Quantcast
Channel: SCN : All Content - Governance, Risk and Compliance (SAP GRC)
Viewing all 5097 articles
Browse latest View live

GRC 10(BRM)Role Import using user input Option - (Not able to see all roles & Import them)

February 10, 2014, 3:19 pm
$
0
0


Hi All,

 

I am not able to see all backend ECC roles when i am trying to import the roles into GRC tool under role maintenance.

Role Import Preview.gif

 

I can import  invisible roles using file on desktop source option but need to know why some of the roles are not visible with user input option and cannot import those role. (I have run the Object sysnc Job in full mode as well ).

 

We have 3657 custom roles in backend ECC system of which only 2779 are visible, when we are trying to perform role import in GRC 10  using user input option. (We  cannot see 878 roles custome roled but remaining 2779 roles are visible via user import option.

 

Please let me know why we are not able to see few roles usinguser input option for role import in GRC 10.

 

Could you please help me out on this...thank you

Search

LDAP Error: Connection error occurred???

February 10, 2014, 8:59 pm
$
0
0

Hi All,

 

I am getting error "Connection error occurred"  in tcode LDAP while logging into Directory Server.

 

This LDAP configuration is done in Development system and moved to quality through TR. Initially it was working without any error. But not sure why this is all of a sudden not working and giving this error. I suspected Active Directory User id/password error. However, I checked in development system and it is working fine!

 

I do not know what is causing this problem. I dont get anything in SLG1 also.

 

Has anybody experienced this error? Please advise.

 

Regards,

Faisal

MSMP workflow with both Roles and Systems as Lineitems

February 10, 2014, 9:00 pm
$
0
0

Hi Consultants,

 

So far i have created all my workflows with roles as lineitems and since roles are assigned to the system based on that all provisioning and de-provisioning used to happen.

 

Now client wants that access request should also have system lineitem to be included. In that case my workflow should validate system lineitem separately and roles line items separately. In this case do we need to go for FM based BRF+ rules ? I have not worked on them. If anyone implemented this scenario?

 

If this can be achieved by BRF+ rules let me know. Assume that at my first stage manager i have a routing rule to divert lineitems with no approvers to no approval path. So will system lineitem also will be considered as lineitem with no approver and go to that path? In that case all roles flow through normal path and will this scenario works ? To divert system lineitem to different path, condition should be defined at what level in decision table? Client asked to include system lineitem in order to maintain system validity.

 

If anyone has implemented this, Kindly provide your inputs or suggestions.

 

Thanks in advance.

 

Regards,

Sai.

GRC AC 10.0 ARQ: User Search is not working???

February 10, 2014, 10:21 pm
$
0
0

Hi All,

 

I have configured User Data Source as:

 

1. User Search Data Source:-         

 

Target ConnectorSequence
LDAP1
ERP Production System2
GRC Production System3
ERP Quality System4

 

 

2.  User Detail Data Source:-         

 

Target ConnectorSequence
LDAP1
ERP Production System2
GRC Production System3
ERP Quality System4

 

 

When I try to define Access Control Owners, system does not show me the result of desired user search. All though these user are available in ERP Production system. I was expecting it to search in any of the systems in the list and show me the result.

 

Am I missing anything on this? Or is my sequence is incorrect?

 

Please advise.

 

Regards,

Faisal

Wipe out GRC 10 Access Control Configration

February 5, 2014, 12:09 am
$
0
0

Hi,

 

I have configured GRC 10 AC in Sandbox system for training and now i want to wipe out entire configuration in one shot, is there any way i can do it ?

 

or i need to manually remove settings ?

 

Regards,

Satyajit

correctly define the logical connections in CCITS

February 11, 2013, 1:13 am
$
0
0

Dear All,

 

When I run my synch jobs, there is no errors seem. But; when i tried to mass import in grc nw. I got below error. Could you please help me?

 

correctly define the logical connections in CCITS

 

Thanks

Aysen Imam

Attempt to modify a file created by another person (generate new version)

February 11, 2014, 1:23 pm
$
0
0

Dear, good night.

 

 

I am now entering the SAP GRC PC, I really need help from you I have a problem when the attachment is entered by a user, only he can delete it (Remove button) or create new versions (Modify button). Prevent the file to be deleted is even understandable, but it makes sense not to allow anyone else to do your versioning.

