Hi Colleen Lee,
I have assigned ZSAP_GRC_SPM_FFID along with ZSAP_GRAC_SUPER_USER_MGMT_USER to 2 IDs, one is service and other is Dialog in backend system.
Regards
Jayanth.
↧
Re: SAP GRC 10.0 EAM access
↧
Re: SAP GRC 10.0 EAM access
Hi
On NWBC Screen have you set accounts in following order
- Maintain Access Control Owners (so mark the Owner and Controller as the EAM User Owner/Controller)
- Assign the Owner to the FF Id
- Assign the Controller to the FF Id
- Finally assign a User to the FF Id
The FF Id needs to have the 4010 role assigned as well as the Owner and and Controller for it
Regards
Colleen
↧
↧
How to make GRC10.0 Role Management parameters (3000, 3001, 3002, 3003 & 3004) empty after migrating the data from GRC5.3 to GRC10.0?
Dear Experts,
We are trying to migrate the data from GRC5.3 development system to GRC10.0 development system. We had performed below mentioned activities as required.
1) Maintained all the Pre-requisites for GRC10.0 server.
2) Exported the CUP & RAR Data from GRC5.3 system.
3) Imported the CUP & RAR Data.
4) Able to see all Masters & Mitigation controller Id relevant information of GRC5.3 system in GRC10.0 system.
5) Maintained all the parameters except Role Management relevant in GRC10.0 since we are unable to maintain the configuration parameters (3000,3001,3002,3003 & 3004) empty which is required to import the mass roles in GRC10.0 using the back-end systems connectors in NWBC or using the transaction: GRAC_ROLE_MASS_IMPRT but still we are unable to import the roles since we are receiving an error as "Invalid Business Process" as we have to maintain the Role Management Parameters as empty.
Kindly provide us the best solution in this since we are in the final stage of migration.
Thanks and regards
==============
Santosh Goud
+7676033163
↧
GRC 10.0 -SP13 - ARQ - separate password notification for one access request
Hi all,
we have one request "new user" with more then one system to be provisioned (e.g. system A and system B). The new user for system A is approved next working day, but for system B (e.g. a test system) it takes about 2 weeks.
Problem: Email with the password for system A and B is send out after the complete workflow/request is finished, so it takes 2 weeks.
Any suggestions, how to send separate emails for each system, where the user is provsioned before the request is completed? - Besides creating 2 requests at the beginning.
Thank you,
Andreas
↧
How to make GRC10.0 Role Management parameters (3000, 3001, 3002, 3003 & 3004) empty after migrating the data from GRC5.3 to GRC10.0?
Dear Experts,
We are trying to migrate the data from GRC5.3 Development system to GRC10.0 Development system. As per the SAP Provided migration document, we had performed below mentioned activities as required.
1) Maintained all the Pre-requisites for GRC10.0 server.
2) Exported the CUP & RAR Data from GRC5.3 system.
3) Imported the CUP & RAR Data into GRC10.0.
4) Able to see all Masters & Mitigation controller Id relevant information of GRC5.3 system in GRC10.0 system after performing the Intra-Migration tasks.
We have maintained all the parameters in GRC10.0 except Role Management relevant parameters(3000,3001,3002,3003 & 3004) since we are unable to maintain it (3000,3001,3002,3003 & 3004) empty as required to import the mass roles for the CUP Defined connectors in GRC10.0, I mean for all the back-end systems connectors either by using the NWBC or by using the Transaction: GRAC_ROLE_MASS_IMPRT.
Note: We are able to see all the Business Processes which are migrated from GRC5.3 to GRC10.0 in NWBC & GRC10.0 system.
Still we are receiving an error message as "Invalid Business Process" though we maintain the above parameter values as "<empty>".
Also we tried to keep the above parameter values as "star (*) or some value as (ALL)" then also we are getting an error as "Enter the Business Process".
Kindly provide us the best solution in this since we are in the final stage of migration.
Thanks and regards
==============
Santosh Goud
+7676033163
↧
↧
Re: SAP GRC 10.0 EAM access
HI Colleen
I have just checked, we have not provided correct Firefighter ID / Role privileges to the owners we maintained in Access Control Owners.
That is the reason the Firefighter IDs were not getting displayed after we selected Owners in EAM --> Owners.
I will just assign the FF IDs as suggested by you and get back.
Thanks alot.
Vyjayanth M
↧
RFC GRAC_GET_REQUEST_DETAIL_CUP --> IV_WI_GROUP
Hi experts,
I have found following RFC GRAC_GET_REQUEST_DETAIL_CUP which is quit interessting. Unfortunately I cannot test the RFC as I dont know what to enter in import field IV_WI_GROUP.
Any help is appriciated.
Nguyen
↧
Re: MSMP Access Request Approval condition
Can you add a snapshot?
↧
Re: SAP GRC 10.0 EAM access
Hi Vyjayanth,
This issue might be because the owner and controller are not assigned to the Firefighter ID.
For a Fire-fighter assignment to be done, first we must ensure that owner and controller are defined for the Fire-fighter ID.
1. Define Owner/Controller:-
- Please navigate (from NWBC) Navigate to "Set up" ->Access Owners->
Create the owner and check as "Firefighter ID owner"- if it is ID based EAM implementation or as "Firefighter Role owner" for Role based EAM implementation.
