Hi All,
I was configuring License Field in Access Request to update in Back end system. In this, I followed note#1736817 - UAM- License Key is not updated in SU01.
Now I can find the custom field created for license under "Custom" Tab. However, I noticed that this is plain text field and this is not displaying any drop down!
May I know what is that I missed? I followed everything mentioned in the note and still I am not able to get that drop down values.
Please advise.
Regards,
Faisal
Hello SAP GRC Experts,
I am stuck with a major issue in SAP GRC 10.0 in the implementation stage of ARM for "New Account" request type.
We are on SP13 and have performed all ARM configuration changes required. My Initiator rule is also pretty simple with BP, Priority & LINEITEm & Ruleresult. I do not have an issue submitting a request though. Change and Lock account works fine. The problem is only with "new account"
NWBC retrieves User details from LDAP server, then It goes through Manager and in Role Owner stage after Risk Analysis and approval ( for roles with No violations", it says the below in Audit Log
"Auto Provision activity at end of the path "MAIN_PATH" and stage "GRAC_ROLEOWNER
New User: XXXXXXX created in Systems: XXXXX_XXX
USER XXXXX does not exist in Target system :XXXXXX"
Then it goes to Auto provision failure path "GRAC_ADMIN" and request gets closed. Any idea what the issue could be?
SLG1 logs show as below
"
Started provisioning for request number 383
End request status for request no 383 is X
Created user XXXXXX in system XXXXXX
S:/GRCPI/GRIA_MSG:005 XXXXXXX
S:/GRCPI/GRIA_MSG:005 XXXXXXX
Message from plugin for system XXXXXXX: XXXXXX User does not exist in target system XXX_X
Call is going to IDM to update the request status and EOR is X
Callback service, req system:"
Can someone help me please? I am not using CUA. Thanks.
Kamesh
We have started the configuration of GRAC 10.1, for the end user we have configured AD as the authentication to log in to the web application. As a default I only see the following options when I sign into the weblink. How do I get some of the available options I see within NWBC for our end users? I'm looking to add things like Risk Analysis, Work Inbox, Mitigating Controls and some Firefighter details.
| Access Request Creation |
|
| Create access assignments, accounts |
|
| Quick Links |
| Access Requests |
| Model User |
| Template Based Request |
| Copy Request |
| My Profile |
|
| Manage and view personal access control information, assignments, and requests |
|
| Quick Links |
| My Profile |
| Request Status |
| Password Self-Service |
| Name Change |
| Register Self-Service Questions |
Thank You for your assistance.
Hello Experts,
I am working on GRC 10 EAM configuration at SP07.
The EAM Firefighting scenario is working on ie.Firefighter can login to backend R3 system and performed
FF activities but when i update the FF Logs GRC system doesnt show any logs in the system.
The logs are present in R3 system in STAD, CDPOS, SM20 etc.
The TIme Zones are same in both GRC and R3 system.
But Except Table GRACFFLOG.
NO other Log related table is getting updated after running log update Sync job successfully.
Please let me know if anybody has faced this issue or any advise on what is need to be checked.
Any help is much appreciated.
Regards,
Yatin Phad
Hi Experts,
I am new to GRC AC 10 and I need to configure workflow for various modules of AC.
How do I configure the same and are there any documents highlighting the various steps involved in the same.
Thanks,
Arjun
Hello,
I have tried doing the MSMP workflow configurations as per AC 10.0 Customizing Workflows for Access Management.pdf
But still i am not getting idea about what many things like, in 5.3 we configure stages, and we include multiple stages in one path.
Can any one explain in details how to configure stage and paths...
Regards,
Sumanth
Hello,
Anyone saw a presentation of GRC 10.1? What about new functionalities? (in particular in AC)
It looks likes the ramp up will be available for customers from tomorrow...
Julien
Hi All,
What is the role of a Security Consultant in an SAP implementation Project and the stages in which he is involved?
Hi Gurus,
Can you one guide me to find a Standard FI SOD Conflitcs matrix...
