Hi fellows, i am seting up a new connector in GRC 10.0, but when configuring the connector for the User detailed Data sources i get the same error; "Sequence number already exists in table".
I have tried with over 200 numbers which I know for sure are available and still get the same error. Where can I find the table with this information?
Can the information be removed to clean up table space?
Thanks for your help!!!
Hello Experts,
We have created plans and we can able to see created plans in planner monitor under assessment planning in NWBC
we can able to select the plan name and send to recipient by using Notify button up to this everything is fine
but when we want to send more than one plans to recipients,not able to select the line items.
any idea to resolve this.
Thanks
GRC Admin
I configurated the PSS Service in my Central user administration system, all works correctly: I can register the question, I can put my secret answer, I can select the system, and finally, the system confirms that the account was reset and the new password was sent to the email user.
The problem is in the last step, because the Account user in SU01 is, for example agomez@ph.com.mx but when I review in SOST the workflow sent the email to other email, example dummy123@ph.com.mx
This happens when some users, with other, the email is sent correctly.
I don't know why and how solve them.
Anybody can help me???
Thanks for your response!!!
Hello,
Initially we have created several policies in process control as part of master data under regulations and
policies,now some of them are not required hence we want to restrict the validity, but when we changed the date in
existing policy it is generating the new policy version with restricted date instead of changing date in old
policy.
Any body have idea how to change the validity for existing policy versions
Thanks
GRC Admin
Hello,
We are unable to do a search based on root node after successful LDAP integration but if we add a particular OU within the base entry then we are able to search the users for that specific OU. Specifying a specific OU is not the right solution as we have different OU for North America, Europe,
Latin America etc. regions. We need to specify the root node so that it will search for all the users in different region. We are getting the below operation failed error when we don't specify OU in the base entry.
Message no. LDAPRC001
This is an error message that is triggered by the directory server.
It is not possible to analyze the error in the SAP system.
Check the log files for the directory server (if they exist), to see if they
contain more information.
Please let us know if you guys have faced this situation and what was the resolution.
Thanks,
Gautam.
Hi all,
We have migrated our 5.3 Access Control System to 10.1 and all the post-installation steps are applied. We loaded the user and roles from our ERP System, created rules and generated them for our system. Parameter 1027 – Enable offline risk analysi is set to YES. We also ran the batch job for the risk analysis in Background (transaction GRAC_BATCH_RA). When we run the NWBC -> Access Management -> User Level for our System we get just an empty window – no error message, nothing. It doesn’t make a difference if we run it on action level, permission level with offline data or without, in foreground or background, the result is just an empty window. What might be the issue here ?
Thanks in advance
Bernd
Dear all,
first of all as a new member of this forum I want to thank you for all the helpful discussions you join here.
As you have all an extense knowledge in SAP GRC, I hope you can help me as well:
We use Process Control 10.0. As an administrator, I shall implement and deactivate processes in the oranizational hierarchie.
Therefore I usually imeplement an central process and sub-process in the central catalogue and then bring it into the local organisation.
Now the customer told us to deactivate several processes. As the deactivation in the central catalogue (central process end at 28.02.2015) does not have any impact on the local process (the ending date is still open so that the local process does not expire on 28.02.2015 but in 9999), I need another way for deactivating the local process.
My question is now: How can I deactivate the local process? When I open the organization itself, I see a lot of Tabs for example roles, risks, subprocesses etc. but I cannot see a tab "processes". Furthermore, I can't find a function in the Transaction "LPD_CUST".
Can you help me please?
Hello experts,
we have connected multiple ECC systems to GRC by creating connectors with respect to each system and
currently we are using,now due to some reasons customer requested to delete complete data from
one of the ECC system from GRC.
we are using only access control with all components
please suggest how to delete all relevant data
from GRC system
Thanks
GRC Admin
Hi All,
So we have a requirement to use trusted connections for our EAM configuration and after setting up FFUser when the user login in to the system and execute GRAC_SPM we automatically get the message "Error found in RFC (Plugin System) and respective logon\logons are disabled." We saw note 1777094 that suggest to update validity and password of RFC user, but because this is a trusted connection there is no "RFC User" or in other words the user is the "Current user" of the session and note 1652880 is suggested as a possible fix for Non trusted RFC. Can anyone point me in the direction of what the issue is here?
we automatically get the message
Hi, In the past various OSS notes provided information regarding ruleset updates. I have tried searching for any OSS notes with this content published after 2012 but I cannot find them. Here are some examples of what I am looking for. Any help would be appreciated!
OSS 1446680 – Q2 2010
OSS 1604722 – Q3 2011
OSS 1809810 - Q4 2012
Hi Gurus,
We are using the new feature in the SAP GRC 10.1 regarding the integration between GRC and IAM (Internal Audit Management), we are specifically testing the functionality of Audit Request.
We are using SP08 in the IAM system and we have GRC 10.1 in SP07. We have already created an Audit Request but no one received it, neither in GRC nor in IAM system.
We have checked and it was not possible to find a business event related to it in the workflows table. Is this option not even-dependent?
Any help will be appreciatted.
Thanks in advance.
Regards.
Hi,
We are on GRC 10.1 SP6 & centralized EAM FireFighter concept.When we give different email addresses to firefighter user in plugin & GRC Systems and when firefighter user enters comments in workitem for additional information (in response to controller) in notes When he clicks on RETURN Tab he gets error: Error in processing the request and firefighter user lost workitem and we unable to see the lost workitem request in our GRC System.How can we get those lost workitems request for firefighter user to process it??
and in other case when we create controller in only GRC Box (if controller doesn't exist in plugin system) and controller gets error message:Error in processing the request when he click on Other Actions-> Additional Information and after that he lost Other Action tab to reprocess the work item.
