Artem,
I cannot speak to your particular issue, but I can tell you that security in GRC Access Control is quite "quirky" and has a lot of room for improvement. When we applied SP19 we had to give our request submitters and role approvers ACTVT=78 (Assign) for GRAC_SYS just so that they could continue to do Search Requests. When I asked SAP about it, they said that they thought that only GRC admins would be doing searches. Wrong! So the authorization requirements are not always logical to us out in the real world.
Good luck,
Gretchen