cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Access Controls 5.3 - User Access Reviews

Former Member

on ‎01-23-2009 4:57 PM

0 Kudos

Hi all

I have read all of the documentation availble on User Access Reviews in AC 5.3 and I do not seem to be able to identify what criteria is used by CUP/ERM to select a user for a User Access Review. I can configure the UA Reviews fine and I understand the process, but.

Is there a field and value or something that is used to trigger the review via the Role Usage Synchronization job.

A have been tearing my hair out over this for a few weeks (and I don't have much left) to understand what the trigger is and why some users would be selected but others are not.

regards

Simon

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

former_member366047
Contributor
‎03-25-2009 2:48 PM
0 Kudos

Simon-

All users should be picked up by the Role User Syncronization job. There were some issues with that prior to SP06. So all unlocked/locked users will be picked up as of SP06. I have forwarded you a reference guide I came up with collaboration from Development. That document does not address this topic though.

Ankur

SAP GRC RIG

Show replies
Show replies
Former Member
‎03-25-2009 7:39 PM
0 Kudos

Hi Ankur...if I may chime in to Simon's post... I'm trying to run full UAR in SP06 for all users -- locked and unlocked. It still seems to be ignoring locked users. After trying several things, I just now unlocked all users (since this is SBX) and reran UAR it again (still had same results, so decided to run ERM=>Role Usage Synchronization job??) Now I am getting a lot more users, though still not 100%. If there's not a setting somewhere for UAR that controls "ignore locked users", I don't know why I had to unlock them all to get them to show up in the UAR.

Thx,

Heraleen Bowers

former_member366047
Contributor
‎03-25-2009 7:50 PM
0 Kudos

Heraleen-

The option to exclude/include locked users is currently in our enhancement bucket, and do not know when that will be released.

If you are not getting ALL the users, then I would suggest opening a CSS message, as this issue was fixed in SP06. Or let me know via e*mail and we can have a meeting.

Thanks!

Ankur

SAP GRC RIG

Former Member
‎03-26-2009 1:26 PM
0 Kudos

Thanks Ankur, I submitted message 311856 about this issue, in case you want to track it...

Regards,

hb

Former Member
‎03-25-2009 1:00 PM
0 Kudos

I was told that the trigger is the manual running of the role/user sync job in ERM and that you can not select which users are included in the UAR process, they are all included as a default.

I was also told that the UAR functionality had issues and needed to be fixed.

We have just upgraded to AC 5.3 SP07 and will be testing it this week/next week.

Show replies
Show replies
Former Member
‎03-25-2009 12:49 PM
0 Kudos

What Support Pack level for 5.3 are you on? We had similar experience on SP04, and were told my SAP GRC contact there were issues with users not in AD. I'm not sure that was our only issue, but rather than figuring it out we pursued SP06 (wanted several fixes for UAR/SOD) and am getting ready to run a regression test to see if the situation is improved in this version. Should know soon.

BTW, have you figured out what tables are updated by Role Usage Synchronization job?

Regards,

Heraleen

Show replies
Show replies
Ask a Question