Hi Colleagues ,
Can you please help me with the issue .
I have created the role and everything was fine . If I see the status , the role was pending with the approval from Role owner.
So I logged in as role owner to approve the role but I was not able to find the approval tab in the workinbox to approve
Can any please check. I have assigned the correct role for the user
Many thanks in advance
Regagrds,
Raghu
Purpose
The purpose of this document is to provide a list of the top ten most viewed SAP KBA's for GRC Process Controls in the month of July 2014.
Overview
Below are the top 10 most viewed SAP KBA's for GRC Process Controls.
| KBA Number | KBA Title |
|---|---|
| 1884797 | System is throwing runtime error "SYSTEM_NO_SHM_MEMORY" |
| 2022567 | Access using a 'ZERO' object reference is not possible |
| 2006772 | Automated Monitoring Job with status Error |
| 1875354 | ABAP Business Rules do not allow any filter criteria to be defined. |
| 1998579 | ASSERTION_FAILED in CL_GRFN_OWP_DELIVER |
| 1740512 | Can not open Microsoft Office 2010 |
| 1640926 | Perform Task-Specific customizing on GRC-PC 10.0 |
| 2028328 | Description Field Missing From MDUG Export |
| 1665635 | Business Rule Assignment Issue |
| 1872834 | Unable to open Local Controls or Issues from the Organization |
Please note, in order to view the contents of the Knowledgebase Articles (KBA), you will need to be logged into Service Marketplace.
Related Content
Top 10 most viewed SAP KBA's for GRC Process Control in June 2014
Top 10 most viewed SAP KBA's for GRC Process Control in May 2014
Top 10 most viewed SAP KBA's for GRC Process Control in April 2014
Purpose
The purpose of this document is to provide a list of the top 10 most viewed SAP KBA's for GRC Access Controls in the month of July 2014.
Overview
Below are the top 10 most viewed SAP KBA's for GRC Access Controls.
| KBA Number | KBA Title |
|---|---|
| 1967403 | EAM: Key note for Firefighter Log and Review Workflow issues |
| 2038308 | GRC 10.x Browser and OS compatibility - IE or Windows |
| 1638100 | Print version Communication Failure: RFC Destination SALV_WD_EXPORT_PDF does not exist. |
| 1804207 | GRC EAM 10.0: Configuration parameters introduced in SP10 for EAM |
| 1900049 | ABAP Dump TSV_TNEW_OCCURS_NO_ROLL_MEMORY, how to verify if it’s a memory issue. |
| 1997982 | GRC 10.0 upgrade to latest SP or to 10.1? |
| 1994746 | GRAC10: Synchronization Jobs - scheduling recommendations |
| 1823253 | UAR: LDAP error when performing full user sync to get Manager data |
| 2035538 | Remediation view in Risk Analysis does not show any data |
| 1668255 | Firefighter ID role name for Param ID: 4010 |
Please note, in order to view the contents of the Knowledgebase Articles (KBA), you will need to be logged into Service Marketplace.
Related Content
Top 10 most viewed SAP KBAs for GRC Access Control in June 2014
Top 10 most viewed SAP KBAs for GRC Access Control in May 2014
Top 10 most viewed SAP KBAs for GRC Access Control in April 2014
Hello
We are on stage of blue print design of ARM module. The requirement is that, once HR trigger raise an user resign event, AC will automatically create an user disable request, this request will automatically disable user's accounts in all system where this user existing, and all of assigned roles will be automatically removed。 My questions are:
1. Can AC automatically fill in all systems where this user existing in request form? Do we need to do more configuration or customizing?
2. Can AC disable accounts and remove role assignment in the same automatic request?
3. Can AC support the same function in SAP portal?
4. Another question is related to PSS(Password SelfService), can PSS be applied in SAP Portal?
Would appreciate some views please.
Thank you
James
Hi All,
In GRC 10 when creating an access request, user will have an option to add ROLES and SYSTEMS. Here what is happening is if i add System line item, workflows are not working even though i have routing rule for system line items separately. I have tried in different ways and none worked out so far.
Has anyone implemented workflows having both ROLES and SYSTEM lineitems together and were succesful ?
