GRC
HR
SCM
CRM
BI
Expand +


Article

 

A Walk Through Ticketing Functionality in SAP Access Control 10.1

by Vinay Gupta, Senior Software Engineer, SAP Labs India Pvt. Ltd.

October 23, 2017

Ticketing functionality is a new feature added to SAP Access Control 10.1 that enables a role designer to attach a ticket number for all role changes. This functionality enables role designers to work with configuration parameter 3040. (A ticket number is required for all role changes). This functionality can be used in conjunction with configuration parameter 1008 (Enable Role Change log) to enhance change log reporting and track role changes.

Ticketing functionality enables role designers to attach a ticket number with all role changes so that the changes the role designer made can be traced back to the original change request. After a role designer attaches a ticket number, all the role changes are tagged with this ticket number. This is reflected in the view of the change history of the role. In a business scenario, for example, you may want to change the role approver for roles. You can associate this change in roles with a particular ticket number. Now you can use this ticket number to track role approver changes.

How to Enable Ticketing Functionality

In the Role Maintenance screen, the option of entering a ticket number is provided depending on configuration parameter 3040. By default, the value of this parameter is set to No. The ticket-related functionality (a pop-up and the Ticket Details tab) is only visible if the configuration is set to Yes.

To enable ticketing functionality, enter transaction code SPRO in the command field, as shown in Figure 1.


Figure 1
Enter transaction code SRPO

After you execute transaction code SPRO, the system displays the screen in Figure 2.


Figure 2
Screen to open IMG settings

Now, click the SAP Reference IMG button to open the settings page and follow menu path Governance, Risk and Compliance > Access Control > Maintain Configuration Settings.

Click the execute icon  beside Maintain Configuration Settings to display the screen shown in Figure 3.


Figure 3
Screen to change the value of configuration parameter 3040

Search for Param ID 3040 (A ticket number is required for all role changes) in Parm Group Role Management. Change its value to Yes as shown in Figure 3 and click the save icon  to save your data.  

Use and Track Role Changes by Ticket Number

After ticketing functionality is enabled, a pop-up screen appears asking for a ticket number when a role designer creates or changes a role. To demonstrate, I am creating a new role. Go to NWBC > Access Management > Role Maintenance (Figure 4).


Figure 4
Screen to create a new role

When you click the Role Maintenance link, the Business Role Management screen shown in Figure 5 opens.


Figure 5
Business Role Maintenance screen

Click the Create button and select a single role. A new screen to create single role opens with a pop-up to enter the ticket number as shown in Figure 6. A role designer cannot proceed to create the single role until a ticket number is entered. This ticket number is used to track all the changes in the role.


Figure 6
Screen to create a role with a pop-up to enter a ticket number

Enter the ticket number and remarks. Click the OK button to save the ticket number with this role as shown in Figure 7.


Figure 7
Ticket number entered for this role

Enter role details and save this role by clicking the Save button as shown in Figure 8.


Figure 8
Enter role details and save the role

To check that all the role changes are saved with the entered ticket number, go to the change history of the role. For checking the change history click Additional Details > Change History as shown in Figure 9. In the change history result list, go to the Additional Information column to find the ticket number you entered.


Figure 9
Screen to show the change history

Now if you make any the changes in the role in any of the role phases, the system saves the role with this ticket number until you change or modify the ticket number, which I describe next. Similarly, if you create any other type of role, it shows a pop-up for entering the ticket number.  

Details of the New Ticket Number Tab

A new tab called Ticket Number has been added in Additional Details as shown in Figure 10. A role designer can view and change the ticket number.


Figure 10
A new tab is added

In this tab a role designer can view and edit the ticket number based on business requirements.  

Now the role designer can change the ticket number in the Ticket Number tab and then click the Save button to save the changes as shown in Figure 11. You can enter additional remarks (if any) in the Remarks box. 


Figure 11
Ticket number changed and saved

If you make any new changes in the role, it saves this new ticket number. For example, a role designer has a new request to change the role attribute (i.e., Project Release in Define Role phase). Now the designer wants to track all such changes with this new ticket number. 

To show this, I edit the role and change the role attribute (i.e., project release). 

Go back to the Define Role tab. Change the value of the Project Release role attribute with the new value of Role re-engineering, as shown in Figure 12. Click the Save button to save the role. 


Figure 12
Change the Project Release value

Go back to Additional Details > Change History to check the updated change history of the role. This role change is saved with the new ticket number as shown in Figure 13


Figure 13
Updated change history of the role

Use of Ticket Number Functionality in Copy Role

After you enable ticketing functionality, if you copy an existing role, the system asks for the ticket number while saving the role. To copy a role, first search the existing roles using menu path NWBC > Access Management > Role Management > Role Search. Enter role name Z_HRM*1* and click the Search button to search for the role. Now select role Z_HRM_P_001 and click the Copy button as shown in Figure 14.