Note: GRC own versioning. suffice that another User could also versioned.

 

 

Could help me with this problem?

 

 

Thank you in support of you.

GRC AC10 Risk analysis error

November 15, 2011, 3:07 am
$
0
0

Hi Experts,

 

We are getting error in Risk analysis.

We have checked configuration, RFC, Batch Jobs, Rule Generation.

Rules are showing active in Rules library, User and Roles are appearing while searching. I searched SMP for notes and sdn for similar issue but couldn't find anyone.

 

During risk analysis, explorer gives dump -

 

The URL call http://itdgrctest.itconline.in:8002/sap/bc/webdynpro/SAP/grac_sod_search_appln was terminated because of an error.

    

Note

 

The following error occurred in system G10 : File Could not be opened

The error occurred on application server ITDGRCTEST_G10_02 and in work process 4 .

The termination type was: ERROR_MESSAGE_STATE

 

The ABAP call stack was:

Method: UPDATE_FILE_DATA_DETAIL of program CL_GRAC_SOD_REPORTING=========CP

Method: SET_VIOLATIONS of program CL_GRAC_SOD_REPORTING=========CP

Method: WRITE_OUTPUT_TO_DB of program CL_GRAC_SOD_RISK_ANALYSIS=====CP

Method: RISK_ANALYSIS of program CL_GRAC_SOD_RISK_ANALYSIS=====CP

Method: DO_RISK_ANALYSIS of program /1BCWDY/0O2TMNDMBELX0AO58TG7==CP

Method: IWCI_GRAC_RISK_ANALYSIS~DO_RISK_ANALYSIS of program /1BCWDY/0O2TMNDMBELX0AO58TG7==CP

Method: EXECUTE_ANALYSIS of program /1BCWDY/0O2TMNDMBFK6DDPI1C1Q==CP

Method: IF_SEARCH_VIEW~EXECUTE_ANALYSIS of program /1BCWDY/0O2TMNDMBFK6DDPI1C1Q==CP

Method: ONACTIONSEARCH of program /1BCWDY/0O2TMNDMBFK6DDPI1C1Q==CP

Method: IF_WDR_VIEW_DELEGATE~WD_INVOKE_EVENT_HANDLER of program /1BCWDY/0O2TMNDMBFK6DDPI1C1Q==CP

 

What can I do?

If the termination type is RABAX_STATE, you will find more information on the cause of termination in system G10 in transaction ST22.

If the termination type is ABORT_MESSAGE_STATE, you will find more information on the cause of termination on the application server ITDGRCTEST_G10_02 in transaction SM21.

If the termination type is ERROR_MESSAGE_STATE, you can search for further information in the trace file for the work process 4 in transaction ST11 on the application server. ITDGRCTEST_G10_02 . You may also need to analyze the trace files of other work processes.

If you do not yet have a user ID, contact your system adminmistrator.

 

 

Error Code: ICF-IE-http -c: 600 -u: SABITADA -l: E -s: G10 -i: ITDGRCTEST_G10_02 -w: 4 -d: 20111115 -t: 162851 -v: ERROR_MESSAGE_STATE -e: File Could not be opened -X: 005056A41E8C1ED183EF148A3F5AFCCF_005056A41E8C1ED183EF142157E41CCF_1 -x: A4780FE1FA51F1DD9CCF005056A41E8C

 

 

The termination type was: ERROR_MESSAGE_STATE, we I checked in St11. There error log is -

 

N  *** ERROR => System ID and client from ticket are not the same than mine. [ssoxxkrn.c   1061]

N  {root-id=005056A41E8C1ED183EEA264CAA11CCF}_{conn-id=005056A41E8C1ED183EEA264C5BA5CCF}_1

N  *** ERROR => Neither was ticket issued by myself nor can I find issuer in TWPSSO2ACL (see note 1055856). [ssoxxkrn.c   1067]

N  {root-id=005056A41E8C1ED183EEA264CAA11CCF}_{conn-id=005056A41E8C1ED183EEA264C5BA5CCF}_1

M

M Tue Nov 15 16:02:49 2011

M  *** ERROR => AdCvtRecToExt: unknown opcode 71 (AD_OPCODE_71), ser 0, ex 0, errno 0 [adxx.c       2472]

M  {root-id=005056A41E8C1ED183EEA4E10D4C3CCF}_{conn-id=00000000000000000000000000000000}_0

M  *** ERROR => AdCvtRecToInt: unknown opcode 71 (AD_OPCODE_71), ser 0, ex 1, errno 1 [adxx.c       2530]

M  {root-id=005056A41E8C1ED183EEA4E10D4C3CCF}_{conn-id=00000000000000000000000000000000}_0

M

 

If anyone has encountered the similar issue and has found a solution, please reply.