What is the best practise while creating an access request? Just adding roles or both roles and System lineitems together?
Is there any option to remove SYSTEM option from ADD button available on access request screen ?
Things i have tried and one more consultant on this forum also had the same issue. Still couldn't crack solution for this 
1. If you add both role and system as line item in access request, both has to have the approvers defined (custom agent or standard agent) otherwise the request goes to "Approver Missing" path
2. If you add approver to the system line item and when it is approved the whole request moves to next stage (it doesnt wait for the role line items to be approved)
3. Even if you add a routing rule to split the system line items from the request, the whole request is getting routed to the detour path
So in essence if you mix system and role in the line items, the system takes precedence and the whole request follows suit.
Experts please share your suggestions or ideas to make this work.
Thanks a lot in advance.
Regards,
Padmavathi.
Hello All Experts,
I am facing same issue but scenario is different which I found not possible with above solution. If I am submitting request with ONLY system, then request will go to AUTO approve and end.
1) In change authorizations option, end user submits request with only filling SYSTEM option.
2) Request goes to 1st Stage people, who will add roles into system
Existing MSMP no roleowner is used as routing condition here, if role approver not FOUND, request takes ESCAPE ROUTE and goes to Escape Stage with system option and role(if not defined role owner for it)
3) If role has owner, it goes to Role Owner.
Can we remove SYSTEM option from request and send it to NO PATH stage instead of ESCAPE route
OR
Is there any better way to handle this? client do not wants to APPROVE requests with SYSTEM entries but ready to handle requests with no role owner request.
Please help.. **Urgent**
Dear All,
i have installed GRC Access Approver mobile application in my mobile from the below location_
SAP GRC Access Approver - Android-Apps auf Google Play
in my mobile data connection is on but i am unable to connect to GRC server through this application.
can anyone help me how to connect.
Regards,
Arif
Hi,
I am on GRC 10 SP14.
The user defaults maintained under End User Personization are not getting assigned to the users.
Here is what I have done so far
a) maintained the request types by adding user defaults in the action list
b)maintained user defaults for connectors
c)copied the BRF+ User defaults application from 000 to the customizing client and maintained decision table for it.
The simulation gives the correct values
d) maintained AC mappings with the BRF+ user default function mapping
d)Implemented SAP note#2020712
However, the user defaults are still not getting assigned to the users.
Your help will be greatly appreciated.
Best regards,
Silver
Wonder whether someone can clarify this.
We are currently testing the UAR functionality on GRC 10 SP13. When a reviewer forward a task to another person, should the new reviwer get a notification email with the comments entered by the original reviewer?
Do we need to do any changes in SAP_GRAC_USER_ACCESS_REVIEW workflow for this to work.
Appriaciate your help.
Sonny
Hi All,
While accessing any GRC work items from Work Inbox in NWBC, I have to click on "Refresh" button manually to reflect the latest work items!
I tried to look for any ABAP program which does this but could not succeed.
May I know what is the program used to update these GRC work items for all users? OR How do I make it automatic to reflect the latest work items quickly?
Please advise.
Regards,
Faisal
Hi,
I would like restrict users from selection systems from the drop down in "Risk Violations" Tab. In order to achieve this, I opened GRAC_OIF_RQUEST_SUBMISSION" application in Admin mode and disabled. As a result, this field is disabled. But this is blank. I am unable to maintain any value in it. I tried to select a value from the drop down and then disabling the field. I saved with the selected value. But later when Access Request application accessed, it is again showed blank.
However, when a user performs risk analysis, application still performs for all the connectors!
user is authorized to perform risk analysis for specific connector (controlled using GRAC_SYS object). But not sure where from application is picking up different connectors?
Secondly, I also noticed that this "System" drop down has multiple entries in it along with "ALL". I dont have any clue where these values are coming from!
Can anybody help me in understanding and addressing this?
Also, may I know how other are tackling this? I mean, is "System" drop down disabled with specific value as default or enabled with ONLY specific value?
Please advise.
Regards,
Faisal
Hello community,
Someone knows if web can configure the IDM role requests workflow (configured at the IDM side) to use Role Assigner and Role Content Approval configured at the GRC AC side?