JC
Hi Gurus,
I have installed GRC - AC 10.0 and I want to configure EAM to allow automatically provisioning of Firefighter with following steps:
1. -In Access Management, AC Owners, FF ids, Controlles, Reason Codes are setup in advance
2. - I can create a manual Access Request for a Firefighter assignment and is functional without any issue
3. - Common workflow has been activated
4. - Email server has been configured and checked that can send emails
5. - In IMG -> GRC -> Access Control -> Workflow for Access Control -> Maintain MSMP Workflow I have activated SAP Process Id-s :
SAP_GRAC_ACCESS_REQUEST
using the default settings .
6. At Pct #5 Maintain Paths- Stage Definition- I have checked boxes - Approve by Email & Approve and I have Activated it.
Then, I create a access request again and no email is send it out to Owner.
In MSMP, in Pct #5, I have all for Process Id SAP_GRAC_ACCESS_REQUEST , I have left all 3 paths:
GRAC_MANAGER
GRAC_ROLEOWNER
GRAC_SECURITY
7. I have tried to activate other processes id-s:
SAP_GRAC_FIREFIGHTER_LOG_REPORT
SAP_GRAC_ROLE_APPR
however with the same result.
All my SPM Owners and FF-ids have email adress, how should I maintain their email in MSMP, as the documentation is confusing for me.
8. Then, at Point #3 - Maintain Agents - I have created a Z Rule where I have mapped directly the Account ID-s and I have assigned it in Pct 5 (Maintain Paths) and activated- without any result.
Thank You,
Marc
Hi all,
I have a requirement build a new landscape with GRC systems from Quality to Production. I have gone through the guides, its saying mainly upgrade from 10.0 to 10.1. If its a new installation i am not able to get any docs related to it. I have a Linux RHEL 6.3 and Oracle 11 g. Kindly help on this.
Regards,
Karthik.R
Hi All,
We have the below issue when generating parent role in BRM.
Error message 1 --> 500 SAP Internal Server Error (when ran in foreground)
Error message 2 --> Perform Background job role generation gets cancelled (when ran in BG)
Please update on what could be the issue and fix/note for the same..
Regards,
GRC Usr
Hi All,
I noticed that one of the Access Requests was processed by all the approvers and was provisioned successfully in the target system. However, the "Stage Status" is updated with "ERROR"!
I tried to get some useful information from the audit log of the request and could find:
"Error in End of Path, Escape for 'Auto Provisioning Failure' not Enabled
I am unable to determine the cause of this error yet. And wondering how the provisioning is done if there was some error.
I also checked in SLG1 and GRFNMW_DBGMONITOR_WD MSMP tcodes. But was unable to get some clue out of them.
Can anybody please advise me on this?
Regards,
Faisal
@Moderators: Please do not delete , saying I need to go through Forum or any other reason. I have been through Forum, but none answers this.
Hi All,
This may sound silly, but i would like to know the fundamental of UAR. There are lot of documents and i went through User Access Review(UAR) Workflow Configuration and Description - Governance, Risk and Compliance - SCN Wiki,,and Config guide and discussions, but none of them describes, how UAR comes into picture. So, below is my understanding. Please rectify, if incorrect.
Steps:
- Access requests which have not been approved, are considered for review, and this is done through Background Scheduler. This Scheduler , runs the program 'Generate data for Access request UAR review.' So, i think this data must be pending UAR requests. So, i ran the scheduler. But no spool file was generated, although i have a pending request, and i have few roles imported, with Role Owners, assigned. The role in the Pending request has a Role owner assigned.But, I do not understand the connection between Pending requests and Roles imported
- Then i ran NWBC->Access Management->Compliance Certification Reviews->Request Review, as per the above link, but i did not get any requests.
- I also understand that Modification of these requests, will initiate a workflow(MSMP).
Please suggest on this.
1. What are the components of GRC?
2. What are the upgrades happened in GRC 5.3 from GRC 5.2?
3. Is it possible to have a request type by which we can change the validity period of a user? If possible, then what are the actions?