 

Thanks in advance, Regards,

Sabita

Search

Workflow using BRF+ in PC 10.0

February 11, 2014, 9:31 pm
$
0
0

Hello Experts,

 

 

In SAP GRC PC 10.0, can we use BRF+ to trigger workflows to different users (of deficiencies in Automated Monitoring) ?

 

Regards

Ramakrishna Chaitanya

MSMP Access Request Approval condition

February 10, 2014, 6:19 am
$
0
0

Is there an easy way to differentiate between approval workflows based on request types?

 

Basically I would like to keep standard access request approval workflow SAP_GRAC_ACCESS_REQUEST with the manager, role owner and security stage for most of the access request types. However in case of an emergency access request type I would like to involve the SPM Owner as well as a step after the Manager approval and ignore the role owner and security stage

 

Normal Access Request: Manager – Role Owner – Security

EAM request: Manager – SPM Owner

 

 

In case I will need to create a BRF+ rule a little help is much appreciated.

 

Thanks!

'Notification Event' for Email Reminders

February 11, 2014, 3:22 pm
$
0
0

Guru's

 

I need some clarification on setting up the Email Reminders configuration within the MSMP workflow at the stages. It's my understanding that a job can be setup to run program GRFNMW_BATCH_EMAIL_REMINDER on some frequency and define the period values for different MSMP processes; however I'm confused as to what the Notification Event setting will be on the stage which will trigger the reminder. Currently the only notification events that I see available on the stages are (also see screenshot): Approved, Escalation, Forward, New_Workflow_Item, Rejected & Return.

 

Notification Event for Email Reminders.JPG

 

Based on these notification events I assume that reminders will function in the same way and when an event happens (i.e. a reminder is needed to be triggered) a notification will go out to the approver at that stage. So I would expect to see a REMINDER notification event that can be selected...

 

Maybe I'm not understanding the setup for this, but if someone can clarify how the configuration should be set on the stages so that individuals are minded when items sit in their inbox, I would appreciate it.

 

I see the available template ID's for the email reminders for example GRAC_EMAILRMDR_CUP but I must associate that template with one of the 'Notification Events' and it just doesn't make sense to use any of the available events that I've listed above. I would suspect that if I did, then the email reminder template would be initiated when a new workflow item was submitted to that stage if I used the NEW_WORKFLOW_ITEM notification event. The only one that makes a little sense is escalation, but I'm not intending for the request to be escalated to any individual, but instead for the same approver to just get a basic reminder that a item is still in their Work Inbox.

 

Any assistance would be appreciated.

 

P.S. I've also already reviewed Documents "How to Customize Notification Templates for AC 10.0 Workflow" & "Customizing Workflows for Access Management" but still confused as to how to setup the configuration prior to running the jobs.

NF_E 3.10

February 11, 2014, 5:27 am
$
0
0

Pessoal, boa tarde

 

Com a chegada desse novo leiaute para a NF_e, gostaria de obter documentações a respeito desse assunto, alguém saberia me informar se SAP tem alguma nota para aplicação ou algo semelhante?

Como deverá ser esse processo de migração.

Fico no aguardo

Abs

GRC AC 10.0 - "User Risk Analysis" is not showing any results

February 12, 2014, 6:09 am
$
0
0

Hi experts!

 

I need help on this issue that is driving me mad!

 

Whenever I run user risk analysis, it does not show me any results.

 

I didn't leave any filter empty.

I ran all sync jobs + risk analysis from SPRO.

RFC connection works right.

 

In addition, el offline parameter is in "YES" which is wrong because it is set as "NO" from SPRO. I don't know why this happens nor how to revert it.

