to import the Roles.

Importing Composite Roles

Make sure that Single Roles contained in the Composite Roles are Imported before the Composite Roles.

And, Authorization sync job is already run for that connector for which you are importing the Roles. Otherwise it gives an error message ‘’Composite Roles relation attribute and Authorization do not match.”


Role Import repository of BRM is a separate store and is not same as AC Repository which is separated by sync program

Role Repository – It is used for Role Building which could be at any point of Role build phase and this does not sync with Backend system.

AC Repository --   It is a master data for real Productive Roles.

  • If you use Sync programs, it updates AC Repository
  • If you want Role Repository to be in sync then re-import the roles.
  • Risk Analysis is done from the AC Repository and is updated via Sync jobs and ‘Sync with PFCG’ will import the current backend Auths

** GRAC_ROLE_MASS_IMPORT is only for migration of AC 5.3 to AC 10.0. This is not used for importing the Roles in the GRC box.


Related Content

Related Documents

Related Notes

1583621 Role import profile name

1751140   Performance issue for mass role import using background option

 1743842 AC10: Role Import ends with error 'Invalid Functional Area'