HI,
How to create rule matrix...do we first consider the business process.I mean do we have to craete rule matrix as per the different SAP Modules(BASIS,HR,PAYROLL etc.).
Also if somebody have any document or link for role simulation demonstration please share the same with me.!!
Hi
We are planning to move to 10.1 from 10.0 and we have connector applications which use the following APIs. We would like to know whether there is any changes was done to the attributes or functionality of these web services. Is there any official document which lists out the changes in APIs available?
APIs used
Thanks in advance
Fareez
1. Audit log says Requet is pending for approval at path X and Stage X ( updated by WF-BATCH)
2. Logged in as owner for the firefighter ID, the workinbox is empty.
3. No email alert also for the request created.
Unable to find an error in the Emergency access process , does not create a provisioning log request
If I try to create another request for Self gives message a message already exists.
Dear All
I have implemented ABAP function class ZCL_GRAC_WFA_RISK_OWNER to identify the risk owners once the role approval is done, the Workflow is working fine with one exception.
My scenario is like this - i have mapped P059 risks to PR risk approver coming from PR role, S007 risks is mapped to SD risk approver coming from SD role, so when the role owner have approved both the roles, i would like to send seperate risk approval requests to 2 diff risk approvers as per my mapping.
But currently P059 & S007 risks are routed to both approvers at the same time & when one of them approves the risks - both risks get approved & provisioning is taking place.
i would like 2 risk approval to be put in place - any idea on how to acheive this?
Naveen
Hi,
We are on GRAC SP09. I run a Full Repository Sync Weekly on Monday at 00:30:00 in background batch mode. It states it is successful. A few users(they are always the same users) do not show each week on Monday after the sync runs when I check these same users in access review.
If I then run incremental in background mode at 8 am then these users will show up. I run the incremental daily but not until later in the day.
Shouldn't the full sync pull these users? They are active users and not users that have had roles changed, deletions or expired roles.
Thanks,
Mary
Hi,
We are implementing GRC 10.0 SP 14 and have run into a problem.
The approvers are not able to view the access request tabs when they select the request for approval from their 'work inbox'
They can only see the submit/otheractions and close button.
The risk analysis is mandatory for role owner stage but the risk analysis cannot be performed as the risk violation tab is not visible.
The approvers have full access to the GRC system.
Your help is appreciated.
Best Regards,
Silver
Hi experts,
Looking for solution on how to implement PSS in GRC AC10 with the following option:
Steps are
1. User wants to reset his/her password.
2. Goes to NWBC Link
3. Put the user id
4. Clicks on < Forgot Password >
5. Security question is asked
6. User gets a mail in his/her mail box with a link to reset the password
Regards,
Sudha M
Hi everyone,
We have encountered a scenario where for a few of master data elements the change requestor and approver are configured to be same person. In such cases, the approval request goes to the fallback user. Is it possible to avoid this check so as to either:
1. Allow requestor to directly make changes since he himself is the approver
2. Make the change approval go to approver (in this the requestor himself)
Thanks for your help.
I am referring to the Wiki article:
http://wiki.scn.sap.com/wiki/display/GRC/Master+Data+Change+Request+Workflow
-Ann
we are on GRAC 10.1 SP6. Created custom field for user license type for both request form and role attribute, both appear. Also followed the SAP note 1736817 for mapping. Maintained mapping for connector group, assign group field mapping. custom field is mapped to system field name LIC_TYPE, table name IS_UCLASS. The field is available for edit on the request, but when submitted, the value does not populate on the target system. Also would like to have drop-down using ACTIVE field in table TUTYPA. If anyone has successfully done either of these, please respond.
Hi All,
we are integrating SAP GRC with Oracle IDAM for Risk Analysis, we have activated required web services in GRC. But we are getting below error when we try to connect GRC from Oracle IDAM. I hope I missed some Config steps. Could you pleas help me with what are the steps involved to make web service active.
Error is:
1_Failed to access the WSDL at:
file:/Hostname:8010/sap/bc/srt/wsdl/flv_10002A1011D1/bndg_url/sap/bc/srt/scs/sap/GRAC_LOOKUP_WS.WSDL.
It failed
with: /Hostname:8010/sap/bc/srt/wsdl/flv_10002A1011D1/bndg_url/sap/bc/srt/scs/sap/GRAC_LOOKUP_WS.WSDL (No such file or
directory).
We are facing an issue related to FF log review, FF controllers are getting empty/invalid log report (out of 10 FF log reports 1 or 2 log reports are empty/invalid. Currently we are on SP09. Could anyone please help on this issue.
HI All,
I have a business requirement to forward a request to some one (for example a requester). This is very much possible with the help of "Forwar Allowed" option selection in the Manager Stage.
Another business requirement is that, after forwarding that request (to a requester in my example), this request should come back to the original forwarder (Manager) after the forwardee (requester) submits the request. This is possible when the forwarder (Manager) selects "Forward with return" check box at the time of forwarding a request. If by mistake his missed it, then request WILL NOT come back to him (Manager) after the forwardee (requester) submits the request!
