If these are the standard HR & Payroll risks and functions why don't you simply delete them? You can always reactivate the ruleset.
If that is not the case try to copy/rebuild the specific risks and functions and delete the originals after
↧
Re: GRC AC 10.0 - Unable to Inactive Risk ID
↧
Create Root Organization Hierarchy
Hello Experts,
When we Create Root Organization Hierarchy in SPRO (Path: SPRO-->IMG-->GRC-->Shared Master Settings-->Create Root Organization Hierarchy), the same is not available in the front end on the day when it is created (but we are able to view the same from the next day)
Could anyone help us in resolving this issue.
Regards,
Ramakrishna Chaitanya
↧
↧
GRC 10 Synchronization Jobs not pulling in all roles
Hi All,
We currently have GRC 10 installed and configured (ARM only) but we have noticed that after running all Synchronization jobs that not all of the roles are being imported into the system and that different landscapes are missing different roles( i.e. shows up in Production Connectors but not in DEV Connectors). To add to this all jobs show successfully completed and there are no errors or warnings in SLG1
They seem to mostly be related to Derived roles with the error "Role does not exist" and Composite roles "Child role does not exist.
While I have verified that the reference role is uploaded first and some of the derived from that reference do synchronize and are imported, not all derived roles show in the list( i.e. reference role a is selectable and derived role b is imported and selectable, derived role c states "Role does not exist". As for the Composite roles, the child roles are present but still receives the error. I have verified all authorizations are correct and have run both full and incremental synchs.
Its worth mentioning also that in the error logs for the import it always returns with 997 roles selected no matter the enviroment or number of roles in the enviroment.
If anyone could help it would be GREATLY Appreciated!
Thanks,
James
↧
Re: System. No records found for the search criteria entered
Hell Colleen,
Thank you for response!
I don't get your question, what do you mean "BRM role set up"?
Role has the following attributes:
Role maintenance is finished, it exists in SSD200 system. Function Area is defined for the role (BS_ALL), Owners/Approvers too. The other sections have empty fields (no company, no custom fields etc.)
Syncronization jobs were done with Incremental option. I will start them again in both modes (full and inc).
Just out of curiosity, could you tell me why you assume to check BRM and role part? I don't have such a big experience as you, but I supposed that the problem is in AC (CUP) part, particularly in sections related to connectors.
Regards,
Artem
Message was edited by: Artem Ivashkin Synchronization jobs finished without any errors (slg1 checked )
↧
Re: GRC 10 Synchronization Jobs not pulling in all roles
what is your SP level ?
try running GRAC_REPOSITORY_OBJECT_SYNC with all check boxes (Profile, Role, User).choose Incremental Sync Mode.
↧
↧
Re: GRC 10 Synchronization Jobs not pulling in all roles
Rahul,
Thank you for the quick response. We are on SP 12 and I have run the job mentioned with everything selected and in full and Incremental Sync Mode.
Thanks,
James
↧
Re: GRC 10 Synchronization Jobs not pulling in all roles
James,
what is the value for the parameter 1122 ? Increase it and run the job again
double check the below tables in the plug in system and GRC if the table entries count match.
Plug in System
- AGR_DEFINE :Master table.
- AGR_TEXTS :File Structure for Hierarch
- AGR_AGRS :Composite role relation table.
GRC system
- GRACRLCONN : Master Table
- GRACRLCONNT : Description Table
- GRACRLCOMPRL : Composite Role Table
- GRACROLEORG : Role org level relation table.
↧
Re: VIRSA 4.0 to GRC 10.1 - Upgrade
Thank Colleen...the roles were all assigned...we restarted the ICF services and it worked...rajiv
↧
Re: Remediation View ARA GRC AC 10.1
Thanks Benoit,
Actually after to recreate the Gatewaty configurations and Restart the Server the Remediation View back to work !
Thanks for you help.
↧
↧
Re: System. No records found for the search criteria entered
Hi Artem
Just out of curiosity, could you tell me why you assume to check BRM and role part?
I find with GRC that it's all integrated and a few of the CUP role issues were due to the BRM configuration for the role. For example, with BRM integration when someone can't understand why the role isn't appearing as an option to select in CUP we can see in BRM that the role may not be in Production Status.
I also interpreted your screen shot that maybe you wanted that role but for a different system. The BRM screen shot shows that the role only exists in the system already selected.
This is my approach to troubleshooting and learning the system but sometimes may not actually be related to your issue. In attempting to find the cause I have a tenancy to look for all possibilities before discounting them.
I don't have such a big experience as you,
You would be surprised - don't let my ranking in this community be mistaken for how much experience I have. Really, I'm just curious and like to understand the why so I took to debugging (I am not a developer) the code/testing scenarios and theories to figure out the answer. It just happened that others have asked the same question in SCN and threw a few points my way.
