Quantcast
Channel: SCN : All Content - Governance, Risk and Compliance (SAP GRC)
Viewing all 5097 articles
Browse latest View live

User sync and provisioning issue in EP - GRC 10

July 29, 2014, 1:52 pm
$
0
0

Hello All,

 

One of our requirement is to connect EP to GRC 10.1 and enable user provisioning. I have followed all the instructions per note 1977781 to configure the EP but I'm unable to perform user sync and user provisioning in EP. I'm able to successfully sync roles and groups from EP but not users. I get below error when I submit access request for portal role assignment.

 

user lock and unlock is working fine.

 

User provisioning error:

 

User sync result:

 

Our EP is connected to LDAP so we have used below parameter mapping.

 

 

Really appreciate if someone can help me with above mentioned issue.

 

Thanks,

Kumar

Search

Disable "Register Self Service Questions" from End User Screen

April 13, 2015, 5:48 am
$
0
0

Hi Experts,

     We have implemented GRC 10. We are on SP 13. Could anyone tell me if there is an option to disable "Register Self Service Questions" from End User Screen? If yes, please tell me how to do it.

 

Capture.PNG

 

 

Regards,

Mohamed Fazil

Some FF Workflows are not sent to Owners

April 9, 2015, 9:16 am
$
0
0

Hi Guys,

 

I have an issue related to workflow, We are running GRC 10 SPS 17.  All the EAM activities are working as it should no errors but when I checked GRACFFLOG table in SE16 there is a field "WORKFLOW_SENT" that I used,  I took the "X" mark out  by using not equal condition and ran the report.  I found 149 workflows that have not been sent out. Please run the same report in your GRC system and see if you have some, if not then I have to resolve this.  either way I have to resolve this issue.

 

Please let me know if you encounter same issue, and advise how to resolve it. I thought SPS fixes all the EAM issues.

 

Thanks in advance

 

Regards,

Faisal

Can't find survey ID relation to GRRMANALYSIS and GRPCSTMPLT_T table

March 25, 2015, 2:49 pm
$
0
0

Hello dear experts, how’s it going?

 

I’m working on my second Risk Management project and I need a little help from you.

We are creating a customized report via BO Dashboards and, firstly, we are modeling the data to store in BW, creating views to be used in DataSources inside GRC.

 

Basically, I have to store all the information of answered collaborative surveys in BW to make some further calculations via query, and the name of these collaborative surveys are extremely important

 

 

The problem is that I’m really struggling to find the relation between the answered survey ID contained in GRRMANALYSIS table (GRRMANALYSIS-SURVEY_ID) and the mainSurvey ID (that contains the description) contained in GRPCSTMPLT_T table (GRPCSTMPLT_T-SURVEY_ID).

 

GRRMANALYSIS table:

1.png

 

These two highlighted Survey IDs are related to the last two collaborative surveys I’ve answered and consolidated

 

   

GRPCSTMPLT_T table:

 

2.png

Here you also have the Survey ID, however it’s not the same ID present in the previous table (by the way, I used the survey highlighted in red and the ID is not the same)

 

 

 

I’ve noticed that in the table GRFNTSVYGROUP I can find these entries below, which indicates for how many times I’ve used this survey to a risk, but still the IDs are not the same as in GRRMANALYSIS table:

3.png

 

 

I've already checked all the tables that contains the same data element (GRPC_SURVEY_ID) and still couldn't find this relation.

Do you guys have any idea what would be the table that contains the same survey ID present in GRRMANALYSIS so I can link with its text description?! As you may know, most of RM tables doen't have any description and that makes it so much harder to find.

 

Any tip will be more than appreciated!

 

Thanks in advance!

 

Best regards,

Alcino.

GRC 10.1 Risk Analysis - Roles and Users do not exist

April 7, 2015, 6:40 am
$
0
0

Dear Experts,

 

On GRC 10.1, I have executed synchronization jobs and it finished successfully.

