on 11-24-2011 6:52 AM
In Role Maintenance, I have managed to create a test role through GRC in my sandbox ERP system. The request is in complete status and the role is created in the ERP system.
I am trying to create an access request for a new user in that system. However, it does not allow me to add the role I just created for the same system.
When I click on Access Request Creation --> Access Request -> Request type new a/c
Request for Self
Business Process: Finance
User Access: Add System: (successfull)
add role : Here I'm not able to search for the role.
Can someone please help to know why is the role not showing up ?
Hi,
The role need to be generated.
Pl try this through NWBC and issue should get resolved.
regards
Hemant
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jay,
You have to first create, Business Process, Sub-proceess , project release etc and then define default ones in Configuration Settings.
Then you need to import roles. I am not aware of how to map Business Process and roles, I have done a test import with default values. The tocde to import role is - GRAC_ROLE_MASS_IMPRT
Let me know how it goes and also, if you are able to find a way to map mass roles into different Business Process, Sub-Process.
Regards,
Sabira
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jay,
>
> You have to first create, Business Process, Sub-proceess , project release etc and then define default ones in Configuration Settings.
>
> Then you need to import roles. I am not aware of how to map Business Process and roles, I have done a test import with default values. The tocde to import role is - GRAC_ROLE_MASS_IMPRT
>
> Let me know how it goes and also, if you are able to find a way to map mass roles into different Business Process, Sub-Process.
>
> Regards,
> Sabira
Thank you,
Business Process, Subprocess and project release have been set. Configuration settings are not changed as the default ones would be active.
Now While I try to execute GRAC_ROLE_MASS_IMPORT in GRC system, I am getting a weird error...
" <RFC> Enter the business process, Message no. GRAC_UTILITIES000"
I navigated to my role maintenance screen where the role is in completed status, I can see that role was assigned to the respective process / subprocess when created.
Any clue ?
Hi,
>
> In the configuration settings, it takes Technical name in default settings e.g. BS00 for Basis(SAP standard business process) and so on.
>
> Try if it works.
>
> Regards,
> Sabita
Hi
Thanks for replying.
Are you talking about IMG->GRC->AC->Maintain configuration settings. If so, please let me know the parameter group, param ID and Parameter Value ?
Also, can you please let me know the same for parameter ID 2021 and 2022 please ?
Hi,
We need to maintain configuration settings.
2021- Default Request Type for Role Reaffirm and 2022 - Default Priority for Role Reaffirm are related to Role reaffirm, we don't use it hence not maintained.
For role managment 3000 is for default business process, 3001 for default sub-process, 3002 for criticality level, 3003 for project release and 3004 for default role status. The value depends upon what you have configured in the system.
We are using sap standard so are taking sap delivered values. possible values will come in drop-down if applicable.
Regards,
Sabita
Thanks...
This issue was resolved by GRC -> RM -> Maintain role status --> Select development. Thus, I've been able to successfully able to select / assign and approve roles. However, the provisioning fails for some workflow error. Any clue on the below:
1. Role Z.... in system SID is approved for action 'Assign' with validity 02.12.2011-31.12.9999 -- Updated by user
No agent found, cancelling path GRAC_DEFAULT_PATH (in stage no. 003 - GRAC_SECURITY) -- Updated by workflow system(WF-BATCH)
2. Also, any clue if we can re-trigger workflow for access request .. ?
3. While creating a new access request in AC 10, what options do we select from the create request screen
Request Type: New Account ?
Request for : Self Other Multiple ??
If we select Other in 'Request for' it allows to add only from the already available users in that system. Eventually this will lead to an error.
Any help ?
Jay,
Well, seems you take advantage of an error to solve your problem???
Note 1624035 - Roles with status dev show in CUP role search
So, check this:
In GRC 10.0, Business role Management and ARQ are tightly integrated. Only the roles that exist in BRM with the Role Status as Production, will be available in the Search while request creation in ARQ.
So you need to ensure that the status of the roles that you want to use while request creation is set to production.
Note 1602339 - No roles found while creating request
Cheers,
Diego.
Dear Diego
Thank you for replying. I am too simple to understand what you meant it 'seems' to be .. but I'll let you know what I have seen.
Only the roles that exist in BRM with the Role Status as Production, will be available in the Search..... unless you explicitly tell the system to allow assigning roles with development status... this is exactly what I have described above as I've done.
Please see if you'd be able to post your comments on the three queries I've listed above as I'm new to GRC (in simple terms)..
Thanks,
Jay,
What I meant is you shouldn't use Dev Status roles for provisioning:
http://help.sap.com/saphelp_grcac10/helpdata/en/cc/036324250447c5874e67ae28f30a88/frameset.htm
"The application only performs provisioning for roles that are set as productive and is provisioning allowed. That is, if the role is set as productive, but both Provisioning Allowed and Allow Auto-provisioning are set as No, the application does not provision the role."
Cheers,
Diego.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.