Hi Vinoth,
we implemented the note manually and the dump was gone..thank you for your support..highly appreciated.
We have an environment of aprox. 10000 roles. During Sync I noticed that the GRC system also pulled deleted roles from the backend with retrieving obsolete role data from CDHDR/CDPOS tables. Are the change log parameters (1001, etc.) in the GRC configuration table the trigger to stop this or is there another setting necassary to avoid this redundant load ?
thanyk you
Johannes
Sneha,
Thanks for your reply and sharing this information.
Regards,
Faisal
Dear all,
we have a problem with the function/ button simulation in the Access Request for Role Assignment/Removal.
If the simulation works and no risk are determined, the system displays a result.
Sometimes the simulation will not be executed. It displays no risk an no message "No violations", after pressing the button "Run Risk Analysis"
If I press "Assign", the System displays an error messag "Date should not be blank" (GRC_WF_REQUEST 253).
The message appear without a previous pressing of the button "Run Risk Analysis", but also if I have pressed the button before.
It think this message avoid the processing of the simulation.
The difference between both request is, that the access reqiest with the error inlcudes request for a role assignment AND role removal action. (as you see above, the role which should be removed has no assignment period).
The request with the right behaviour, includes only role assignments.
Has someone experience with this error?
I want to change the message from an error to a warning or that the system do not request a validation period of provision action is role removal.
BR
Melanie
Hi Colleen,
do you have some documentation for this?
Regards
Oliver
Hi Oliver
What sort of information are you after relating to MSMP? Depending your requirements, I may be able to point your in the right direction.
Regards
Colleen
Hi Pourang
Did you see any logs in SLG1?
Also are the authorisations that reference the derived roles standard (brought in from SU24 default) or did you add them manually to the role?
Finally, what GRC version are you one and SP level? At the moment, I have a feeling you might need to raise an incident with SAP. I might be able to help a little bit more depending on your answers to the questions above.
Regards
Colleen
We have a issue with the Control ID for mitigation getting filled with some value .We are not able to make the basis of these value being filled in while trying to mitigate the risk by the approver.
Hi Madhu.
Background:
Requirement
For system A it is necessary to set up a new workflow, with additional stages.
Possible solution:
Create an initiator rule based on the system.
Another solutions:
In the future many other systems will work with GRC so we need to think in a very escalable solution that could help us in a fester way to include these new target systems.
Regards and thank you in advance.
thanks Madhu.
Matthias,
I am not sure if such information is shared here!
May be you are looking for this information at incorrect place.
Regards,
Faisal
Hi Vinayalaxmi,
Please check if you have any mitigation controls already defined based on Risk Id or Rule ID by going to below path.
NWBC -> Setup -> Mitigating controls
Also check if you have parameter 1072 set as YES.
Regards,
Madhu.
Hi Sara,
We need to identify the roles associated with the business roles and based on those roles we need to determine the system and based on that system we need to define BRF+ initiator rule.
DBLOOKUP on table - GRACBUSROLESNAP
This table should give you Child Role connector details based on Business Role Name or Business Role ID. Base on that you can build your initiator rule. Please check.
Meanwhile I will also try and update you 
Regards,
Madhu.
Thanks everyone. To answer the questions posed in the above, yes the firefighter account (and all of our firefighter accounts) are service accounts and it and the rfc account are both unlocked and valid (Valid to is null). I have double checked the SPRO parameter and that is still valid and correct as well.
The issue appears to be with the password that GRC is passing to our ECC box for that one firefighter, other firefighters work just fine. I will drop the account and recreate it and see if that clears the issue.
No luck on dropping and recreating the account. It still is passing the "wrong" password from GRC to the ECC environment, while other firefighters in the same system work just fine. Any ideas on where to go from here?
Hello Johannes,
Please check and implement the Note - 2081163 in your system. This is for SP8 of GRC 10.1, so it should surely help!
Best Regards,
Shreya Gupta
Hi Faisal,
Thanks for your comment.
Please, could you be so kind and tell me the correct place?
Thanks therefore!
Regards
Matthias
Hello Asheesh,
Thanks a lot and my thanks goes to other contributors also as I came to what all needs to be checked when we have a issue with logs in EAM.
Regards,
Deepak M
Dear All,
Following the implementation of End User Logon which allows users to create requests using their LDAP passwords.
We are wondering if it's possible to have an Approver Logon.
In fact, our main concern is to let approvers connect to NWBC using the LDAP password.
This way, users wouldn't need to have two different passwords (LDAP and GRC passwords).
Another way to look at it is a sort of synchronisation between LDAP and GRC passwords.
Our question is as follows:
Is it possible to authenticate to NWBC using LDAP instead of a GRC account ?
Thank you and best regards,
Jamal HALAQ
Hi,
this behaviour is no error.
If you have users which need the user to an earlier validation date then the current date, it'spossible to change the valid from date of the user via "change" account.
This could be nessary if documents / requests / invoices must be released from a user and the user valid from date must be before the creation of the documents / requests / invoices.
BR
Melanie
· Dear all,
SAP GUI - Open table – Control-IDs
In a second screen, start SA38 -> program RHRHDL00
First test!:
· If the test is ok:then repeat the steps without the “test”-checkmark for today.