After that I tried to execute risk analysis but users/roles on ECC side do not exist.

 

Could you please help me what should I do?

GRC AC User dafaults

April 13, 2015, 4:52 am
$
0
0


Hi Experts

 

I need to Configure a Delete Access workflow in GRC AC where i have 3 requirements.

 

1) Lock the user  and change the validity date of the user.

 

2) Remove the roles of the user

 

3) Update the user group of the user.

 

First two requirements are done but the 3rd one is pending.

 

I have updated the decision table for User defaults in BRF+ as below and also assigned the action User default to Request type DELETE ACCOUNT.

 

Request type(003)-> System id->Default_id(As per SPRO)

 

But the assignment of user group is not happening.I have read some notes that i need to create a Loop Expression for this.Can anyone explain me what is this and what is the use of this as i have already created a decison table

 

Thanks

Nitesh

Mitigation control id request description in Search Request shows "000"

April 13, 2015, 2:56 am
$
0
0

Issue: Mitigation control id request description in Search Request shows 000


Hi All,


The configuration done w.r.to the MC request is that a new request type(Request id 127) in EUP is created and mapped to the MC Maintenance workflow accordingly.


Additionally, I don't think there are any configuration parameters w.r.to this Mitigation control maintenance request present in configuration guide to be maintained accordingly.


Even after doing all these but still this issue exists.


FYI - Already request type ids 125 & 126 are automatically considered by the system for creation & updation MC ID. Also, assuming there is no relevant action required for these requests, left it empty.


Please provide inputs on how else this issue can be addressed.


Regards,

Arun

How to add an GRC report in role menu

April 13, 2015, 6:30 am
$
0
0

Hi Experts,

 

In NWBC --> Reports and analytics we see many reports exits. I would like to add some of the reports in Role menu.

 

As these reports are web dynpro, Could you please advise how do i get the report name to add them into Role menu under web dynpro. Please advise.

 

Regards,

Balu

Search

Mitigation control request is empty when opened in Search Request

April 13, 2015, 2:41 am
$
0
0

Issue: All fields in the Mitigation control request are empty when the raised request is opened in Search Request.

 

Error message when opening the MC id request in  Search Request.

 

    Error 1 -  "Control CONTROL/L/50000XXX does not exist "

 

     Error message when opening the MC id by clicking on Administration in Search Request


    Error 2 - "Work item 000000065684 is not in the users work inbox"


However, the approver has all the fields populated when attempting to approve the request.


Please provide you inputs to ensure the issue is fixed.

 

Regards,

Arun

GRC AC 10 Role Detailed Description - Table

April 13, 2015, 8:29 am
$
0
0

Hi Everyone

 

We are trying to find the Table in GRC that holds the Detailed Description of a Role.  The information we want to find in found on the following screen

 

Additional Details -> Detailed Description when you build a role.

 

We want to export/extract this data into a BW table for a custom report.

 

Thanks for the help in advance

 

Simon

PSS and EUL:Admin defined questions not appearing for registration

April 12, 2015, 9:34 am
$
0
0

Hi Experts,

 

I have configured PSS with end user login.Everything seems to work well except that admin defined questions are not availabe for selection when user tries to register.When user adds self defined questions he is able to request password reset and also create access requests.I have attached screenshots.Am I missing something here?

 

Regards

Mukund

GRC 10.1 - GRAC_BATCH_RA( Job packages are failing with error)

April 13, 2015, 4:55 am
$
0
0

Hi experts,

 

We have GRC10.1 with SP06. The problem we have s with transaction GRAC_BATCH_RA. We are running batch risk analysis in order to be able to use the offline risk analysis.

 

But each time we run the analysis some users are left out and not being analyzed successfully. So Offline reports are not being proper. While checked we found that the GRAC_BATCH_MONITOR shows some packages for users are running with error.

