Page tree
Skip to end of metadata
Go to start of metadata


This document explains the steps on how to create a Business Rule Framework (BRF+) Rule for using in Condition Groups in Role Management for routing the Approver during the Role Creation process.


While creating the Roles in GRC 10.0 via Role Management, we have the capability to define the rules for the application to determine the Role Content Approver during the Approval phase.

Similar to the version 5.3, in GRC 10.0, we have the provision to define the Condition Groups in GRC so that the application can determine the Role Approvers based on a certain set of conditions to which the Condition Group would be mapped. You can build the conditioning on the basis of various Role Attributes, available as a Context Structure while defining the BRF+ Rule.

Please note, you have to create a BRF+ rule from within the SPRO and within the GRC node in order for the BRF rule to pull the Context Attributes/Parameters related to Role Management.

NOTE: You also have the capability to define the Methodology based on the Condition Groups conditions from the BRFplus rule. This document only covers the Condition based Approver.

Steps to build the BRF Rule

You have to generate the BRF Rule via Transaction SPRO in GRC system. Follow the below steps in your GRC system.

Run the transaction SPRO, Goto Governance, Risk and Compliance =>Access Control =>Role Management. Further you find the option for generating the BRF Rule related to Role Management areas. Follow the screen capture below:

Maintain the field values as shown in next screen. You can use any relevant names in these fields.

Click Execute or Press F8. This now generates a successful message for BRFplus Rule with name and ID.

Copy this Rule ID for use in BRF+ screen which opens in the browser.

Now run the transaction BRF+ in the GRC system to get to the BRF+ screen in browser.

Navigate to the Menu, Workbench =>Open Object and enter the Rule ID (alphanumeric code) copied as above and press “Show”.

Next screen opens the BRF+ Rule you have created.

Now, create a Decision Table by righ-clicking the Application Name which is the top node of your Object and choose Create =>Expression =>Decsion Table.

Maintain any desired name/text for your Decision Table based on your business naming conventions. Click "Create And Navigate to Object" button.

 Now you can add the required Role Attributes based on which the conditions can be defined for setting the Approval. In this case, we have chosen "Role Type" as example.

Assign the above created Decision Table to the Function as Top Expression.
Save and Activate the Application and objects.

Implement the BRF Rule with Condition Group.

You now have to assign the Approver Condition Group to the above created BRFplus Application Name and BRFplus Function Name used in BRFplus screen in the browser.

Do the assignment as per the below screen. 

NOTE: In this context, the Condition Groups are just being implemented for Approval.
Go to NWBC and click on Role Owner option under "Role Assignment" or "Access Owners".

Maintain the condition group with same name as in BRF+ and assign approver to it.

Now create the role and the corresponding Role Owner will be added based on Condition Group satisfied by the Decision Table context of the BRFplus rule.

Related Content

Please refer to the GRC 10.0 Configuration Guide published on SAP Service Market Place for any additional help, if needed.