Hi All,
when Role owner, clicks on 'Work Inbox', he gets the below error. User has Application id :GRFN_POWL_INBOX . CA_POWL gives RC=0, as shown
below
↧
Error in Approver Inbox
↧
Re: End User Logon cannot verify LDAP account/password
Hi Prasant and Abhi
Thanks for your help, now the LDAP verification can work.
I traced the code and found that the root cause is because of the LDAP Group parameter setting. We must configure the parameter "LDAP_END_USER_AUTH_SUFFIX" and set the value empty.
If you don't configure "LDAP_END_USER_AUTH_SUFFIX", the program will automatically bind user with "@+LDAP IP" and use the new user ID to try to login LDAP server.
Best regards
James
↧
↧
Re: SAP_GRAC_SUPER_USER_MGMT_USER IS MISSING IN PFCG
Hi Feroz,
You need to perform lot of configuration activities in both GRC and Target systems apart from creating FF ID. Please follow all the steps mentioned in the below guides and let us know if you face any issues.
Step 1: Create Firefighter ID:
Create a user account in transaction SU01 with user type “S” to be used as a Firefighter ID in target SAP production system
Assign the appropriate roles to the Firefighter ID
A user exit should be implemented (see SAP Note 1545511) to restrict users from logging in to the Firefighter ID through the SAP GUI.
Step 2: Import Firefighter ID to GRC:
Run “Repository Object Synch” background job in GRC => SPRO => Governance, Risk and Compliance => Access Control => Synchronization Jobs”
Step 3: Assign Firefighter Owner:
Assign an Owner to the Firefighter ID.
NOTE: Before assigning owners please create owners SU01 record in GRC system and mark the person as Firefighter Owner in NWBC => Setup => Access Owners => Access Control Owners
Step 4: Assign Firefighter Controller:
Assign a Controller to the Firefighter ID.
NOTE: Before assigning Controllers please create controllers SU01 record in GRC system and mark the person as Firefighter controllers in NWBC => Setup => Access Owners => Access Control Owners
For Centralized Firefighting Follow below guide
Configure Emergency Access (EAM) in GRC 10
For De-centralized Firefighting Follow below guide
Regards,
Madhu.
↧
Re: Error in Approver Inbox
Dear Plaban,
please see the following OSS note which should fix your issue:
http://service.sap.com/sap/support/notes/1784144
Regards,
Alessandro
↧
Re: GRC AC 10 integration with non-SAP applications
Sure Gretchen. I shall do the same. We have tried to get in touch with the appropriate SAP contact to have our question answered, but there has been no response. I shall start a new Discussion. Thanks.
↧
↧
GRC Upgrade from 5.3 to 10.1 - Greenlight RTA
Hi,
We have a SAP GRC 5.3 environment that utilizes Greenlight RTA to connect to Oracle Database.
SAP does not have a native adapter to connect to Oracle and Greenlight RTA is recommended.
We are in the process of upgrading our SAP GRC 5.3 environment to version 10.1.
GRC 5.3 and Greenlight RTA, both utilize the Netweaver Java stack.
When we upgrade to GRC 10.1 (which is ABAP based) we will need Netweaver ABAP stack for the application. Whereas Greenlight RTA will need a Netweaver Java Stack.
Are there any Licensing implications in terms of Netweaver Java vs ABAP as part of this upgrade from SAP GRC 5.3 to 10.1?
Regards.
↧
Re: Enterprise Portal Integration with GRC AC 10.0
Pradeep,
You have to create the system aliases in SAP portal to make it work.
SAP-GRC
SAP-GRC-AC
SAP-GRC-RM
SAP-GRC-PC
Regards,
Marco
↧
Re: SAP_GRAC_SUPER_USER_MGMT_USER IS MISSING IN PFCG
Madhu,
Thank you for your prompt response. Actually i went ahead and added the SAP_GRAC_SUPER_USER_MGMT_USER Role manually. My issue is resolved now
↧
Re: GRC AC 10: Role Owner Detour when system is choosen
Hi Jose,
did you find a better solution, than creating a dummy path with the automatic approval of the system?
I think this is a gap in the design of msmp, because the role owner is able to reject the request. In this case the roles aren't provisioned but the user is created on the target system. (system line item in request)
Thanks for your answer.
Regards,
Manuela
↧
↧
Reports from non-SAP systems can be used in Process Control?
Hi all,
I would like to know if I can use in GRC Process Control 10.0, some reports that I got from a Legacy System (in .txt). I mean, can I upload this reports and monitor them from GRC?
Thanks in advance.
↧
Business rationale for multiple rule sets
Hi folks,
First, this is not a question, but I do have questions in this discussion.
Multiple rule sets - I get the technical reasons why you'd suggest that a golden copy be retained but where is the business requirement for this?
What I'm trying to clarify is that the SAP provided rule set is a starting point. If a business does their rule set customization activities correctly, then that customized rule set is now going to be their base line. What reason would they have to go back to the SAP GLOBAL?
If they do their rule set customization incorrectly, even then they don't really have a fall back by having the delivered GLOBAL rule set ... so why is everyone pushing for a copy of GLOBAL to be customized? What is the true business value in retaining an uncustomized GLOBAL on the GRC ARA?
Thanks,
Santosh
↧
Re: GRC AC - Workflow approval
Looked the Image you missing the steps.
Into condition is missing.
I have mentioned in document you need to create a table ,then save & activate then select element.
Regards,
Prasant
↧
Re: SAP_GRAC_SUPER_USER_MGMT_USER IS MISSING IN PFCG
Hi Feroz,
Please close the thread since your issue is resolved.
Regards,
Madhu.
↧
↧
Re: GRC AC 10: Role Owner Detour when system is choosen
Hi Manuela,
You can disable user from selecting the SYSTEM in access request by modifying your New/Change account request type as shown below. Remove "Create User" and "Change User" action from New/Change account request type.
In System Provisioning settings maintain as mentioned below
Regards,
Madhu.
↧
Re: Unable to import role from Role Mass Maintenance
Hello All,
This issue is not yet solved but earlier for some connectors we used to get this problem but now we see its happening for all the single roles where as composite roles are able to upload.
Also implemented suggested notes in the thread still no luck. But we are able to upload role successfully using File.
As screens are provided step by step in thread could some check and advise.
Thanks in advance.
Regards,
Abhi
↧
Re: GRAC_REP_OBJ_SYNC NULL Exception
Hello Prasant,
Thanks a lot, it has successfully completed now in Incremental mode.
Do you suggest to make any corrections to over this issue in full sync in future.
Thank you.
Regards,
Abhi
↧
Re: GRAC_REP_OBJ_SYNC NULL Exception
Do 1 thing..
Paramater 1121,and other 2 more ..
please maintain in GRC. then do a incremental sync.
Regards,
Prasant
↧
↧
Re: GRAC_REP_OBJ_SYNC NULL Exception
PLease Ignore the earlier comment.
Performance parameter,
1121,1122,1123, User synch, Role, sync and profile sync batch size.
Then do a full sync.
REgards,
Prasant
↧
Re: Risk Owners approval using ABAP Function class
Hi Naveen,
This has already been taken care.Is there any other thing that I need to check.
Thanks,
mamoon
↧
Re: Action definition contains lower case letter cannot be removed in function
Hello experts,
Sorry I didn't explain it clearly before.
Actually the lower case action in the function definition was uploaded by text file(not manually input). And now every time I open this function in NWBC and try to save, it will show the "duplicate action" error message. So I have to remove either lower case one or upper case one, and save again. After the save, the deleted one will just come back.. And next time I open this function, I have to remove it again.. It's very annoying...
↧