Hi All,
I have diff. role names of FF id roles, for every plug in. So, which role name should be there in 4010. Also, in GRC box, shall i not mention all the plug-ins in parameter 1000 in SPRO->Access Control-> Maintain Plug-in Configuration settings
Regards
Plaban
Hi All,
I want to route a request to the Risk owner, of the Risk found in Risk Analysis of a Access request. How can it be done. The Routing rule GRAC_MSMP_DETOUR_SODVIOL captures if there is a Risk for the request, but does it have any variable which holds the Risks found.
Regards
Plaban
Hi all ,
I am new to GRC don't have much idea on GRC . I got a requirement in which when user click on add button in access request I want to append a
new row in the ALV . How can i achieve this.
Regards -
Vishal
Hi Experts,
I have been working on GRC Access Control for sometime and have done couple of Implementation projects.
I wanted to explore and learn Process Control and I have GRC system to start with but I am confused on from where to Start and pick up things. I have already been through PC useful blogs,documents link in SCN but still not clear on where to start with.
Any guidance will be very helpful.
~ Madan
Hi All,
We are facing an issue while raising the change user access request with existing user. system throwing an error message "user does not exists in system". (not able to submit the request)
However, this issue has been occurring for all existing users for particular plugin system only and existing user id validation is working well for rest of the plugin systems.
User ids are does exists in both tables GRACUSER and GRACUSERCONN for plugin connector, but system is unable to validate with the tables in GRC.
Observations:
I have noticed that while raising a change user request for existing user (user group is getting populated by default for working plugin connector but for issue connector "user group" is not getting populated)
All existing users are able to submit the new user access request 
Configuration details:
Data source has been maintained for plugin connector already
Global provisioning settings are maintained as "provisioning validation value set to error" (we have separate ARQ's 1. New user request 2. change user request)
Param 2051 was set to NO
If any of you have come across this situation, please assist
Thank you,
Eswar
Hi All.
We have some particular situations in which roles are maintained straight in the backends, instead of through BRM workflows (mainly because we have two different landscapes, with separate development environments but same production environment for SAP ECC).
Is there any way to force a PFCG sync for BRM roles, the same way "PFCG sync" button in the Authorization Data step would do?
I'm thinking about a standard background job, or even a function module we could use to build our own sync job, but other suggestions will also be appreciated.
Thanks in advance,
Marcelo Monsores
Hi,
I am phasing the issue when approver rejects the Access Request, rejection notification event does not trigger and mail does not send to respected recipient. Although rejection notification event has been configured in stage
Only END_OF_REQUEST notification event triggers and GRAC_USER get the mail.
Please help me on that.
Regards,
Pavan
Hello,
when we are creating datasource in process controls the custom tables are not
displaying table information in lookup button ,but it is working for standard tables
we have selected sub scenario as configurable
provide inputs to see custom tables in object field of datasource
Thanks
GRC Admin
Hi,
when we are executing dashboard report for user analysis to submit the report to management
report is not showing correct date at last update, even same for roles analysis also.
any idea what could be the reason
Thanks
GRC Admin
Hi Team
We are encountering an issue while removing the roles for an user.User is not able to see the business roles under assignment tab.
I found a note 1772759 - UAM: Business role not visible in Existing assignment Tab but this note is applicable for SAPK-V1104INGRCFNDA and we are on SAPK-V1107INGRCFNDA .
Can any one let me know if they have encountered this scenario in GRC10.1?
Thanks
Nitesh
Hi Experts
During GRC 10.1 ,ARQ implementation i encountered a error as below.
I changed the validity dates and i was able to submit the request.Please let me know if anyone as encountered the issue before and what the cause and soluion of the issue.
Thanks
Nitesh
Hello All,
I would like to configure global notifications for Request Submission and Request Closing. I need these to be sent to a custom agent, GRC Admin. However, in MSMP there is only the following agents available to receive global notifications:
Is it possible to configure this? I understand that I can configure a stage-level notification, but I really need the Global notification (the only notification with full Provisioning details) to be sent to the GRC Admin.
Thanks in advance!
