cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP GRC 5.3 SP13 - Role Sync

Former Member

on ‎01-12-2012 12:14 PM

0 Kudos

Hello All,

We have executed incremental role sync job but still role is not available in VIRSA_CC_GENOBJ , For your information rest of the new created roles are available in Table.

Please help us...Little bit urgent.

Thanks,

Jagat

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎01-24-2012 12:04 AM
0 Kudos

Hi Jagatbir,

I saw all the threads of your question. The point here is if your role in not picked up in the role sync incremental it will not be part of the risk analysis you will perform.

The only thing you can do is run the Full Role sync job for that SAP production system. Sync jobs are not time consuming and load consuming.

After that run the batch risk analysis job only for that role.

If you want to check the risk associated with role then run the query

select distinct genobjID as "Role",RISKID,FUNCTID "FUNCTION_ID", VSYSKEY "SYSTEM_ID" FROM VIRSA_CC_PRMVL WHERE VSYSKEY = '<SAP connector name>' AND GENOBJID = '<Role Name>'

Check the logs for more information.

Regards,

Rahul

Show replies
Show replies
Former Member
‎01-12-2012 2:24 PM
0 Kudos

Hello Jagat,

Just to give you a hint. This is the select statement in the function module:

select AGR_NAME appending corresponding fields of table ROLE_LIST

from AGR_1016 where AGR_NAME in ROLERANGE. " and PSTATE = 'A'. "#EC CI_GENBUFF

can you check the role in the table AGR_1016 and also check table AGR_NAME in the back-end??

Also there's a reported issue with the role texts: Note 1577541 - Some Role texts are missing in Full & Incremental syn in RAR

Cheers,

Diego.

Show replies
Show replies
Former Member
‎01-16-2012 6:46 AM
0 Kudos

Hello Diego,

In our case we are syncing Composite roles , we are getting all other composite roles in RAR which are not present in Agr_1016.

Thanks,

Jagat

Former Member
‎01-16-2012 2:32 PM
0 Kudos

Hello Jagat,

In case of composite roles, the table is AGR_AGRS.

Just a though... have you checked the buton "exclude objects" when scheduling the background sync job??

Cheers,

Diego.

Former Member
‎01-17-2012 8:03 AM
0 Kudos

Hello Diego ,

yes our role is exsist in agr_agrs table , we have mentioned followings in exclude objects

Object Type From Value To Value System Status Comment

Role SAP_* SAP_* All Enabled

User DDIC DDIC All Enabled

Profile SAP_ALL SAP_ALL All Enabled

Profile SAP_NEW SAP_NEW All Enabled

Profile &* &* All Enabled

Role /* /* All Enabled

Thanks,

Jagat

Former Member
‎01-17-2012 2:35 PM
0 Kudos

Jagat,

Have you tried a full sync? Note that a full sync is recommended as per the config guide:

"After the initial synchronization, schedule a nightly job to perform an incremental synchronization. Perform a full synchronization periodically as well to ensure data integrity"

I'd try a full sync for roles and profiles.

Cheers,

Diego.

Former Member
‎01-18-2012 12:04 PM
0 Kudos

Hello Diego,

Thanks for the reply.

Currently we have facing this issue in production system , So itu2019s not possible for us to schedule full sync now because we have large nou2019s of roles in the system. So It would be great we suggest any other work around.

But we have successfully completed increment job sync for role, profile and user.

Thanks,

Jagat

Ask a Question