 

Instead of completed the users has a status "Re-Process"

 

Attached you can find the log and SLG1 screen with the error.

 

Please help us fix the issue.

 

The following parameter are set as "100"

 

1120-1123 and 1034

 

The parameter rdisp/wp_no_btc is set as 6 in the system.

Error scheduling Queries

April 14, 2015, 1:54 am
$
0
0

Hi gurus,


I am creating a query in the ECC to be used in GRC system but the problem I have is that when I create the BR in the GRC system as “Value Check” type the error I get is the following: "All mandatory fields selection parameters have to be suppied, connector “”". However, if I create the BR as “Exception category” everything works fine.

Do you have any idea of what is happening?

Security Audit files (.AUD) for GRC Action usage

April 14, 2015, 1:59 am
$
0
0

Good Day

 

I need some advise regarding the security audit files for GRC on the HR System.

Our basis team is concerned that the security audit files are filling up the file system in the HR system. I assume these are for Action Usage.

I would like to get a view of what other companies are doing to sort this out.

Can these .AUD files be deleted or what?

 

Your advise would highly be appreciated.

 

Regards

Mustafa

Is GRC 10.x better than GRC 5.3?

April 14, 2015, 3:14 am
$
0
0

As a foreword I would like to use popular Rolling Stones’ song adopted to the topic of the article.

When I'm customizin' my GRC

And that support comes in the message

It's tellin' me more and more

About some useless information

Supposed to fire my imagination

I can't get no, oh no, no, no

Hey hey hey, that's what I say

 

Here on SCN and on SAP promo materials everybody can read about the powerful tool – BRF+ and very flexible workflow of the new GRC. So, I will not be arguing with those promises, but I would like to share my experience. Now we are reimplementing GRC, we just try to make the same settings in GRC 10 that we have in GRC 5.3. During the reimplementation we have faced with the non-resolving issues and I hope that this article “fire your imagination”.

The first issue

Really we don’t have so many issue, but they stuck our project. The first thing is CUA setting. I don’t know for what purpose SAP made “Maintain CUA Settings” in SPRO. In fact, it doesn’t work. Why have I decided so?

I have CUA with 3 systems (SSDCLNT001 – CUA central system, SSDCLNT200 – CUA managed system, GRDCLNT200 – CUA managed system), it configured in (I call it) Mix mode. Mix means that we use many parameters (such as name, user type, format…) set as global, and the others (such as roles, profiles, user parameters…) set as local.

We were surprised when had known that this configuration is not supported by the new GRC.

Quote from the message

Hi Artem,

I had discussions with our architect and other technical experts on

this. Currently it is not possible to consider the mixed settings and

hence would request you to maintain them as globally in the SCUM

settings in order to resolve your issue.

Of course, during the correspondence, we tried to use “Maintain CUA Settings”, but I was advised to not use it at all. Even if use global or local settings. Here is the question for experts: what is the purpose of this setting?! More over if I set here CUA-manager system and CUA-managed system and not activate “CUA Global System”, I get the dump: OBJECTS_OBJREF_NOT_ASSIGNED_NO CX_SY_REF_IS_INITIAL CL_WDR_INTERNAL_WINDOW========CP

The second issue

BRF+ is really great thing and MSMP too! But… it is not flexible for logically standard scenario. When we started to implement new GRC I see that systems go as independent items in the request and should be approved as roles. Finally, systems go not just as an attribute of the request (like it was in 5.3), but they have owners. However, to customize simple workflow is not possible:

1st stage - Manager selects systems and roles.

2nd stage – Systems should be approved/rejected by the owners.

3rd stage – Roles should be approved/rejected by the owners, and the roles assigned to the rejected systems should be rejected automatically.

Doesn’t it seem logically simple?

In fact, it’s not possible using the standard tools to realize this scenario. You may say: Use ABAP. But for what we need ‘flexible’ BRF and MSMP then?

