- SAP Community
- Products and Technology
- Additional Q&A
- AE 5.2 Role Reaffirm - email notification; audit r...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
AE 5.2 Role Reaffirm - email notification; audit report of actions
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 01-14-2009 7:32 PM
Hello,
I am testing the implementation of Reaffirming roles in AE 5.2; (AE5.2 SP10)
I have defined a composite role with an "owner" and forced the last reaffirm date (12/15/2008) so that the next reaffirm date would be 01/15/2009; I have set the days prior to reaffirm date to one (1) so the email notification will be sent to the owner one (1) day prior; I have the background job "Role Reaffirm Notification" executing every two (2) minutes for this test (this is confirmed with the view schedule)
I would expect to receive an email as I am the owner of the role; no email was produced
Are there any certain roles the owner must have in UME to allow for this? Presently the owner of the role is defined with the AEADMIN role; I would think this includes all AE access; does the server require a re-boot for this to become effective?
Also, if I force the reaffirmation to be an expired date, (set last reaffirm to 12/13/2008), as the role owner I do see the roles that require reaffirm review when accessing Access Enforcer tab > Role Reaffirms; this is expected; when I reaffirm the users assigned to the role, I am prompted for a comment for the actions I set; once all users have either been approved or rejected, the role is reset for the next reaffirm period;
+Is there any report / audit trail that can be reviewed for this action? I ask in reference to an external auditor reviewing changes to a user in the SAP backend system and wanting to see where the request came from; how can I show that the Reaffirm in AE may have removed a role from user? The SUIM report in the backend SAP system will show this and list the user that communicates with AE (not the role approver who performed the reaffirmation)+
Thanks for any feedback
Jerry Synoga
Ryerson, Inc.
Accepted Solutions (1)
Accepted Solutions (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Jerry,
GOOD NEWS: CUP (AE) 5.3 does have Audit Trail for 'Role Reaffirm'. I have looked at it.
I don't have AE 5.2 so I can not test this anymore but you should not receive email reminders again and again. This might be some kind of issue.
In CUP 5.3, I am able to configure 'Reminder' tab in 'Email reminder' separately for workflow types like CUP, ERM, Mitigation, Risk, Role Reaffirm etc.
Open a message with SAP and see if they can resolve it.
Regards,
Alpesh
SAP GRC Manager (PwC)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Alpesh,
The audit trail in 5.3 for reaffirmations is good news! Bad news is I'm not sure when we will be able to get there; have to consult with our BASIS group
The Email reminder at AE 5.2 will be tested a bit more to make sure I have everything set the correct way; I still believe I will be receiving the email reminders even if there are no roles to reaffirm
I will then open up an issue with SAP
I will provide the infiormation to this thread when I receive it
Thanks for all your help
Jerry Synoga
Ryerson, Inc.
630-758-2021
Answers (5)
Answers (5)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Jerry,
Although under My Work - Request Audit Trail you can select Role Reaffirm as WF type, the report is not showing anything over here. I doubt this will report in 5.3 what you are looking for.
We are also looking into this, as I feel Role Reaffirm requires less work of the GRC admin team compared to UAR review functionality. As we receive errors in UAR data load I can not confirm the process, but I feel there are little scoping possibilities. As where with role reafirm it can be activated easily per role during role creation/change and it will trigger the approvers by email reminders.
Only thing missing is a reporting possibility, also in 5.3 unless someone else has other experiences.
Taking data from the table directly is an alternative but not a wanted situation.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello,
I am marking this thread as answered based on the responses.
Bottom line AE 5.2 does not have any audit reporting for role reaffirmation, 5.3 it has been reported does.
For the interim that we are on AE 5.2, our BASIS group has provided me with a data browser utility for the A_JAVA. This toll is not officially supported by SAP but it does do the necessary capture of the data I need.
I will be using this tool to download the JAVA records into a spreadsheet that i can manipulate to the way I want to report the reaffirm actions.
The BASIS / DBA group also has other standard tools that they were able to provide me with the initial report ina spreadsheet format
Thanks for the responses
Jerry
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
I opened up an issue with SAP to find out if there was any audit report to address the reaffirmation or roles in AE 5.2
As was stated in this thread, the audit report is available in AE 5.3
I still was puzzled as to why something is not available in 5.2 since it seemed like everything was being done including the entering of comments as to the action one takes for the reaffirm process.
