Quantcast
Channel: SCN: Message List - Governance, Risk and Compliance (SAP GRC)
Viewing all 8113 articles
Browse latest View live

GRC 10 Role Import error(Master role does not exist) in SP12

March 30, 2014, 12:42 am
$
0
0

Hi,

 

We have completed connectors part and ran sync jobs successfully.

 

We have given required inputs in Define Criteria,Select Role Data in Role Import.When we submit this,only few roles are successfully imported.

 

It is giving error like Master role does not exist(some roles) but it is successful for few other roles. 

 

We have tried with SKIP option in role authorization source as per a note but it is not successful for all the role import and getting above mentioned error.

 

Please check and advice.

 

Thanks & Regards,

Koteswara Rao.

Search

Re: ARQ: User details fields mappings problem in Access Request

March 30, 2014, 1:34 am
$
0
0

Hi,

 

I think I moved to next step. Now I can see all the manager ids for both the connectors (HR and LDAP) under field  "MANAGER_ID" in table GRACUSER.

 

And now I simply need to pull and map in access request form. For LDAP connector, Action#4, I used "MANAGERID" under field AC Field Name and" MANAGER" in "Assign group field mapping".

 

I did not get any results. But I noticed the manager details for all users in table GRACUSER is maintained under column "MANAGER_ID".

 

I tried using this field also, but did not work.

CAn any one please help me?

 

Regards,

Faisal

Re: Detour Path for SOD Violation

March 30, 2014, 1:40 am
$
0
0

Hi Harinam,

 

In Connection to above issue, if  workflow goes to SOD Detour path then for recipient I have defined agent as directly mapped users.

 

There are multiple person who can mitigate the risk.As of now detour path going to only one person defined at directly mapped user in MSMp.

 

If one distribution list(DL) is maintained ,then it would go to all owners.

 

Please let me know if there is any best practice for this.

 

Thanks,

Mamoon

Re: GRC 10 Role Import error(Master role does not exist) in SP12

March 30, 2014, 4:54 am
$
0
0

Are the unsuccessful role derived roles? If so, did you import the imparting role first?

Re: GRC 10 Role Import error(Master role does not exist) in SP12

March 30, 2014, 5:10 am
$
0
0

Hi Colleen,

 

Yes, unsuccessful role are master & derived roles.

 

I have tried to import only master roles also with ZM*(master role naming) and it is not successful.

 

Thanks & Regards,

Koteswara Rao.

Re: ARQ: User details fields mappings problem in Access Request

March 30, 2014, 6:22 am
$
0
0

Hi,

 

I could figure out something.

 

I have below hierarchy in Active Directory:

 

1. OU=Unit1,OU=ABC,DC=123,DC=COM


2. OU=Unit2, OU=XYZ,DC123,DC=COM

 

Unit1 and Unit2 are peers, fall under DC "123" and contain different sub-nodes and users. What is happening is that, if a user and his manager are from same OU (Unit1 for example), it is pulled appropriately.

 

In case if a user is in Unit1 and manager is in Unit2, then in this case, manager first and last name is pulled and Manager id field is not filled.

 

I could only maintain one of the above entries in LDAP tcode. I dont know how I can maintain peer-OUs in LDAP!

 

When I maintained like this:

 

OU=Unit1,OU=ABC,DC=123,DC=COM;OU=Unit2, OU=XYZ,DC123,DC=COM


It give me error: "Entry does not exist".


It is looking for only one node at at time but can not traverse in multiple peer nodes.


CAn anyone suggest me on this?


Regards,

Faisal

Re: Information required

March 30, 2014, 9:15 am

Re: role definition workflow

March 30, 2014, 2:22 pm
$
0
0

Hi,

 

yes, very similar (close to described by you) workflow exists and it is part of standard SAP GRC BRM solution. I was involved in such a design where almost standard BRM solution was used and this would facilities most of the needs described on the process map by you. Requestor/Role designer designs roles in BRM / back-end system based on business requirements. Role Owner (assignment and/or content)  – is assigned to role inside BRM, he approves role content and users assigned to role. Security team (can act as user group agent) who additionally approves the role.

 

Regards,

 

Filip

Search

Re: How to activate a tool bar or a button in tool bar in the Web Dynpro

March 31, 2014, 5:03 am
$
0
0

Dear Alessandro,

 

thank you for your answer and sorry for my late answer ( I had some problems with my user).

 

Yes, we have created access risks.

The button and the complete tool bar in your screen above is the one which is displayed but inactive.

All buttons are grey.

 

Mitigation control approver.jpg

If I try to press the button "View Details" no sub menu appears (no action is executed.)

(It doesn't matter if I have administrator authorizations or authorizations as risk mitigation approver).

 

Our risk mitigation approver should have the authorization for the button "View Details" and the action behind.

All other buttons in this toolbar should be inactive and grey.

 

Br

Melanie

Re: ARQ: How to map AC fields with HR System???

March 31, 2014, 6:13 am
$
0
0

Hi,

 

I followed note#1609554 - How manager info is pulled from HR system into ARQ (suggested by colleen in one of the threads) and maintained the path "A002" for the ERP production system which is having HR. Then in field mapping, I selected "MANAGERID" under AC field Name column. However, I did not find any relevant name under "System Field Name" column after pressing "F4"!

 

Anyhow, I maintained "MANAGERID" there also and table name as "PA0105" and Subtype as "0001"

 

I synchronized the users from HR system. Still, I am not able to get the manager id in access request! I even did not find the manager id in table GRACUSER.

 

Please advise.

 

Regards,

Faisal

Re: Emergency access procedure - non GRC

March 31, 2014, 6:25 am
$
0
0

Greg,

I have experience with two different non-GRC Firefighter procedures, both role-based.

