Hi gurus,
When I am creating a role in BRM in GRC 10.1, everything is done correctly but in the phase"Approval", when I iniciate an approval for the role, the role owner that was set up, receives a task in his Inbox to approve but no approve button appears. Attached is the screenshot.
Could you please help?
Thanks,
Kind regards,
Hi Guys, I just searching for a report/view where I could see all transfers from the feeder system to GTS.
Isn't there any standard report I could use? I'd like to have the complete overview related to outbounds/inbounds for a certain period which was transferred from the feeder system.
So far I didn't find any area with such an information.
best regards
Alfons
Hi gurus,
I am configuring the workflow for User Access Review and when the role owner receives the task in his Work inbox to review the user access, the request is empty. Please check image attached.
Any idea of what can be happening?
Thanks,
Kind regards,
Hi gurus,
I am the reviewer of a UAR and when I access I select all the roles-users to approve them. However, when I try to submit it, I get the following message: "Perform action on all assigments before submitting". (Check image attached).
Am I doing something wrong?
Thanks,
Kind regards,
Warning - "Role not generated on default connector" when creating a composite role with derived roles:
Hi All,
I get the above error message post addition of roles in the define roles phase of the Role methodology process.
I have referred through the below note which is valid for Business roles and is for GRC 10 SP12 whereas we are on GRC 10 SP16. I couldn't find a similar note for the Composite role.
1794860 - Warning message not correct when generated roles added in BR
Any inputs/notes would be helpful to address this issue to closure.
Regards,
Arun
Hello Experts,
We are implementing Decentralized Firefighter mechanism in our system.
I have done with plug-in settings in both Backend & GRC system.
For firefighter user - Have assigned GRC Firefighter Role & GRC Base Role to run GRC Applications (Standard) in Backend system.
We checked by assigning firefighter ID through GRC front end to the user ID , When user tried to log into respective FFID after entering the reason code information - getting error like " Invalid SAP User "
Is this the issue with authorization of User (Attached the error ) ?
Kindly assist.
Thanks in Advance,
Dinesh
Hello Experts,
We have recently changed out LDAP to GRC field mappings in GRC development system as mentioned in the attachment.
But we are not able to pull the manger field information in the portal which is maintained in active directory.
What could be the issue ?
Thanks in Advance.
Dinesh
Hello all,
I´ve configured GRC AC to user HCM as user search data source and also user details data source. During my user change tests through the "Access Request" function, I noticed that only existent users at SU01 and HCM (checked through PA30) appear in the access request User Selection. Existent users at HCM but not at SU01 doesn´t appear.
Someone can tell me why? I mean, if I configured the user search to use HCM as data source, shoudn´t it bring all HCM users regardless of his existence at SU01?
Thanks in advance,
Pedro
Hello Gurus,
While running ARA reports, the results show User ID and User name and User Group along with Risks information. I am wondering whether I can get User details like Location, Job details etc into the report columns. I can view those details when I click on the User ID but I would like to bring those details on to the report itself. Is there any customization involved for this to happen? Any ideas are greatly appreciated.
Thanks in advance.
Hi SAP Gurus,
I am trying to call one web service exposed by SAP for GRAC_USER_ACCESS_WS.
But when i send the request I get following error in response
"Connector is not configured".
Can someone please provide me a valid request structure. So that i can test that from my end.
