Page tree
Skip to end of metadata
Go to start of metadata

Purpose

This document explains the usability of Delegation in SAP GRC application. GRC Process Control and GRC Access Control has different usage of delegation which is explain in detailed in below document.

Overview

Central Delegation’ & ‘Admin Delegation’ functionality of GRC 10.0/10.1 is used to delegate the responsibilities of one user to another user. User whose responsibilities are delegated is called ‘Delegator’ and user who is taking the additional responsibilities is called as ‘Delegate’.

Using this feature of GRC, User (the Delegate) can be authorized to perform the task of other user (the Delegator).

This feature behaves differently in both the applications (GRC Access Control and GRC Process Control). In Process Control, User (the Delegate) will be able to see complete Work Inbox of other User (the Delegator). In Access Control, User (the Delegate) will be able to see his own Work Inbox plus Requests of other User (the Delegator).  Below 2 sections of this document explains the configuration and usage of GRC Process Control Delegation and GRC Access Control Delegation.

Section 1 - ‘Central Delegation’ of GRC Process Control

Using the below path, we can open Central Delegation window. Go to NWBC è Access Management è Choose GRC Role Assignments è Central Delegation.

 

This window shows all the existing delegations data. Using this window, new delegations can be created, existing delegations can be opened and existing delegations can be deleted.

 

Once you create a new entry, system asks for Delegator, Delegate and validity.

 

Once we save the data and authorize a user (the Delegate) to perform task on behalf of other user (the Delegator), user (the Delegate) is eligible/authorize to see the INBOX of Delegator for that particular period.

User (the Delegate) can click on ‘Change Delegation’ from home page of GRC from NWBC/Portal and click the check box ‘All sessions closed’.

 

 

Now user (the Delegate) can choose the other user (the Delegator), on behalf he is going to perform the work.

Once user (the Delegate) save the information after choosing the right user (the Delegator), Work Inbox would be replaced with Delegator’s Task. Now if user (the Delegate) opens his own Work Inbox, he will get the list of all the Delegator’s task only.

 

Note:- Before this delegation happened, user (the Delegate) was able to see only his tasks.

 

Note:- If user (the Delegate) needs to see his own Tasks in Work Inbox, he needs to change the delegation back to  ‘Own Behalf’ in Change Delegation window as shown below.

Section 2.1 :- Approver Delegation of GRC Access Control

Using the below path, we can open Approver Delegation window. Go to NWBC è My Home è My Delegations è Approver Delegation.

 

This window shows all the existing delegations data of user (the delegator). Using this window, user (the delegator) can create new delegations, set the active/inactive status of existing assignments and delete the existing delegations data.

                       

Valid To and Status field are the key fields which get considered at the time of deciding whether new Access Request going to user’s (the delegator) inbox, should also go to other user’s (the delegate) inbox.

 

In Access control, this feature enables user (the delegator) to delegate his/her responsibilities to other user (the delegate) for a specific time. If this delegation is enabled / active, all the New Access Requests which are coming into delegator’s inbox will also go to delegate’s inbox. Both the users (delegator & delegate) can approve / reject the request from their own work inbox.

 

In Access Control application, user (the delegate) can see his own work items in work inbox plus the newly coming Access Requests of delegator. User (the delegate) would not able to access work inbox of delegator, like it works in Process Control. Only new Access Request which is coming into delegator’s inbox would also go to delegate’s inbox.

Section 2.2 :- Admin Delegation of GRC Access Control

Admin Delegation feature of GRC Access Control works like Approver Delegation. In this case, GRC Admin has the authorizations to delegate the responsibility of delegators to the other user based upon the business requirements. Delegating the responsibilities of one user in his absence to other user would be a best business case of admin delegation.

Using Admin Delegation, GRC Admin can add/delete/modify the delegations for GRC Access Control application.

Note:- All the new Access Request will also go to the user(the delegate) inbox after maintaining the delegation records. There is no action taken on old Access Request. All the old Access Request which are in Delegator’s inbox would remain in Delegator’s inbox.

 

  • No labels