Figure 14
Search for a role to copy

When you click the Copy button, the system shows a Role Copy screen with a pop-up to enter the ticket number as shown in Figure 15. With this newly added ticket number you can track this newly copied role. 


Figure 15
The Role Copy screen

Now enter the ticket number and remarks (if any) and click the OK button as shown in Figure 16. In my example, the ticket number is 201708999.


Figure 16
Ticket number entered in the Role Copy screen

Now in the next step enter the new role name and click the Submit button to copy the existing role as shown in Figure 17.


Figure 17
Copy the role to a new role

Now a new role Z_HRM_P_001_C is created in system, which is a copy of the role Z_HRM_P_001 with ticket number 201708999. All the changes in this new role will be tracked by ticket number 201708999. 

Use of Ticket Number Functionality in Mass Maintenance

After enabling ticketing functionality, if you update role attributes using Role Mass Maintenance > Role Update, the system asks for a ticket number for all changes in roles. Role Mass Maintenance is the functionality provided to update a role attribute for single or multiple roles at a time. This functionality can be accessed from menu path Access Management > Role Mass Maintenance > Role Update as shown in Figure 18


Figure 18
Mass maintenance, Role Update screen

After you click the Role Update link, the system opens the Role Update screen. Click the Add button to add roles as shown in Figure 19.


Figure 19
Add a role to update a value in the Role Mass Update screen

Now search for a role to add in the Mass Update screen. As you click the Add button, the system displays the role search screen as shown in Figure 20.


Figure 20
Search for and add a role

Now enter role name Z_HRM_P_001 and click the Search button to search for the role. Select this role and click the OK button to go back to the Role Update screen (Figure 21).


Figure 21
The Role Mass Update screen to update selected roles

In the Role mass update screen (Figure 21), click the Next button. That takes you to the next screen where you can select attributes and actions for the role. In the Attributes drop-down menu, you can find a list of all role attributes that can be changed in the role and in the Action drop-down menu, you can find their relevant actions. Select the value of the attribute and action as shown in Figure 22 and click the Next button.


Figure 22
Role mass update selecting attribute value

In Attributes, select Business Process/Subprocess and in Action, select Update. In this example, I am changing the role attribute (i.e., business process HR and Payroll to Basis). Select the old and new value of the business process/subprocess and click the Next button as shown in Figure 23


Figure 23
Select the value of the attribute in Role Mass Update

When you click the Next button, a screen appears with a ticket number pop-up screen asking you to enter the ticket number as shown in Figure 24.


Figure 24
Ticket number pop-up in Role Mass Update

Now this ticket number is used to track changes in the role attribute by mass update. Enter the ticket number and click the OK button. Now you can schedule the job by clicking the Submit button as shown in Figure 25. In this screen, you find two options to schedule the job (i.e., Foreground and Background). In this example, I select Foreground. 


Figure 25
Submit the Mass Update of the role

Now changes in role attribute business process/subprocess are tracked by this newly added ticket number 201808777 as shown in Figure 26.


Figure 26
Newly added changes by Mass Update tracked by the new ticket number

Role Search Using the Ticket Number

In Role Search (follow menu path Access Management > Role Management > Role Search), a new search attribute, Ticket Number, has been added as shown in Figure 27. Using this ticket number, you can search all the roles that are updated using that particular ticket number. In Ticketing Functionality, a role designer can use this particular ticket number for one or multiple roles.  


Figure 27
Role search with ticket number attribute

To search roles that are updated using a particular ticket number, you can enter the ticket number in the field to the right of the Ticket Number field and click the Search button (Figure 28). The system shows all the roles that are updated or changed by the entered ticket number as shown in Figure 28. In my example, I have used this ticket number for only one role. So, in the result it shows only one role.


Figure 28
Role search result with the entered ticket number

 

An email has been sent to:





 

Vinay Gupta

Vinay Gupta has a total of 10 years of experience in software development. He has worked with large IT companies, such as IBM and SAP Labs. Since 2008 he has been working at SAP Labs and involved in various phases of development and maintenance of SAP Access Control 5.3, 10.0, and 10.1. He has expertise in Business Role Management, Access Risk Analysis, Access Request, migration, and SAP authorization concepts.



COMMENTS

Please log in to post a comment.

No comments have been submitted on this article. Be the first to comment!


SAPinsider
FAQ