I am giving request and response xmls below. Please let me know what more needs to be passed in request
SOAP Request-
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:sap-com:document:sap:soap:functions:mc-style">
<soapenv:Header/>
<soapenv:Body>
<urn:GracIdmUsrAccsReqServices>
<!--Optional:-->
<CustomFieldsVal>
<!--Zero or more repetitions:-->
<item>
<Fieldname>test</Fieldname>
<Value>test</Value>
</item>
</CustomFieldsVal>
<!--Optional:-->
<Language>en</Language>
<!--Optional:-->
<Parameter>
<!--Zero or more repetitions:-->
<item>
<Parameter>test</Parameter>
<ParameterValue>test</ParameterValue>
<ParameterDesc>test</ParameterDesc>
</item>
</Parameter>
<RequestHeaderData>
<Reqtype>01</Reqtype>
<Priority>test</Priority>
<ReqDueDate>27.03.2015</ReqDueDate>
<ReqInitSystem>test</ReqInitSystem>
<Requestorid>test</Requestorid>
<Email>test@test.com</Email>
<RequestReason>test</RequestReason>
<Funcarea>test</Funcarea>
<Bproc>test</Bproc>
</RequestHeaderData>
<RequestedLineItem>
<!--Zero or more repetitions:-->
<item>
<ItemName>test</ItemName>
<Connector>test</Connector>
<ProvItemType>test</ProvItemType>
<ProvType>test</ProvType>
<AssignmentType>test</AssignmentType>
<ProvStatus>test</ProvStatus>
<ValidFrom>test</ValidFrom>
<ValidTo>test</ValidTo>
<FfOwner>test</FfOwner>
<Comments>test</Comments>
<ProvAction>test</ProvAction>
<RoleType>test</RoleType>
</item>
</RequestedLineItem>
<!--Optional:-->
<UserGroup>
<!--Zero or more repetitions:-->
<item>
<UserGroup>test</UserGroup>
<UserGroupDesc>test</UserGroupDesc>
</item>
</UserGroup>
<UserInfo>
<!--Zero or more repetitions:-->
<item>
<Userid>test</Userid>
<Title>test</Title>
<Fname>test</Fname>
<Lname>test</Lname>
<SncName>test</SncName>
<UnsecSnc>test</UnsecSnc>
<Accno>test</Accno>
<UserGroup>test</UserGroup>
<ValidFrom>test</ValidFrom>
<ValidTo>test</ValidTo>
<Empposition>test</Empposition>
<Empjob>test</Empjob>
<Personnelno>test</Personnelno>
<Personnelarea>test</Personnelarea>
<CommMethod>test</CommMethod>
<Fax>test</Fax>
<Email>test</Email>
<Telnumber>test</Telnumber>
<Department>test</Department>
<Company>test</Company>
<Location>test</Location>
<Costcenter>test</Costcenter>
<Printer>test</Printer>
<Orgunit>test</Orgunit>
<Emptype>test</Emptype>
<Manager>test</Manager>
<ManagerEmail>test</ManagerEmail>
<ManagerFirstname>test</ManagerFirstname>
<ManagerLastname>test</ManagerLastname>
<StartMenu>test</StartMenu>
<LogonLang>test</LogonLang>
<DecNotation>test</DecNotation>
<DateFormat>ddmmyyyy</DateFormat>
<Alias>test</Alias>
<UserType>test</UserType>
</item>
</UserInfo>
</urn:GracIdmUsrAccsReqServices>
</soapenv:Body>
</soapenv:Envelope>
SOAP Response
<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
<soap-env:Header/>
<soap-env:Body>
<n0:GracIdmUsrAccsReqServicesResponse xmlns:n0="urn:sap-com:document:sap:soap:functions:mc-style">
<MsgReturn>
<MsgNo>4</MsgNo>
<MsgType>ERROR</MsgType>
<MsgStatement>Connector is not configured</MsgStatement>
</MsgReturn>
<RequestId/>
<RequestNo/>
</n0:GracIdmUsrAccsReqServicesResponse>
</soap-env:Body>
</soap-env:Envelope>
Thanks
Riju Bhasker
Hi All,
In BRM, when the user tries to do role generation, we want risk analysis to be run before the role actually gets generated. We have maintained 3011 parameter to YES.
But inspite of that the role is getting generated without Risk Analysis. Could anyone tell if we are missing anything?
Regards,
Mohamed Fazil
Hi All,
We are on GRC 10.1 and SP 13. We have configured Role Approval Workflow, but the escalation part is not working -- meaning we have set escalation time as 2 mins, but we do not see it getting escalated even after 2 mins, PFB the configuration details. We have already activated the workflow.
MSMP Workflow Details.
Audit Log :
Regards,
Fazil
when I go to /NWBC > access management > GRC role assignment > access control owners >
what table is data stored for access controls owners ? is it GRACOWNER ?
Hello Experts,
I never solved this issue last time and it's come up once again. What's happening is that I have a business role with several single and composite roles assigned to it. The assigned roles are across the landscape - some in BI, some in ECC etc.
The business role has a role owner assigned to it. Role owner has a valid SU01 user master in the GRC system, is in the owners table and is set as a role owner.
It is looking good at this stage.
When I request the role, the access request form shows the owner correctly.
The request goes to the user's manager, and then when the manager approves it, it then goes to the escape route.