My question is How can firefighter user able to see the lost workitems ??and for other case how can controller able to reprocess those workitems to see Other Actions->Additional Information??
This issue is due to email addresses not synch in plugin and grc box.
Thanks
Ali
Hello Friends,
Can ony guide me how can we integrate any ticketing tool to GRC Access request module?
Idea is :After submitting the request in GRC a ticket should be created automatically in ticketing tool.
Thanks in advance for your help.
Hari
Hi All,
I have an interesting scenario which I could do with some help to solve.
My client has a scenario where users require a different set of default roles in 2 systems depending on their grade in the business (ESS v MSS access mainly). These roles are conflict free and should be assigned without the need for approval based upon the HR employee records.
I have configured HR triggers to auomatically trigger a request and create the user in both systems with the generic access without approval (as requested) but I have only been able to do this through the assignment of default roles per system which means every request gets the same roles.
How can I get the HR triggers functionality to look at the employee record and derive the correct roles to assign rather than just a global one?
I cannot use Indirect role provisioning as this requires roles to be assigned wider than just the HR system itself and also would be a massive data maintenance headache.
I was considering using default roles based upon Functional Area but the functional area is a single entry and therefore cannot be triggered effectively from an HR trigger where there could be multiple values.
I basically want to get a BRF+ rule for assigning roles to requests as well as triggering action IDs! Is there a way of doing that?
Simon
Hello everybody!
Could anyone tell me whether the following copying procedure works as designed?
I created a user with roles (in two stages: manager - role owner)
Then I try to create one request as a copy of the previous. But in the end of copying procedure I got:
"User details have updated, as user id was modified" (message class GRAC_WF_REQUEST 834).
After the above notification the request goes to nowhere, because field with manager becomes blank.
Is it ok or no?
If I set provisioning option "Account validation check" I get message number 607 "Account Validation is ignored for system &1 due to conflicting actions."
Remark: the below screens show that I changed user's names, but even if I don't change them I get the following warning.
Some screen shots to describe the situation:
Regards,
Artem
Dear all.
I am considering to mitigate at user group level in GRC. That means for example for all the users related to user group: GROUP_A i want to mitigate an specific or all the risks. Is this feasible in GRC?
Is it also possible to mitigate at Business Unit / Organization level?
Kind regards and thank you.
Sara.
Hello,
We are configured the system GRC AC 10.1 according the configuration guides.
After configure the Access Risk Analysis for User Level/Role Level/Profile Level... no output data will be displayed. We use a user test with roles and rules created for test this situation and no results are displayed. The same happens for the rest of real users.
We try to execute the risk analysis both in on line or offline mode but with the same result.
What could be missing? I found a lot of SAP notes for this particular problem specially for GRC 10.0 nut none for GRC 10.1.
Follow I send some information points:
Components
SAP GRC AC 10.1
SP v007
GRCFND_A V1100 SAPK-V1107INGRCFNDA
GRCPINW V1100_731 SAPK-11507INGRCPINW
Configuration steps
This tables contain entries:
GRACUSERCONN
GRACRLCONN
GRACACTRULE
This tables does not contain entries:
GRACUSERACTVL
GRACUSERPRMVL
Jobs executed:
GRAC_PFCG_AUTHORIZATION_SYNC
GRAC_REPOSITORY_OBJECT_SYNC
GRAC_ACTION_USAGE_SYNC
GRAC_ROLE_USAGE_SYNC
Best Regards for all.
PC
Hello GRC Gurus,
In my Organization, We have a requirement to support French Language due to legal requirements in the Quebec provinvce. This means that all notifications to users in the Quebec province will have to be delivered in French.
I have researched this in as far as:
The issue i have here is:
can the notifications be sent to different sets of users in different languages? I see that that one message class can only be associated with one document object. Is there a way to get around this to define who will get the notification in French and who will get it in English probaly based on USER GROUP or DEFAULT LANGUAGE
Ofcourse, the message documents can be modified to present it in both English and French to make it easier but in future if there are legal requirement in others countries it does not make sense to keep adding the message body in all the required languages
Can you please help?
Regards,
Prashant
We have recently made changes to our ruleset and uploaded them in Development and Production. We have noticed whilst running Ad-Hoc Risk Analyses that the Production system is showing Risks as Medium when they are either critical or high. For example Risk ZA12 is a High risk but the Risk analyses is showing this Risk as a Medium risk.However in Develpment risks are displaying as expected when we run Adhoc risk analyses. We have deleted previous ruleset, uploaded the new ruleset, generated rules and run all the Sync jobs to no avail. In Addition i have gone into NWBC and double checked if the Ruleset had been generated (Rule Setup>Generated Rules>Access Rule Summary) and i can confirm that the risks are appearing as expected here). Oddly even the Management Reports (Reports and Analytics) seem to have the correct Risk Ratings against the violations.
Strange!
Hi Experts,
I am looking to create an Agent Rule (BRF+/ BRF+ Flat) for the UAR MSMP Process. The purpose is that, the users will be notified via email when any role is removed from their IDs. Appreciate your help in creating the BRF rule to identify 'Users' as the Agent.
Thanks,
Sajib.