SAP GRC - Authorization

SAP GRC Access Control uses UME roles to control the user authorization in the system. An administrator can use actions which represent the smallest entity of UME role that a user can use to build access rights.

One UME role can contain actions from one or more applications. You have to assign UME roles to users in User Management Engine (UME).

Authorization in UME

When a user does not have access to a certain tab, the tab will not display upon user logon when the user tries to access that tab. When a UME action for a tab is assigned to that particular user, only then he will be able to access that function.

All available standard UME actions for CC tabs can be found in the tab “Assigned Actions” of the Admin User.

UME Actions

UME Roles

You should create an administrator role and this role should be assigned to Superuser to perform SAP compliance calibrator related activities. There are various CC roles that can be created under SAP GRC Access control at the time of implementation −

  • CC.ReportingView

    Description − Compliance Calibrator Display and Reporting

  • CC.RuleMaintenance

    Description − Compliance Calibrator Rule Maintenance

  • CC.MitMaintenance

    Description − Compliance Calibrator Mitigation Maintenance

  • CC.Administration

    Description − Compliance Calibrator Administration and Basis Configuration

How to open User Maintenance Engine?

Using UME, you can perform various key activities under Access Control −

  • You can perform user and role maintenance
  • It can be used for user data source configuration
  • You can apply security settings and password rules

To open UME, you should use the following URL −


Open Ume