on 04-13-2010 11:58 PM
All -
<br><br>
I am running into 'yet another' issue in ERM! This error really has me going in circles because I am able to execute the exact same process in our Sandbox environment with NO PROBLEM... If any of you Guru's can help to point me in the right direction on how to address this issue it would be greatly appreciated.
<br><br>
Here's the issue:
<br><br>
In our SANDBOX enviroment, the role creation process works as designed (Role Methodology: Definition --> Authorization --> Derivation --> Risk Analysis --> etc.). I'm able to define the role, add t-codes in the Authorization step and even Maintain them in PFCG.
<br><br>
However in our DEV environment when I take the same steps and I add t-codes to the role, I get an error when I try to Maintain in PFCG --> <b>Unhandled error; Unable to create role (Please provide a profile name.)</b>
<br><br>
The crazy thing is that when I remove the t-codes (to zero) I'm able to Maintain in PFCG!!! I am then able to save the Role 'Shell' in the backend (not adding any t-codes), come back into ERM and add t-codes there and Maintain in PFCG somehow works with the t-codes added now. So it seems as if that connection to the back through PFCG with no t-codes establishes the profile somehow and allows me to finish the process as intended. This is a pain because I will have to take this work around step for every role that I create in Development.
<br><br>
In Sandbox however this works as intended and generates a profile at this step after adding the T-codes, thereby allowing me to Maintain in PFCG with no error.
<br><br>
The configuration of these 2 boxes is exactly the same and the connections are both working successfully, I'm going crazy trying to figure this out! PLEASE HELP!
<br><br>
Here are the Error Logs:
<br><br>
2010-04-13 18:07:29,427 [SAPEngine_Application_Thread[impl:3]_19] ERROR com.virsa.re.exception.RoleGenerationException: Unable to create role (Please provide a profile name.)<br><br>
java.lang.Throwable: Unable to create role (Please provide a profile name.)<br><br>
at com.virsa.re.service.sap.dao.GenerateRoleDAO.createRoleFromAuthorizations(GenerateRoleDAO.java:1502)<br>
at com.virsa.re.bo.impl.GenerateRoleBO.createRoleFromAuthorizations(GenerateRoleBO.java:597)<br>
at com.virsa.re.role.actions.AuthAuthorizationDataAction.loadPFCG(AuthAuthorizationDataAction.java:420)<br>
at com.virsa.re.role.actions.AuthAuthorizationDataAction.execute(AuthAuthorizationDataAction.java:198)<br>
at com.virsa.framework.NavigationEngine.execute(NavigationEngine.java:273)<br>
at com.virsa.framework.servlet.VFrameworkServlet.service(VFrameworkServlet.java:230)<br>
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)<br>
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:117)<br>
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:62)<br>
at com.virsa.comp.history.filter.HistoryFilter.doFilter(HistoryFilter.java:43)<br>
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:58)<br>
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:384)<br>
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)<br>
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)<br>
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)<br>
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)<br>
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)<br>
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)<br>
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)<br>
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process<br>
<br>
(ApplicationSessionMessageListener.java:33)<br><br>
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)<br>
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)<br>
at java.security.AccessController.doPrivileged(Native Method)<br>
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)<br>
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)<br>
Hi,
Please run the Configuration Validator diagnostic tool to check for any configuration related issues that you may quickly resolve. This tool contains checks for the Access Controls 5.3 applications suite but you can select only the ones that relate to ERM. Please refer to SAP Note 1370400 for more details.
Best Regards,
Sirish Gullapalli.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Sirish,
I have run the configuration validator for both Sandbox & Dev Environments and received the same results in both. I would like to export the results, but am getting the following error when I select the 'Export' button for both:
./temp/webdynpro/web/sap.com/grc~accvwdcomp/Components/com.sap.grc.ac.cv.wdapp.CheckComp (Is a directory)
Initially I thought that the error was result of the "ERMApplicationRTACheck" failing, however it is failing for both environments with this Reason:
Devleopment:
ECD Client 150
VIRSANH version does not match (9)
VIRSAHR version does not match (7)
-
OCD Client 100
VIRSANH version does not match (9)
VIRSAHR version does not match (7)
Sandbox:
ECC Sandbox
VIRSANH version does not match (9)
VIRSAHR version does not match (7)
-
SAM Sandbox ECC
VIRSANH version does not match (9)
VIRSAHR version does not match (7)
So I'm still at a loss as to why its working in one environment and not the other...?
Hi,
I couldnot figure out what could be the possible reason for the error you are facing. Let's verify following parameter in backend ERP system.
- Goto transaction RZ11.
- Specify the parameter "transport/systemtype", open in CHANGE mode.
- Now verify the "Current value" parameter and ask your BASIS person to change it to BLANK and then try to recreate the steps.
This parameter applies for the Profile name accepted by the backend R/3 when communicating with the frontend. If this set to some value, then R/3 would look for the value maintained for this parameter with the ROLE NAME coming from ERM frontend. Once set to blank(empty) it will pick the value dynamically.
If you still having an issue, please open a ticket with GRC Support.
Best Regards,
Sirish Gullapalli.
This error has come as a result of a Profile Generation error message showing up on the ECC backend system. The following message was popping up as a result of Maintaining Authorization Data and Generate Profiles:
Important Note:
If you are using the Profile Generator for the first time, you should
use transaction SU25 (step 1) to initially fill the Profile Generator
customer tables. For information on this step, see the documentation on
the Profile Generator in the Implementation Guide, the SAP Library and
in the transaction itself.
If you have already used the Profile Generator in a previous Release,
you should use transaction SU25 (steps 2A to 2C) to transfer the new
check indicators before you continue working with the Profile Generator.
This transaction displays all changes to the check indicators and the
field values. You can adopt the changes or retain your own settings. The
transaction also specifies all roles that it makes sense to regenerate.
As a result running SU25 (steps 2A to 2C) addressed this issue.
this issue was solved after we implement SAP NOTE 1441463
https://websmp130.sap-ag.de/sap(bD1kZSZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1441463
Edited by: Ibrahim Sigirci on Aug 10, 2010 2:47 PM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.