 

So please SAP experts, Could you help me?

SLA Clarification

February 12, 2014, 2:55 pm
$
0
0

Hello,

 

I was hoping to get clarification on how the SLA’s work in GRC 10.0

 

We have a standard workflow of Manager, Role Owner, Compliance and have an SLA set of 2 days for Access Requests. I’m wondering. Is the SLA across the entire Access Request flow? Or is that the SLA at each stage.

 

If the SLA hit 2 days at manager what happens?

If the SLA hits at the role owner stage will it kick off to the alternate approver?

If the SLA hits 2 days at Compliance what happens?

 

Clarification would be appreciated.

 

Kyle

FF Log Email Notification displays User ID instead of Request ID

February 12, 2014, 3:12 pm
$
0
0

Greetings community

 

Was hoping someone could possibly help me. We have custom email notifications configured including variables. All the custom notifications send successfully except for the notification to the controller to review the FF log. The subject is supposed to read "Emergency Access Log Review Request # %REQNO% Pending Your Review" but instead reads "SAP Emergency Access Log Review Request # FF_ID_USER using FF_ID_DGB240 on GRC-DGBCLNT240 Pending Your Review" I have looked in SM30 and validated the variable is %REQNO% and that it is the same as it appears in the MSMP workflow configuration.

 

I've tried adding spaces but no luck. Anyone else experienced the wrong variables being used in their custom notifications?

Search

GRC RAR 5.3 False Postives Post 4.6C to ECC Upgrade

February 12, 2014, 12:42 pm
$
0
0

GRC 5.3_16

 

We have just gone through an upgrade on R/3 from 4.6C to ECC.  We have uploaded the objects and ran and incremental sync for user/role/profile as well as an incremental user analysis and Generated the rule set.  Now running the risk analysis at the user level we are receiving false positives.  There are objects within the results that have activity type 01 and 02 identified but when we go to the actual role in PFCG this object only has 03.  I have also verified the rule is not enabled for checking actvt 03.

 

Any idea's what has been missed?

 

Thank You in advance

GRC AC 10:ARA--No analysis result

January 28, 2014, 1:51 am
$
0
0

Hi Friends,

 

i configured my system(SP12) accoring the sap proposed configuration guides.

And also configared my connectors and connector groups,assigen integration scenarios to that connectors evrything is fine without any esacations

 

But when I run--  Access Risk Analysis for User Level/Role Level/Profile Level... no output data will be displayed!?

 

i ran all the Sync Jobs sucefully with out any error

 

And also implement snote 1824956 - User Analysis Report shows "No violations" to my sytem but no result

 

And also i checked few tables users and the roles in the repositoryor not

GRACUSERCONN

GRACRLCONN

 

checked above two tables i found all users and roles are exist in the repoitory there is no problem and also checked another table

GRACACTRULE

 

all the rules  also generated noissues

 

And i am stragulling this error from past few days can anyone please provide me proper solution to my qurery......

 

Thanks in advance............

 

Regards

Ravikumar.ch

How to make GRC10.0 Role Management parameters (3000, 3001, 3002, 3003 & 3004) empty after migrating the data from GRC5.3 to GRC10.0?

February 12, 2014, 11:35 pm
$
0
0

Dear Experts,

 

We are trying to migrate the data from GRC5.3 development system to GRC10.0 development system. We had performed below mentioned activities as required.

 

1) Maintained all the Pre-requisites for GRC10.0 server.

2) Exported the CUP & RAR Data from GRC5.3 system.

3) Imported the CUP & RAR Data.

4) Able to see all Masters & Mitigation controller Id relevant information of GRC5.3 system in GRC10.0 system.

5) Maintained all the parameters except Role Management relevant in GRC10.0 since we are unable to maintain the configuration parameters (3000,3001,3002,3003 & 3004) empty which is required to import the mass roles in GRC10.0 using the back-end systems connectors in NWBC or using the transaction: GRAC_ROLE_MASS_IMPRT but still we are unable to import the roles since we are receiving an error as "Invalid Business Process" as we have to maintain the Role Management Parameters as empty.

 

Kindly provide us the best solution in this since we are in the final stage of migration.