 

In one solution, the user submitted a Firefighter request for either the HR or the non HR Firefighter role to be assigned; the form was a custom Outlook form. A custom ABAP program monitored the assignment of these roles, logged the tcode usage of the IDs with the role assigned, sent an audit report to the user's manager which included tcode usage and if the tcodes used were in the user's regular roles or in the FF role, and the manager had to return the report to SAP security as confirmation that it had been reviewed.

 

In the other solution, the request logged into the IdM solution to request firecall authority. The requester must be pre-approved to request elevated SAP access. IdM provisioned the extra access to the users account and notifiedboth the user's manager and SAP Security. IdM deprovisioned the extra access at the specified time in the request. SAP Security was responsible for auditing the use and documenting the tcodes used in a report sent to the user's manager and all of this was documented in an IT incident ticket.

 

The second solution required a lot more manual effort from the SAP Security team, butit was not invoked often. The first solution, while much more automated, presented its own challenges, as the buffer for the tcode usage statistics  frequently overflowed, and a designated resource would have to work to resolve.

 

So from my experience, I would say that there is a good reason why customers choose to implement a GRC firefighter solution.

 

Cheers,

Gretchen

Re: ARQ: How to map AC fields with HR System???

March 31, 2014, 6:43 am
$
0
0

Hi Faisal,

 

In User detail data source try to maintain the HR system first in sequence. Are the employees maintain in infotype 0105 - 0001 in HR system?

 

Regards,

Re: Role Provisioning failed for System(s) : . Error Message : malformedRequest

March 31, 2014, 8:12 am
$
0
0

Thanks Gretchen...

 

We are facing countless issues with GRC as of now. And this one is latest addition. We are also provisioning portal role manually as of now. The problem is due to our SSO mechanism based on log-on ticket all users will get default role in portal. Which means for allmost every GRC we are doing manual assignment in portal.

 

Raising OSS message now.

Re: Role Provisioning failed for System(s) : . Error Message : malformedRequest

March 31, 2014, 11:08 am
$
0
0

Arpan,

I will look forward to hearing the result of your customer message. I would not be surprised if they suggest that your best option is to migrate to GRC 10.x, but take it from me, "smooth sailing" is not guaranteed there either. Issues with the portal synch and portal provisioning have been at the root of numerous customer messages during our (still ongoing) migration to GRC 10. Good luck!

 

Gretchen

Re: Unable to export the SPM data during migration

March 31, 2014, 11:41 am
$
0
0

Thank you for your reply. My issue is resolved and turned out to be a folder issue. Ask your basis to do a search of one of these files gracspm• in the server after you see the extracting msg and I my case files were exported to a different file than specified.

Search

Re: SAP GRC - Adding User exit

March 31, 2014, 12:40 pm
$
0
0

Hi Sara.

 

Did you find information about this subject?

 

Thanks in advances.

 

Regards

Re: Is there any user exit within GRC before submitting a request ?

March 31, 2014, 12:49 pm
$
0
0

Hi Mustafa.

 

Did you find any information about this subject?.

 

Best regards

GRC AC customizing menu

March 31, 2014, 3:38 pm
$
0
0

Hello,

 

Hoping I can get some help.  I am trying to restrict access to a menu ID in GRC AC, specifically I'd like to restrict access to some users to the "User Level Simulation" option within "Access Management".

 

I know this can be accomplished by adding authorizations to SM34 data, but this will get overriden with SAP updates.  Is there a way to accomplish this without getting the override?

 

Thanks,

Re: Change default information after Work Inbox

April 1, 2014, 10:49 am
$
0
0

Hi Jonathan,

 

I have almost 50 components OIF under the path mentioned. I don't think these are created by activating a BC set.

 

Did you raise an OSS message for this?

 

Kind regards,

Re: Change default information after Work Inbox

April 1, 2014, 11:00 am
$
0
0

Now that I have an idea of whats the problem I will open one, thanks for the information.

Viewing all 8113 articles
Browse latest View live
Search

Latest Images

7 clever tricks Primark does to keep you walking & buying more than you need...

7 clever tricks Primark does to keep you walking & buying more than you need...

July 20, 2025, 5:14 am
Art for Everyone! Autism advocacy, local stories, and indigenous pride in one...

Art for Everyone! Autism advocacy, local stories, and indigenous pride in one...

July 20, 2025, 5:06 am
Paintings of English Downs 2

Paintings of English Downs 2

July 20, 2025, 4:30 am
How Kerala Women Rescued a Dying Forest and Turned It Into a Safe Haven for...

How Kerala Women Rescued a Dying Forest and Turned It Into a Safe Haven for...

July 20, 2025, 3:30 am
Met Eireann warns of heavy rain & spot flooding for DAYS before big...

Met Eireann warns of heavy rain & spot flooding for DAYS before big...

July 20, 2025, 1:14 am
Who is Kevin Lerena’s wife Geraldine?

Who is Kevin Lerena’s wife Geraldine?

July 20, 2025, 12:57 am
Man stabs woman, baby to death inside Queens home, police say

Man stabs woman, baby to death inside Queens home, police say

July 19, 2025, 11:00 pm
Ang papel ni whistleblower Julie Patidongan sa kaso ng mga nawawalang sabungero

Ang papel ni whistleblower Julie Patidongan sa kaso ng mga nawawalang sabungero

July 19, 2025, 9:45 pm
Telangana Human Rights Commission (TGHRC) seeks report from revenue dept on...

Telangana Human Rights Commission (TGHRC) seeks report from revenue dept on...

July 19, 2025, 7:29 pm
Crisis-hit NHS fat cats raking in MASSIVE salaries as frontline services cry...

Crisis-hit NHS fat cats raking in MASSIVE salaries as frontline services cry...

July 19, 2025, 2:11 pm
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>