on 01-23-2009 4:57 PM
Hi all
I have read all of the documentation availble on User Access Reviews in AC 5.3 and I do not seem to be able to identify what criteria is used by CUP/ERM to select a user for a User Access Review. I can configure the UA Reviews fine and I understand the process, but.
Is there a field and value or something that is used to trigger the review via the Role Usage Synchronization job.
A have been tearing my hair out over this for a few weeks (and I don't have much left) to understand what the trigger is and why some users would be selected but others are not.
regards
Simon
Simon-
All users should be picked up by the Role User Syncronization job. There were some issues with that prior to SP06. So all unlocked/locked users will be picked up as of SP06. I have forwarded you a reference guide I came up with collaboration from Development. That document does not address this topic though.
Ankur
SAP GRC RIG
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ankur...if I may chime in to Simon's post... I'm trying to run full UAR in SP06 for all users -- locked and unlocked. It still seems to be ignoring locked users. After trying several things, I just now unlocked all users (since this is SBX) and reran UAR it again (still had same results, so decided to run ERM=>Role Usage Synchronization job??) Now I am getting a lot more users, though still not 100%. If there's not a setting somewhere for UAR that controls "ignore locked users", I don't know why I had to unlock them all to get them to show up in the UAR.
Thx,
Heraleen Bowers
Heraleen-
The option to exclude/include locked users is currently in our enhancement bucket, and do not know when that will be released.
If you are not getting ALL the users, then I would suggest opening a CSS message, as this issue was fixed in SP06. Or let me know via e*mail and we can have a meeting.
Thanks!
Ankur
SAP GRC RIG
I was told that the trigger is the manual running of the role/user sync job in ERM and that you can not select which users are included in the UAR process, they are all included as a default.
I was also told that the UAR functionality had issues and needed to be fixed.
We have just upgraded to AC 5.3 SP07 and will be testing it this week/next week.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
What Support Pack level for 5.3 are you on? We had similar experience on SP04, and were told my SAP GRC contact there were issues with users not in AD. I'm not sure that was our only issue, but rather than figuring it out we pursued SP06 (wanted several fixes for UAR/SOD) and am getting ready to run a regression test to see if the situation is improved in this version. Should know soon.
BTW, have you figured out what tables are updated by Role Usage Synchronization job?
Regards,
Heraleen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.