Page tree
Skip to end of metadata
Go to start of metadata


1 Overview

User replacement is performed when one person will no longer be performing that role and the new person assuming this role will inherit the work items still open from that older user.

Replacement is different from simply changing the user assignment on the entity or using GRC Role Assignments > Organizations and GRC Role Assignments > Business Processes, as these other options will not move the work items, only Replacement will.

2 Configuration

To ensure that replacements will happen correctly on the expected date, it's necessary to schedule the replacement job.

3 Replacement

3.1 Creating a User Replacement

To replace the user assigned to a role and move all the work items to the new user, use Access Management > GRC Role Assignments > Replacements:

 

Create a new replacement by clicking on Replace or Remove:

 

3.2 Select the user to be replaced

Use the search box to find the user who will no longer be performing one or more of the roles, so that they can be replaced to a new user:

 

3.3 Select the new user for the role

At the Define Replacement step the new user who will assume the role and work items needs to be informed along with the date that this replacement shall take place:

Note that the effective date of a replacement needs to be in the future. It cannot be any day in the past or the current day.

 

3.4 Review and save the replacement

On the review stage make sure the dates are correct and the replacement to be performed can be confirmed:

 

The change/replacement is confirmed and saved:

 

Back to the Replacement window we can see the entry created for the initial user and the role.

 

Creating and saving a replacement entry will replace the user assignment on the role immediately and this can be seen on the object assignment:

 

The work items will remain in the intial user inbox until the day the replacement takes place. When the effective date of the new user assigned to the role comes, the replacement will happen according to the explained on the next section.

3.3 Background Replacement Execution

When the replacement entry is saved on the frontend, two things happen:

  • it creates a record on table HRP1852 (frontend assignment seen on image above):

  •  And a record placed on GRFNREPLACEMENT:

It's this record on GRFNREPLACEMENT that will be used by program GRFN_REPLACEMENT_MASS_ACTIVATE to recalculate the workitems:

 

The forwarding of Work Items will consider only the WIs related to the replaced role. The Start Date is checked against GRFNREPLACEMENT column VALID_FROM and only records with valid from date smaller < or equal = the start date of the program (current day) will be processed. The new recipients of the work items are calculated as default through GRFN_GET_AGENTS and since the new user is assigned at HRP1852 for the current day onwards this new user should be the recipient.

 

Results of the replacement job can be seen on SLG1 by searching for object GRFN and subobject REPLACEMENT:

 

If WIs for the initial user exist and were forwarded they are shown in the logs with the WI ID specified, like this:

 

4 Related Content

4.1 SAP Notes

2629499 Replacement - role names are empty for remediation plans
2605202 MOVE_CAST_ERROR error in the program GRFN_REPLACEMENT_MASS_ACTIVATE
2586853 Work Item of Assessment of Indirect Entity Level Control does not get replaced
2587478 Replacement of remediation plan owner is not happening when plan is in RESOLVED state
2502784 Mass Replacement does not recognize user by fullname
2571348 Replacement functionality for Disclosure survey is not working
2467552 Mutiple replacement entry for same user is not considered in GRFN_REPLACEMENT_MASS_ACTIVATE
2523681 Issue owner replacement dumps
2493699 Replacing responsible of remediation plan via replacements results in dump
2484692 Dump occurs when user tries to replace owner for Issue
2437811 Replacing processor of remediation plan in draft dumps when processor is not same as plan owner
2457576 GRFN_REPLACEMENT_MASS_ACTIVATE report is casing the duplicate email
2406924 Workitem agent is not getting replacement after running replacement job
2222815 User is not getting replaced in Disclosure Survey Workflow

4.2 SAP Knowledge Base Articles

2652096 Work items are not transferred through replacement

2623492 - Time out error while replacing user

 

DISCLAIMER: Image/data in this WIKI is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

 

 

 

  • No labels