I should thank Madhu Babu for his helpful blog http://scn.sap.com/community/grc/blog/2014/03/24/grc-request-with-both-system-and-role-line-items

He does a great work, and I see that he is one the most active contributor on scn! Unfortunately, the above configuration doesn’t resolve the issue. Imagine that you are a role owner, you get a request with, say, 20 roles. You analyse them, wright some comment, in common, waste your time to process the roles. In parallel, some system owner doesn’t think that the user of the request must have the access to the system and reject system assignment. In the result, user will not get the access to the system and the roles (for which you and the other owners have wasted the time!).

I should also thank Marina Volynets, because she tried to help me find out that the issue cannot be resolved with the standard tools.

Need an idea to resolve split procedure

The third issue

BRF+ in its decision table must have approvers for each item in the request, otherwise we get “No agent found” on the workflow level. There no option in MSMP to send all line items without approvers to the next stage. Previously (in 5.3), all orphaned roles go to the next stage. Yes, it might be a breach in the security area, but why 10.x doesn’t have an option (check box, for example) to pass forward orphaned items?

 

From my point of view, we get a new GRC that is neither better nor worse than the previous. They are the same with slight differences.

I hope that my article will raise a wave of indignation and experts provide their view on the issues. Maybe someone points me that I'm wrong or points me on the idea place… If someone has issues to add to the article, you are welcome!

 

Best regards,

Artem

Search

ARA shows risk for one user but not for other

March 9, 2015, 10:42 pm
$
0
0

Hi Friends,

 

When i run RA for a bunch of users then Risk appears for one user but not for other, Both users having same access.

 

What might be the reason.

 

Thanks,

Nishant

Portal group provisioning issue from GRC 10

April 10, 2015, 2:58 am
$
0
0

Hi All,

 

We are able to provision the portal role to portal user from GRC, but it’s failing to provision portal group.

 

we had reviewed the following two SNOTES already and maintain the "action and group" parameters mapping accordingly, but no luck in provisioning the portal group to the user in EP.

 

1762514

1840613

 

If any of you have come across this situation? Please assist

 

Thank you,

In Request type, what is the difference between action 'Change user' and 'Assign object'

April 14, 2015, 4:27 am
$
0
0

Dear All,

 

I have used only 'Assign Object' for my 'Change User' request type. But the standard request type has 'Change user'. So, could you suggest , what additional purpose does Change Object serve

 

Regards

Plaban

Need an idea to resolve split procedure

April 2, 2015, 12:46 am
$
0
0

Dear all,

I have the following approval procedure:

  • Manager creates request with roles and systems
  • Approvers make decisions
  • User gets roles and systems (or doesn’t get)

  As soon as I use the rule based on functional area of a role, to determine the approver, my line items with systems are also checked by the rule. And here is the problem: 

If role approvers confirm role assignment, but system approvers don’t confirm the system where the role exists, then we get a conflict between role approvers and system approvers. To resolve the problem I would like to split the procedure into two stages:

  1. System approval procedure
  2. Role approval procedure

I found a post by Madhu Babu where he describes similar procedure for initiator, but even in this case I get the same problem (system approvers working in parallel may decline system assignment, while role approvers may not).

If I create two stages and assign approvers for the system on the first stage then while doing analysis BRF will not find agent for role line items and fall with a workflow error. And vice versa: I get the error on the second stage but for system line items.

Customizing for agents, where I can set approval level, contains only the following entries:

  • Request
  • Role
  • System and Role

So, I can’t resolve my requirement using this option.

Could anyone please give an idea how to resolve my issue?

 

Regards,

Artem

NWBC Work Area Missing

April 14, 2015, 9:18 am
$
0
0

Hi gurus.,

 

I am working with GRC RM 10.1 and when trying to create a risk proposal I can not find the "Adhoc tasks" work area and therefore, I can not find the "Risk proposal".

 

Could you please help me?

 

Thanks,

 

Kind regards,

Viewing all 5097 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>