Regards,
SAP Legend
Hello Experts,
I need to show the data from workflow in notification email of Process Control, I am pulling the data from workflow container but its not showing in the email. I can see the data in Workflow container but not in email.
Kindly throw some ideas on it.
Thanks.
Hello Team,
We had peformed grc migration from 5.3 to 10.0, however while importing RAR data, later we came to know that mitigating controls are not viewable on NWBC screen under organization.
Suprisingly other data is present on grc UI but mitigating controls are not showing on NWBC.
Backend tables are showing data.
Regards,
Shailesh
Hi All
I am planning to use determine license for BOM components based on the document posted by Howard Dai in following message.
http://scn.sap.com/docs/DOC-1592
But I am not able to implement the BAdI in ERP system to explode the BOM components. Not able to see BOM details from GTS. Display the BOM information of the item by clicking on the eyeglasses button next to the BOP ID is not working and give the message "BOP for product does not exist".
Please can you guys let me know how to implement the method API_BOM_EXPLODE of the BAdI /SAPSLL/IF_EX_BOM_SD0B_R3. How to explode BOM and get details using this.
Thanks
Dushyant Gosain
Hi Folks,
Good Day...Please need your valuable suggestion on the below issue...
We have configured GRC EAM 10.0 with a mapping of Single User Id to Single Firefighter but now we have got a scenario where Multiple Users require single Firefighter ID .
Mapping is done for Multiple users with single Firefighter ID., we have logged in with first user and successfully working but same time when the other user logged in, it is not allowing to enter into same firefighter (Popping a message as User1 is already using Firefighter)
Please provide me if any solution...
Hi ,
I have installed both GRC plugin GRCPIERP and GRCPINW in my ECC system.
Now I dont have to use GRCPIERP plugin. Would it will cause any effect?
Could you please also explain more, about use of both plugins?
Thanks and Regards
Amit
Hi All,
I need to add regulation requirement ID and Description in Risk and Control Matrix report(F7).
I have done the table entry in the required view cluster those are:
VC_GRFNREPCUST
VC_GRFNREPCOLUMNSC.
I am able to see the new column in the report output but the entire column is blank. When i try for regulation the value is populated but not for regulation requirement.
Am i missing any configuration?? I am struggling for an week.
Please help if you already come across this requirement. I highly appreciate for your time and help.
Thanks
Gourab
Hello SAP Experts,
we are implementing Access Control with its component BRM. We have finished all required steps according to several guides (BC Sets Activation, Automatic Workflow Customizing, etc.)
in the NWBC we maintained two users as Assignment Approver and Role Content Approver with the Condition Group ID Test.
While importing roles via NWBC we put the role owners and role Content approvers. As next we tried to create a Business role. We are able to choose technical roles, even tough there is a message: Role xy is not generated on default connector xy. We are able to perform the Risk Analysis. But when we try to submit the request, we have this message: Request cannot be submiited. Maintain at least one Role Content Approver.
What could be the reason for this error?
Many thanks in advance,
Sabrina
Hi Experts,
i was wondering if you could help me. I need to connect one SAP System with a HR System and have automatic SAP Role provisioning depending on the organizational unit (special wish 
). In the moment the system is connect to a CUA. The CUA has been configured to communicate over SAP LDAP connector with microsoft active directory (ADAM).
We also have a GRC10 system which is to be implemented for all systems (firefighter, user provisioning, risk analysis)
So as i see it, i have two choices about the automatic provisioning: GRC10 or CUA
Probably to make it work over GRC10 i need to setup a workflow with BRF+ rules so i can have the automatic provisioning based on the organisational units of the employees.
I havent spoke with our AD engineer, but i suppose : organisational unit is not an Active Directory attribute. To make it work we will probably use another attribute as a place holder for organisational unit and sync this field with a sap field from user master data.
So creating a BRF+ rule i could implement a check on the organisational unit and have roles assigned depend on that.
I know this is a GRC forum, but which solution would you recommend? maybe is will be simpler using this automatic role provisioning over CUA and leave GRC10 out of it.
cheers,david