- Define the controller also in same fashion
2. Assign owner to Fire-fighter ID
- Navigate to Setup->Super User Assignment->Owners->Assign the owner and controller to the Fire-fighter ID here
3. Now Assign the Fire-fighter ID to a Fire-fighter user
- Navigate to Setup->Super User Maintenance->Firefighters
Cheers,
Sabitha
↧
↧
Assign user to user groups via GRC 10.0
Hello, gurus,
We currently running GRC 10.
I wondering if it is possible to assign user to user groups via GRC, using standard functionality?
Via tcode SUGR i can assign user to group, and in su01 i will see this assignment in GROUP TAB.
We need to maintain this assignment via CUP.
I will be glad for any help or advice that you can give me.
With best regards, Ivan.
↧
Re: Mass Child role Org value update in GRC 10
Hi
Please check your configuration. If you have used the org mapping feature. THan you must have the option to update org values in Derived roles...
It's a feature of BRM.
Thanks
Munish kumar
↧
Re: MSMP Access Request Approval condition
Thanks for your help Colleen and Dilin. I succeeded in creating the EAM and NON EAM PATH.
↧
Re: SAP GRC SOD Review doubt
Hi Sara Gar,
Can you check the decision table in BRF+ t-code for the respective function, Have you activated the table in a proper manner ? And also please check in MSMP stage 3 whether your id has been setted or not as a respective stage performer(approver/owner ext..).
Thanks & Regards
Shanmukh
↧
↧
Formula is syntactically correct, but incomplete
Hi,
While creating a BR I found a strange issue.
BRF+ is working fine with one of the BRs.
BRF+ is NOT working for copy of the same BR.
Here I am attaching the screen shots, can you please help me out.
Regards,
Sumanth
↧
Re: GRC 10 Invalid FF Log Report
I have the same problem but seem that system has become estable again meaning that logs are now populated. Question that I have regarding this topic is how to remove those request that were blank from the Approval inbox since buttons are not active. On access request I just cancel the instance but I have not been able to identify this element for being discarded.
↧
System. No records found for the search criteria entered
Hello GRC gurus!
I know that this error enough discussed on the forum, however, I would like to ask you how to kill the error.
First of all, I should notice that I have reviewed the configuration guides many times and as I can see everything is done according with them.
Also, I have reviewed many notes including 1584110 and 1562760 (with attachments), have visited lots pages that were searched with Google. Unfortunately, the result is the same.
What was done.
1) SM59. Connectors GRDSSD001 (CUA system) and GRDSSD200 (CUA-managed system) are created. Authorization check performed well (S_RFC+SAP_ALL are assigned to be sure)
2) SPRO -> Governance, Risk and Compliance -> Common Component Settings -> Integration Framework -> Maintain Connectors and Connection Types
Connection type definition = SAP system predefined by the BCSet.
Define Connectors
Assign both connectors to SAP_CRM_LG group
3) SPRO -> Governance, Risk and Compliance -> Common Component Settings -> Integration Framework -> Maintain Connection Settings.
Assign connectors to 4 scenarious (as recommended in the note)
AUTH
PROV
ROLMG
SUPMG
4) SPRO -> Governance, Risk and Compliance ->Access Control -> Maintain Connector Settings
Assign for the connectors type 1 (SAP Application). No attributes were assigned.
5) SPRO -> Governance, Risk and Compliance ->Access Control -> Maintain Mapping for Actions and Connector Groups
Activate group SAP_CRM_LG with type 1.
Defaults valid only for GRDSSD200
By the way, here I found not correct recommendations for ABAP connector
"Logical Port - Not relevant" I would say that it is relevant!
I can select roles , which I made before, in AC request, but I cannot select system.
Looking forward to hearing from someone soon.
BR,
Artem
↧
Re: System. No records found for the search criteria entered
HI
what does the BRM role set up look like for the role? What systems does it exist in?
are all your synch jobs scheduled?
↧
↧
Re: Formula is syntactically correct, but incomplete
Dear Consultant,
I was processing one SAP incident with the same description.
Have you managed to fix this inconsistency in the formula?
Thank you,
Fernando
↧
Delete buttons in approval screen(GRC 10.0, by setting or by enhancement)
Hi experts!
We have an issue that approvers has many choices.
We are using GRC 10.0, approver can even add roles to requester.
So we, GRC team need to limit approver's function.
In approve screen, there is 'Simulation', 'Approve', 'Reject', 'Add'... how can we delete these buttons?
Approving action is working by button 'Approve' on the top of the screen.
And addition to that, on Access Request screen, we want to delete 'System' of drop down list. (Now users can select both 'Role' and 'System')
We want users to select 'Role' only(on GRAC_UIBB_ACCESS_REQUEST-V_REQUEST_ITEM View).
We find out that it is hard by setting. So we are looking for Web Dynpro method related to SALV setting.
Thanks.
Regards KT GRC team.
↧
Re: Delete buttons in approval screen(GRC 10.0, by setting or by enhancement)
Hi KT,
The access allowed by those buttons are controlled by the Stage Definitions. Go to Maintain MSMP, then under Maintain Paths, select the path and the stage you wish to modify. Can't hide the button though, but they should be grayed out. Some of the related Task Settings would be Add Assignment, Override Assign Type. There might be more. I can't recall where I get the details from.
But again, the buttons are still there. The approvers might not be able to click it.
As for the remove add system dropdown, i'm interested to know the answers as well. We're planning the same, but so far no results.
Thanks
aNuar
↧