I've looked at the MSMP stage where this happens and the agent used is the GRAC_ROLEOWNER.
I looked in the debug log and it says that results were returned.
What might be directing it to the escape route?
Thanks,
Santosh
Hi Guru's,
I am trying to build a BRF+agent rule within UAR application with below logic for notification purpose
I tried above logic using dblookup and hit a road block as the user ID from the agent is not being picked up by the job. I have included screenshots below along with the error from debug log. Can you guys please guide me on where I got this wrong.
GET REVIEWER ID
GET MANAGER ID
Decision Table
Function
I included this BRF+ ID in MSMP rule as notification type agent and set it up as notification recipient in the default stage within UAR MSMP
I ran the UAR jobs (data generation and update workflow). Manager notification agent was not picked up by the job. This is what I found in debug log from GRFNMW_DBGMONITOR_WD tcode for the request and it shows that empty user ID was returned. I was under the impression that the dblookup logic will pass manager ID info into user ID column in the agent result rule.
Any help to get this resolved is greatly appreciated.
Thanks
Sandeep
Dear All,
1. There is no Objective Category, when i am trying to create Control Objective., as shown below:
2. Also, for AM to function, what are all the Master data that i need to create.(not Data Source and Business rule).The Automated Monitoring overview doc. at http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/b04161e6-5cfe-2e10-4b90-815a3a2027c2?QuickLink=index&…
does not mention those
Regards
Plaban
Dear GRC Team,
I am currently configurating GRC AC 10.0 SP16 for our company as a demo system.
I have the following scenario:
- The GRC system is also the Target system.
- We are using Centralized FF.
- We are using ID based FF.
All steps necessary have been performed. (role assignments, parameter settings, sync jobs, etc.)
When executing transaction GRAC_EAM I can see the FF_ID assigned to my user.
Also I am able to choose the ID.
The usual pop-up box will appear asking me for reason code and so on.
When hitting enter or execute I receive that the loggon attempt failed and after repeating this of course the ID will be logged.
Does anybody have an Idea?
Kind regards in advance
Amir
Hi Experts,
We are facing the following issue: Access Management dashboard User / Role Analysis data empty and we are on SAP GRC AC 10.1 SP6
Issue in Detail: Log in to NWBC, navigate to Reports and Analytics tab, click User Analysis or Role Analysis.Dashboard will load and display, click on any of the risk level (Critical, High, Low, Medium, No Violations). A New Window pop up with the selections, but there are no data shown (e.g. High selected):
When Performing the Batch Risk Analysis job, it was terminated prematurely:
In ST22 we are getting following Runtime error: DBSQL_DUPLICATE_KEY_ERROR, Exception errorCX_SY_OPEN_SQL_DB ERROR
We have also applied the following note 2042012 - Batch Risk Analysis throws error DBIF_RSQL_SQL_ERRROR, but no luck.
Request your inputs in resolving the above issue.
Regards,
Venugopal
Dear all,
I want to create a new access for Controller in EAM. I would like only EAM Reports view in "Reports & Analysis" in NWBC.
I follow the explanations : http://events.asug.com/2013AC/Business%20Integration%20Technology%20&%20%20Infrastructure/0907%20Securing%20GRC%20designing%20effective%20security.pdf
but in this power point I modify standard... and I want to create specific data.
Step 1 : I have created in LDP_CUST a role and an instance specific : ZGRCREPEAM
Step 2 : I have created in SE80 in customer package "ZGRAC_EAM_REPORTS_CONTROL" in webdynpro component FPM_LAUNCHPAD_UIBB --> I copied GRAC_FPM_UIBB_LPD_REPORTS.
--> next start configurator and I put ZGRCREPEAM in Launchpad
Step 3 : I have created in SE80 in customer package "ZGRAC_EAM_AC_REPORTS" in webdynpro component GRFN_SERVICE_MAP --> I copied GRAC_FPM_CC_LPD_REPORTS.
--> next start configurator ... and I can't put my component in configuration... I don't understand what step I miss...? --> and if I change in "configuration UIBB" I modify the standard GRAC_FPM_CC_LPD_REPORTS
Anybody can help me ?
Thanks and regards,
Mélanie
Hi Experts,
I am checking the requests in GRFNMWRTDATLG table. the requests which are pending and which stage it is pending.
When I am cheking same request in NWBC. These requests are approved. I am confused, why their status is pending in table.
Regards,
Munish