 

Thanks and regards

==============

Santosh Goud

+7676033163

How to make GRC10.0 Role Management parameters (3000, 3001, 3002, 3003 & 3004) empty after migrating the data from GRC5.3 to GRC10.0?

February 13, 2014, 1:16 am
$
0
0

Dear Experts,

 

We are trying to migrate the data from GRC5.3 Development system to GRC10.0 Development system. As per the SAP Provided migration document, we had performed below mentioned activities as required.

 

1) Maintained all the Pre-requisites for GRC10.0 server.

2) Exported the CUP & RAR Data from GRC5.3 system.

3) Imported the CUP & RAR Data into GRC10.0.

4) Able to see all Masters & Mitigation controller Id relevant information of GRC5.3 system in GRC10.0 system after performing the Intra-Migration tasks.


We have maintained all the parameters in GRC10.0 except Role Management relevant parameters(3000,3001,3002,3003 & 3004) since we are unable to maintain it (3000,3001,3002,3003 & 3004) empty as required to import the mass roles for the CUP Defined connectors in GRC10.0, I mean for all the back-end systems connectors either by using the NWBC or by using the Transaction: GRAC_ROLE_MASS_IMPRT.


Note: We are able to see all the Business Processes which are migrated from GRC5.3 to GRC10.0 in NWBC & GRC10.0 system.


Still we are receiving an error message as "Invalid Business Process" though we maintain the above parameter values as "<empty>".


Also we tried to keep the above parameter values as "star (*) or some value as (ALL)"  then also we are getting an error as "Enter the Business Process".


Kindly provide us the best solution in this since we are in the final stage of migration.

 

Thanks and regards

==============

Santosh Goud

+7676033163

RFC GRAC_GET_REQUEST_DETAIL_CUP --> IV_WI_GROUP

February 13, 2014, 2:40 am
$
0
0

Hi experts,

 

I have found following RFC GRAC_GET_REQUEST_DETAIL_CUP which is quit interessting. Unfortunately I cannot test the RFC as I dont know what to enter in import field IV_WI_GROUP.

Any help is appriciated.

 

Nguyen

Viewing all 5097 articles
Browse latest View live
More Pages to Explore .....
Search

Latest Images

Nonprofit donates custom home in this East Bay city for Marine injured in...

Nonprofit donates custom home in this East Bay city for Marine injured in...

April 23, 2024, 7:00 am
New private rooms on Tokaido Shinkansen change the way we travel from Tokyo...

New private rooms on Tokaido Shinkansen change the way we travel from Tokyo...

April 22, 2024, 6:00 am
Ukraine bans military from online gambling amid addiction concerns

Ukraine bans military from online gambling amid addiction concerns

April 22, 2024, 5:17 am
ಮಂಡ್ಯದಿಂದ ಸುಮಲತಾ ದೂರ; ಹೆಚ್‌ಡಿಕೆ ಪರ ಪ್ರಚಾರಕ್ಕಿಳಿಯದ ಸಂಸದೆ –ಬರ್ತಾರೆ ನೋಡೋಣ ಎಂದ...

ಮಂಡ್ಯದಿಂದ ಸುಮಲತಾ ದೂರ; ಹೆಚ್‌ಡಿಕೆ ಪರ ಪ್ರಚಾರಕ್ಕಿಳಿಯದ ಸಂಸದೆ –ಬರ್ತಾರೆ ನೋಡೋಣ ಎಂದ...

April 20, 2024, 8:08 pm
OCBC Bank Singapore Offers Up to 2.8% p.a. Fixed Deposit Promotion from 21...

OCBC Bank Singapore Offers Up to 2.8% p.a. Fixed Deposit Promotion from 21...

April 20, 2024, 12:38 pm
National Poetry Month 2024: Maxine Starr

National Poetry Month 2024: Maxine Starr

April 19, 2024, 9:56 am
Vegan Chicken Pot Pie

Vegan Chicken Pot Pie

April 19, 2024, 9:18 am
Firefox UX: On Purpose: Collectively Defining Our Team’s Mission Statement

Firefox UX: On Purpose: Collectively Defining Our Team’s Mission Statement

April 19, 2024, 7:03 am
New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

April 18, 2024, 11:05 am
Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

April 17, 2024, 6:48 pm