Quantcast
Channel: SCN: Message List - Governance, Risk and Compliance (SAP GRC)
Viewing all 8113 articles
Browse latest View live

Request Email/Reject Approver Link

June 6, 2013, 11:11 am
$
0
0

Hello-

 

We are running GRC 10. I set up the feature where the 'email the current approvers' an email with a link to approve/reject the request. This work fine in our sandbox. The approver receives the email with the link and the link takes them directly to the request after logging in.

 

However in our DEV system we have 2 clients a 100 & 300. 300 is a client copy from 100. Each one has a separate workflows that both work without issues.  I set up to email the current approvers the email with a link to approve/reject the request. Which also works. However when I submit a request from the 300 client and the user receives the email with the link to approve or reject it takes them to the 100 client page not the 300 page where the request originated from.

 

My question would be how can get our request that originated from the 300 client to send the link and default it to the 300 client not the 100 client?

 

The setup is the 100 client DEV - QA - PROD provisions PROD systems and the 300 client DEV - QA - PROD provisions NON Prod systems.

Search

ARM link generation

June 7, 2013, 1:42 am
$
0
0

how we are going to generate access request managment link for end user like 5.3

we have mapped end user authentication source and data source as ldap.

Create a new package

June 7, 2013, 1:58 am
$
0
0

Good morning experts!

 

I am copying a configuration in the editor for the Wb Dynpro ABAP Application Configuration. I got an error saying "Customer object WDCA ZGRAC_FPM_AC_LPD_ACCESS_MGMT 02 cannot be assigned to package GRAC_UTILITIES".I have read in other discussions that it is necessary to create a new package executing transaction SE21. The thing is that I don´t really know which is the application component that I need to select when I am creating the new package.

 

Can someone help me with that?

 

Thank you very much!!!!

GRC 10.0 New Features

June 7, 2013, 2:00 am
$
0
0

Dear Experts,

 

What are the new features available in GRC 10.0 Access Control compare to earlier versions..please share your valuable points.

 

Best regards

Subramanyam

Effectiveness of a Control

June 7, 2013, 3:21 am
$
0
0

Hi all,

 

In the process of creation of a Response for a Risk, I have assigned Control as a Response, How can I evaluate the Effectiveness(%) of the control (automatically).

 

Thanks in advance.

 

Regards,

Ramakrishna Chaitanya.

Adding new client from same backend system - GRC 5.3

June 7, 2013, 3:59 am
$
0
0

We have GRC 5.3 where we have RAR and CUP implemented. We have QAS ERP as backend RTA system pointed to client XXX. Now client wants to add client YYY from the same backend RTA system.

 

As per my understanding this is what i need to do. Do you guys concur

 

RAR

 

1) Create another RTA JCO to backend

2) Create a connector in RAR

3) Upload ruleset against the new connector. (We do not want to use logical systems and group them)

4) Generate ruleset

5) Run Full Synchronization and Full Batch Risk Analysis Jobs

 

CUP

 

1) Create Connector

2) Adapt user data source

 

Furtheron, I can see connector specfic customizations in Provisioning and Request Form Customization in CUP cofiguration.  Other than this do i have to do anything else with respect to adding the new client to use RAR and CUP functionalities.

 

Regards

Kalyan

Re: GRC 10 - Options for making non-SAP Roles Selectable on Access Request

June 5, 2013, 2:23 pm
$
0
0

We have the same issue and an open message with SAP to find a better way than to do a legacy file sync.  In 5.3 it was pretty simple, but in 10.0 it takes too much syncing to make your roles available.  Although my work around is to just import the roles as a template role rather than a technical role and then they are available on the request.  The downside to that is they are not associated with a specific system.  Thanks

Re: MSMP Workflow configuration issue

June 5, 2013, 9:06 am
$
0
0

UPDATE

 

I've gone through and updated the MSMP workflows and now, emails are being sent out.  However, the default message in GRAC_MSMP_LOGRPT_NEWWORKITM, which can be edited from within SE61, is very basic and only informs the approver that new work items are waiting.

 

There is a different message, GRAC_SPM_LOG_NOTIFICATION, which does have a link, but this message is not getting sent out.

 

If I modify the GRAC_MSMP_LOGRPT_NEWWORKITM to include the %LINK_WORKITEM% variable, it does include a link, but that always results in an error when I try to click on it.

 

That's where I'm presently stuck.

 

Thanks,

Santosh

Search

Re: GRC 10 - Options for making non-SAP Roles Selectable on Access Request

June 7, 2013, 5:29 am
$
0
0

Trevor & Amol - Thanks for the thoughts & responses.

 

Trevor - We also opened a message asking for a more efficient way to manage this process, but were essentially told no such solution exists beyond legacy file system sync.  Unfortunately for us creating the non-SAP roles directly in GRC as template role type or even business role type was not possible as all of our requests come into GRC via webservice submission via an IDM tool (rather than being submitted within GRC through its Access Request Form) - template role type & business role type are not supported via IDM/webservice provisioning.