What I found was there is a table VIRSA_AE_RLREAFRM that holds the reaffirm information in AE 5.2
I had the BASIS group extract this table records for me into an Excel spreadsheet and found it contains just what I was looking for. The extracted data will provide me with the reporting I will need to address any audit questions as to the actions taken for the reaffirm process - at least until I get to 5.3 release
I will leave this posted for awhile for others to review and comment if they wish
Jerry
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Jerry,
Did you receive email notification or not? If not, then try running 'Email Reminder' job with 'Role Reaffirm' job. This should resolve the issue.
I looked at 5.3 for role reaffirm audit trail but could not find anything. I will try to research this and let you know.
Regards,
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Alpesh,
It looks like setting up the "EMAIL REMINDER" and the "REAFFIRM NOTIFICATION" jobs does trigger the expected email
I'm still doing some testing in regards to the setting of the "Days Prior to Due Date" which I set to one day; I set the reaffirm date for the role tomore than one day from now and when the jobs execute, I still receive emails; my testing had the jobs running every two minutes and I received emails each time;
I would have thought that I would not receive an email unless there were roles that were due one day from now
It looks like the "EMAIL Reminder" and Reaffirm Notification is sending based on the scheduled run times and not the "Days Prior to Due Date"
Enough for today - will pick up more next week; let me know if you have any comments
Thanks much
Jerry Synoga
Ryerson,Inc.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Update
I have successfully defined a role to be reaffirmed with setting myself as the owner
I have set up the EMAIL REMINDER to remind the owner of the upcoming Reaffirmation
I also received the email identifying the role I was required to reaffirm
After completing the reaffirmation, I am still receiving the EMAIL REMINDER although there is no role that requires to be reaffirmed at the time
Does anyone know why I would be receiving the email reminder every day (job runs once a day); I would thought I should only receive the reminder prior to the due date of role reaffirmation based on the "days prior" setting; I am thinking the Reminder tab should be the one I define as oppossed to the Submission or Closing tab (which am not sure what there purpose is)
Appreciate any comments
Thanks
Jerry Synoga
Ryerson, Inc.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Jerry,
As per the configuration, you should get an email. Make the next reaffirm date would be 01/16/2009 and wait the email to arrive it till tomorrow and see if it works or not. Here is my response to your questions:
Are there any certain roles the owner must have in UME to allow for this? No Presently the owner of the role is defined with the AEADMIN role; I would think this includes all AE access; does the server require a re-boot for this to become effective? No
Is there any report / audit trail that can be reviewed for this action? I ask in reference to an external auditor reviewing changes to a user in the SAP backend system and wanting to see where the request came from; how can I show that the Reaffirm in AE may have removed a role from user? The SUIM report in the backend SAP system will show this and list the user that communicates with AE (not the role approver who performed the reaffirmation)
AE 5.2 does not show any kind of report/audit trail for role reaffirm. CUP/AE 5.3 was suppossed to show this detail but I have not tested it.
Regards,
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Alpesh,
Thanks for the feedback - it seems we are on the same page in thinking this one through; I already was setting up the reaffirm date to allow for a full 24 hours before the email would be sent ( one day prior to the reaffirm date); however, I set the date incorrectly and will have to wait another day now to verify this;
hopefully this works as it is the last piece I need to verify before setting up additional roles
I will keep you posted on the results
That's too bad about the lack of a report; you would think that someone would have thought that to be valuable not to say necessay; we do not have immediate plans on going to 5.3 but let me know if that provides a report if you get around to it
Jerry Synoga
Ryerson, Inc.
630-758-2021
- Receive a notification when your storage quota of SAP Cloud Transport Management passes 85% in Technology Blogs by SAP
- SAP Document and Reporting Compliance - 'Colombia' - Contingency Process in Technology Blogs by SAP
- Sneak Peek in to SAP Analytics Cloud release for Q2 2024 in Technology Blogs by SAP
- New webcast series on “SAP BTP DevOps and Observability in Action” in Technology Blogs by SAP
- How to get notified when support cases are updated by SAP - SAP for Me in Technology Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.