This is quite strange. I have not seen any configuration parameter to make "Forward with return" option selected by default. However, I thought it was possible to modify the same with opening "GRAC_OIF_REQUEST_APPROVAL" application in SE80 and modify it from there. But when I opened this application with a request ID which is in "RUNNING" status, I could only see below buttons/options:
1. Print Button
2. Other Actions (No sub actions displayed)
3. Close
Above buttons/options are usually displayed when: a user does not have necessary authorizations or a request is closed.
But I have full authorizations and the request is still running. I am unable to select "Forward" option to get further screen/application to make this "Forward with return" option selected and greyed out.
CAn anybody please guied me in this? How I can achieve above business requirements?
Regards,
Faisal
Hi All,
We have a strange issue in our GRC 5.3 system where we had created a workflow for three roles in such a way that if the CUP Request having those roles doesn't create any violation (with users's pre-existing access) then those roles will be auto-approved.
In case CUP Request creates violation then it should follow another workflow where it goes to designated approvers for approval.
The issue now is that request for these three roles without any violation are getting auto-approved (which is desired), but there are times that request for same roles, again without any violation are following other workflow i.e they are going to approvers for approval and are not auto-approved.
This is very surprising that how can same role in same situation can follow different workflows at different times.
Any idea???
Thanks
Aditi
Hi,
Is it possible to have 2 approvers (primary and secondary/back-up) for a role but only one them need to approve? Both should get the email notification but only one of them should approve. Escalation to alternate approver is not what I am looking for.
When the roles are imported into GRC, do I need to a two entries for each role since I need have 2 approvers for the role? or is Delegation a better option?
If Delegation is used, then do I have to setup both as role owners? or can delegated user approve with the need to setup as role owner?
Thanks,
Jay
Dear All
When i try to run Role level risk report & open the screen - I would like to know if there is a possibility of restricting the SAP standard roles from being displayed for selection.
Currently we are using 10.1 & i have setup the excluded values & running the batch risk analysis only on custom roles.
then also my risk report shows SAP standard roles, appreciate your advice
Raju
Hi, Please check and provide GRC system validation steps in serial. I am looking for the serial steps which we need to follow while validating GRC system after applying support packs or upgrade etc. Appreciate your feedback. Thanks & Regards, Koteswara Rao.
Hi Guys,
We've just migrated from VIRSA 4.0 to GRC 10.0. We have only two connectors configured ECC and Finace System.
Rules have been generated and we're using the standard "global" ruleset. The rules seem to be generated successfully ( I've checked in the NWBC that the permissions appear after the risk generation and also I've checked some tables like GRACSYSRULE and GRACACTRULE and risks appear there).
When running a risk analysis report at user level in both the system VIRSA 4.0 and GRC 10.0 the no. of conflicts matches where as no. of mitigation doesnot match.Due to this mis-match we are not in a position to go 100% LIVE with GRC and decommisioning VIRSA. We use concept of mitigated roles and not users. Raised the concern with SAP too 2 weeks back and no luck yet.
Does anyone faced a similar issue? can you give me some light in order to solve the issue?
Many Thanks!
Ratan Roy
Hi,
I am recently trying to setup Fraud management Web UI. However, after use FRA_UI to go to Web UI, there is nothing on the front end page. Anyone knows what happened? It is supposed to have alert, detection, ect.
Thanks,
Hi,
I am using PC10.0.
I created a rule criteria for BWKEY values and assigned. I assigned it the table T001K and the connector to the target system.
I then assigned it to custom made OLSP. However when the results come out, it doesn't consider the values I entered within the filter for BWKEY.
The filters for the rule criteria that I created don't work. However the filters for the SAP provided rule criteria; 'COMPANY CODE' works.
The tables in my configurable subscenario include MBEW and T001K, both of which have BWKEY. The business rules don't use the same filters as that of the OLSP.
I can't find any error. The OLSP filter just doesn't want to work when I run the job. Certain BWKEY records within MBEW remain within the job results.
I've attached images of the rule criteria.
What could be the problem and how can I resolve it?
Thank you.
Hi,
I would like restrict users from selection systems from the drop down in "Risk Violations" Tab. In order to achieve this, I opened GRAC_OIF_RQUEST_SUBMISSION" application in Admin mode and disabled. As a result, this field is disabled. But this is blank. I am unable to maintain any value in it. I tried to select a value from the drop down and then disabling the field. I saved with the selected value. But later when Access Request application accessed, it is again showed blank.
However, when a user performs risk analysis, application still performs for all the connectors!
user is authorized to perform risk analysis for specific connector (controlled using GRAC_SYS object). But not sure where from application is picking up different connectors?
Secondly, I also noticed that this "System" drop down has multiple entries in it along with "ALL". I dont have any clue where these values are coming from!
Can anybody help me in understanding and addressing this?
Also, may I know how other are tackling this? I mean, is "System" drop down disabled with specific value as default or enabled with ONLY specific value?
Please advise.
Regards,
Faisal