 

We have ~60 non-SAP systems to provision for so the prospect of managing 60 different legacy system files & structures just to sync roles that we've already loaded into BRM seemed a bit burdensome.  After brainstorming various options we came up with for our scenario was an 'easier' workaround:

 

We chose to actually create our non-SAP roles in an unused ABAP system as PFCG roles (just role name & description were maintained and loaded via eCATT).  We then changed our ~60 non-SAP connectors from SM59 Logical Connectors to RFC Connectors.  We pointed each of these non-SAP RFC connectors to the same back-end ABAP system were we had created our non-SAP roles.  We were then just able to leverage the standard ABAP system RFC repository sync programs to bring these roles into the GRC repository so that the GRACRLCONN table thinks they "exist" and are available to be requested.

Re: GRC 10.0 New Features

June 7, 2013, 7:14 am
$
0
0

Subramanyam,

 

The answer to your question is widely available. I suggest starting with the GRC section here on SCN and review the wikis and blogs. There is tons of information right here under your fingertips. Members here are happy to answer specific questions, but allow me to gently remind you that your mother does not subscribe here.

 

Gretchen

Re: GRC 10: Available Connectors in Dash Board Reports

June 8, 2013, 10:10 am
$
0
0

Hi,

 

Be default both the connectors are visible in dashboards if you run batch risk analysis for both the connectors.

And currently you cannot control this using authorization. Authorization only works in risk analysis reports and not in dashboards.

 

However there is another way to control this and achieve your scenario. Only run the batch risk analysis for the connector which you want to display in dashboard reports. Do not run batch risk for another connector.

 

Best Regards,

Jitan

Re: GRC 10.0 New Features

June 8, 2013, 10:21 am

Re: GRC 10: Available Connectors in Dash Board Reports

June 8, 2013, 10:35 pm
$
0
0

Jitan,

 

Thanks for your reply.

 

Probably, as you said, if I run batch risk analysis for specific connector, only that connector would be available in dash board (I need to check though).

 

How about using auth. object "GRFN_CONN" in authorization? Security Guide says that it is used to access connectors in CCITS (The GRC integration Engine)...any idea about it?

 

Regards

Re: GRC 10: Available Connectors in Dash Board Reports

June 9, 2013, 3:00 am
$
0
0

Hi,

 

Make sure you never run the batch risk for that connector. Even if you run once the connector will appear in value help. However it will only show the result for the perriod in which you run the batch job.

 

Also use GRAC_SYS for connector restriction in risk analysis scenario. Hoever it does not work for dashboard reports currently. It works for adhoc risk analysis reports and risk analysis engine in general.

 

Best Regards,

Jitan Batra

Re: GRC 10 Process Controls 10 Automated Control Monitoring Error

June 12, 2013, 1:10 am
$
0
0

Hi Simon,

 

It seems like we also had a similar issue.

Some customizing might be missing?!

Please check in SPRO: Process Control->Cases->Check customizing for Case Management

 

Let us know if this solved your issue.

 

Kind regards,

Fabio

Search

Re: GRC 10 Process Controls 10 Automated Control Monitoring Error

June 12, 2013, 3:01 am
$
0
0

Dear Gerald,

 

Please make sure that cases are created and the customizing options for the case are not 'red' colored. There is a note 1526732 - Transfer client-specific Customizing. Kindy refer to it,

 

Hope this helps.

 

With Best Regards,

Saksham Minocha

Re: SAP GRC 10.0 - Automatic Key Risk Indicator

June 12, 2013, 4:30 am
$
0
0

Hi Chema,

Sorry for the delayed reply. So your issue might have been resolved by this time. If not please reply with few details as below, so that I may be able to help you.You have mentioned that, "The problem is that the automatic kri is not being triggered and no values are feeding the kri. We are not having any issues with manual kri, they work perfect."

 

1) Have you executed the report 'GRRM_KRI_RUNTIME' to trigger the KRI.

2) If you have executed the report and still its not triggering, which version of GRC RM you are using with SP.

 

Best Regards,

Guru

Looking for Virsa _AE table with Open Request with Roles

June 12, 2013, 6:29 am
$
0
0

I am trying get the list of roles in OPEN GRC Requests Version 5.3 and the roles contained in the request. I am looking for the table which contains this information.

Information on All the VIRSA_AE Table

June 12, 2013, 6:30 am
$
0
0

Anyone has the list of all the Virsa_AE Tables

Company Field

June 12, 2013, 6:42 am
$
0
0

Hello Experts,

 

 

I was wondering, can you and how you would go about changing the company field from a drop down to text in the Access Request screen > User
Details? I want to pull in Company using LDAP mapping then use this field to route particular requests if possible.

 

Thanks

 

 

Kyle

Viewing all 8113 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>