Back on topic: What do you mean by you can't select system?
Regards
Colleen
↧
Re: What is Approver GRAC_MANAGER?
On the user access request screen for user details what are you entering in the Manager field?
↧
Re: AC BRF+: Element 'Boolean' is not in the context
Hi T
It would probably help to post some screen shots of your configuration.
Also, you may get more luck from the Business Rules Management community since you are asking a question specific to BRFplus
Regards
Colleen
↧
Re: PSS: GRACQUESTION Table update???
Hi Faisal
The real problem comes when 2 or more user ids are maintaining same question ID! This program can not covert such user ids to upper case. and again application is behaving abnormally, as in earlier situation.
If that's the case it sounds like you need to raise a customer message for SAP to fix the code?
Regards
Colleen
↧
↧
Authenticate Approvers using LDAP Credentials
Hi GRC Experts,
We are in process of implementing GRC AC 10 (GRCFND_A V1000 0013) and using LDAP as a authentication/user details source. Authentication is working fine when user tries to login to the end user login page. However after the request is submitted, when approver tries to approve the request it requests for approvers GRC system user ID and Password. At this stage we need the approver to get authenticated using LDAP user ID and password instead of GRC user ID and password.
Note: GRC user ID of approver is same as LDAP user ID.
Are we missing something or SAP GRC does not have provision to authenticate approver against LDAP crendentials.We have more than 30000 managers and it is not feasible to share the GRC password to all of them.
Is this an enhancement requirement for SAP?
Appreicate your early response as we are in critical phase of the project.
Let me know if there are any questions.
Thank you.
Anjan Pandey
↧
GRC 10 MSMP workflows - Issue
Hi All,
In GRC 10 when creating an access request, user will have an option to add ROLES and SYSTEMS. Here what is happening is if i add System line item, workflows are not working even though i have routing rule for system line items separately. I have tried in different ways and none worked out so far.
Has anyone implemented workflows having both ROLES and SYSTEM lineitems together and were succesful ?
What is the best practise while creating an access request? Just adding roles or both roles and System lineitems together?
Is there any option to remove SYSTEM option from ADD button available on access request screen ?
Things i have tried and one more consultant on this forum also had the same issue. Still couldn't crack solution for this 
1. If you add both role and system as line item in access request, both has to have the approvers defined (custom agent or standard agent) otherwise the request goes to "Approver Missing" path
2. If you add approver to the system line item and when it is approved the whole request moves to next stage (it doesnt wait for the role line items to be approved)
3. Even if you add a routing rule to split the system line items from the request, the whole request is getting routed to the detour path
So in essence if you mix system and role in the line items, the system takes precedence and the whole request follows suit.
Experts please share your suggestions or ideas to make this work.
Thanks a lot in advance.
Regards,
Padmavathi.
↧
Re: Authenticate Approvers using LDAP Credentials
Hi Anjan
The approver is logging in with their GRC User Id (SU01). There is no GRC configuration as they are actually logging in to the system whilst the self-service users has a System user to do the authentication instead (credentials stored in SICF for the services).
Can you look at Single-Sign-On instead? This would not be difficult since your id match.
Regards
Colleen
↧
Re: GRC 10 MSMP workflows - Issue
Hi Padmavathi
What does your BRF+ decision table or configuration look like?
Regards
Colleen
↧
↧
Re: Authenticate Approvers using LDAP Credentials
Thanks a ton Colleen for your quick response. We are indeed implementing SSO for GRC via Portal, however our client is a GxP compliant customer and one of the requirements which we have is that approvers need to recertify (approval reaffirm) before request is approved. The pop up screen for recertification is expecting GRC user ID and password. Can we any how authenticate the approver via LDAP credentials instead at this stage.
Reiterating my point again, creating 30000+ managers and sharing the password is a difficult task and not a effective mechanism to operate if any big customer is planning to implement GRC.
Thank you.
Anjan Pandey
↧
Re: Authenticate Approvers using LDAP Credentials
Hi Anjan
I don't think there is anything standard. You will have to look at modifying the code for the re-confirm. Possibly a user-exit instead
It won't help you now but there might be value in adding this suggestion to SAP ideas space to for manager authentication to be based on a data source instead of GRC SU01. I've seen this scenario come up a few times (and had same issue for authentication with my solution - I was lucky that I didn't have GxP compliance to factor in).
Regards
Colleen
↧
Re: Authenticate Approvers using LDAP Credentials
Thanks Colleen for your prompt response. I hope some expert went through this requirement earlier and was able to sail through. I posted this idea on idea place https://ideas.sap.com/ct/ct_list.bix?c=4F27C74D-5330-4569-8199-D69072C0D4AE. Any consulant having similar requirement may want to submit their requirement in this post.
Thank you.
Anjan Pandey
↧