4. What's the latest Support Pack for GRC 5.3? How it differs from the previous one?
5. What are the issues faced by you in ERM & CUP after golive?
6. Can we change Single roles, objects & Profile description through mass maintenance of role? If yes, how?
7. What are the prerequisites for creating a workflow for user provisioning?
8. How will you control GRC system if you have multiple rulesets activated?
9. Can we view the changes of a role, happened in PFCG, through GRC?
10. How will you mitigate a user against an authorization object which is decided as sensitive by Business?
11. Give an example of SOD with object level control & also decide the Risk implication from the Technical standpoint.
12. Is it possible to assign two roles with different validity period to a user in one shot through GRC? If yes, how?
13. What's the use of Detour path? How Fork path differs from Detour path?
14. How can you enable self password reset facility in GRC?
15. Can we have customized actions for creating request types in CUP?
16. Which SOX rules got inherited in SAP GRC?
17. How many types of Background job you are familiar with? Why Role/Profile & User Sync. job is required?
18. Where from can we change the default expiration time for mitigating controls? What's the default value for the same?
19. How will you do the mass import of role in GRC?
20. Explain the total configuration & utility of SPM?
21. Can we create Logical systems in GRC? If yes, how & what can be the advantages & disadvantages of the same?
22. Can we have different set of number ranges activated for request generation?
23. Explain, how can we create derived roles in ERM? What will be the significant changes in methodology for creating composite roles?
Hi All,
I was configuring License Field in Access Request to update in Back end system. In this, I followed note#1736817 - UAM- License Key is not updated in SU01.
Now I can find the custom field created for license under "Custom" Tab. However, I noticed that this is plain text field and this is not displaying any drop down!
May I know what is that I missed? I followed everything mentioned in the note and still I am not able to get that drop down values.
Please advise.
Regards,
Faisal
Hi Experts,
I came across the project which has 2 client in ERP system and initially they connected one client to GRC and all the configuration was
done on it for all 4 modules of GRC and it worked well , later business has come up saying they want another client to be connected instead of 1st one. Now the question is what is the best way to remove all the data existing in GRC from 1st client before we connect to 2nd client?
like i want to know what all tables or process to remove data from GRC for each modules which stores data from backend into GRC.
Thank you
Maltesh J
Hi Gurus,
I have installed GRC - AC 10.0 and I want to configure EAM to allow automatically provisioning of Firefighter with following steps:
1. -In Access Management, AC Owners, FF ids, Controlles, Reason Codes are setup in advance
2. - I can create a manual Access Request for a Firefighter assignment and is functional without any issue
3. - Common workflow has been activated
4. - Email server has been configured and checked that can send emails
5. - In IMG -> GRC -> Access Control -> Workflow for Access Control -> Maintain MSMP Workflow I have activated SAP Process Id-s :
SAP_GRAC_ACCESS_REQUEST
using the default settings .
6. At Pct #5 Maintain Paths- Stage Definition- I have checked boxes - Approve by Email & Approve and I have Activated it.
Then, I create a access request again and no email is send it out to Owner.
In MSMP, in Pct #5, I have all for Process Id SAP_GRAC_ACCESS_REQUEST , I have left all 3 paths:
GRAC_MANAGER
GRAC_ROLEOWNER
GRAC_SECURITY
7. I have tried to activate other processes id-s:
SAP_GRAC_FIREFIGHTER_LOG_REPORT
SAP_GRAC_ROLE_APPR
however with the same result.
All my SPM Owners and FF-ids have email adress, how should I maintain their email in MSMP, as the documentation is confusing for me.
8. Then, at Point #3 - Maintain Agents - I have created a Z Rule where I have mapped directly the Account ID-s and I have assigned it in Pct 5 (Maintain Paths) and activated- without any result.
Thank You,
Marc
Hi Gurus,
Can you one guide me to find a Standard FI SOD Conflitcs matrix...
JC
Hi experts,
Looking for solution on how to implement PSS in GRC AC10 with the following option:
Steps are
1. User wants to reset his/her password.
2. Goes to NWBC Link
3. Put the user id
4. Clicks on < Forgot Password >
5. Security question is asked
6. User gets a mail in his/her mail box with a link to reset the password
Regards,
Sudha M