-Ken
Hello,
when we are executing consolidated log report under reports and analytics tab,we could able
to see only transaction information not able to see descriptions of those transactions
Any inputs on this
Thanks
GRC Admin
Hi experts,
During migration from 5.3 to 10.1 for comparing the rule sets I have downloaded the
tables VIRSA_CC_FUNCPRM and VIRSA_CC_FUNCPRM_E from GRC5.3 and I see 22K+
records in VIRSA_CC_FUNCPRM while there are 1000+ records in the table VIRSA_CC_FUNCPRM_E.
When I compared my Functions to the records from the first table, they do match with auth object and values
and I am wondering what the entries are for in the second table. I am aware that
the table VIRSA_CC_FUNCPRM_E provides an extra column SEQUENCE which might be
the manual changes count on the functions. Can I ignore the table entries from VIRSA_CC_FUNCPRM_E
when I migrate the rule set into GRC10.1? After migrating the rule set into
GRC10.1, all functions look good except Auditor’s requirement to explain the
differences between these 2 database tables. Based on my observation, table VIRSA_CC_FUNCPRM_E
can be ignored during the migration since functions match from 5.3 to 10.1. Please
correct me if I am wrong.
Thanks,
Bhanu
Hi guys,
I'm creating some permission level risk and function Rules without Action in GRC 10. Some reason it is not working for me, I tried everything but it is not working at all. Here is what I'm setting up; Create Z function and use ^!ZDEBUG as an Action because there is no T-code involved and then go to the permission page and setup permission group same as Action ^!ZDEBUG. I also tried different name as permission group. As soon as I save
^!ZDEBUG has gone from Action column and it saved without it seems like blank Action column.
I'm not sure what I'm missing? I also try "^!ZDEBUG" with double quote but still not working. I was using S_DEVELOP as an object and ACTVT as field value with 02 and OBJTYPE = DEBUG and try to make this work but some how it gives me such a pain.
We are running SPS17 in GRC 10. Please advise the correct setting. Thanks in advance.
Regards,
Faisal
Hello Sap,
We are going for sap grc ac 5.3 to grc as 10.1 migration, so what support package level i need maitain for grc ac 5.3 components and which kernel i need maintain for nw 7.0 grc 5.3.
What are the prerequisites for grc 5.3 to 10.1 migration?
Hi Everyone,
Does anyone know what configuration needs to be done to allow the owners/approvers of FF id requests to change the validity dates on the requests in 10.1?
Right now I have that greyed out so the only option owners have is to reject the requests if they dont agree with the dates submitted.
Please let me know.
Thank you
Kiran
Hi Experts,
I need to extract some historic data from SAP GRC AC 5.3 to SAP BW 7.3 for the reporting purpose.
From the above link, I got the tables present in RAR and CUP.
Similarly, could anyone please tell me the tables present in FF or SPM (Superuser Privilege Management).
And also I wanted to know standard datasources for these tables in SPM , RAR , and CUP that can be extracted to SAP BW 7.3.
There are lots of standard datasources available for extraction from these modules - SPM, RAR and CUP .
So, how to identify this ?
What are the different ways available for us to extract the data from GRC to BW.
And which is the best option. ?
Your help will be appreciable.
Thanks & Regards,
Shruti Yendigeri
Message was edited by: Shruti Yendigeri
Message was edited by: Shruti Yendigeri
Hi GRC Experts
Here we need to manage Enterprise Portal account via Access Control ARM, I know that before the user select EP roles in Access Request, we need to firstly import the EP roles into BRM. Please refer to the following snapshot, I cannot find the application type "Enterprise Portal", it seems that there's no way to import EP roles 
Can someone please help me? Thanks a lot
I would appreciate any link or knowledge share reference.
BR, James
Hi everybody,
I'm testing a GRC 10.1 system with data converted from our 5.3 system. I've reconciled the rules and am now working on making sure the risk violations at user level match up. What I'm finding is that I've got non-dialog users in my risk analysis, though. I think I ran my original analysis without specifying a user type, and now I can't figure out how to get those users out of there. I tried doing a repository synch, but that just synchs up all users.
Help!
Thanks,
Krysta