cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC ERM & GRC CUP roles

Former Member

on ‎02-06-2012 8:35 PM

0 Kudos

Hi,

we are on configuring GRC ERM.My question is,if we configured GRC CUP user access review,what will happen to GRC CUP Requestor page,for example.If requestor try to create request for new/change account.Can he be able to see those roles that are using in user access review or roles that are pulled from ERM roles usage synchronization.Role import template of GRC CUP through GRC CUP configuration role import is different than role template using for GRC CUP user access review.

second question: During testing of creation role,when i go for create role in GRC ERM,defined roles and when i go for authorization data tab to add transaction, i am getting error message:Unhandled error; n/a , is it due to not configure GRC RAR in GRC ERM through miscellinious.

Thanks

Mash

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎02-06-2012 11:49 PM
0 Kudos

Mash,

Regarding your second issue, please check the sap note: 1514051 - Adding a transaction returns "Unhandled error; n/a" message. Also make sure that the user configured in the JCo has authorization to maintain roles in the back-end system configured for role generation in ERM.

Cheers,

Diego.

Show replies
Show replies
Former Member
‎02-07-2012 5:02 PM
0 Kudos

System log report

Does it mandatory to connect with grc risk analysis and remediation system.In create role->authorization data->transactions->select se38 tcode->unhandled error n/a. It also give functions tab(is this function pulled from GRC RAR)???

:2012-02-07 17:55:17,278 [SAPEngine_Application_Thread[impl:3]_19] ERROR Message Code is 651 Messsage Details Function module does not exist Message Type is E

java.lang.Throwable: Message Code is 651 Messsage Details Function module does not exist Message Type is E

at com.virsa.re.service.sap.dao.ManageAuthDataDAO.getAuthorizationData(ManageAuthDataDAO.java:1064)

at com.virsa.re.bo.impl.AuthorizationDataBO.getNewTransactionObjects(AuthorizationDataBO.java:821)

at com.virsa.re.role.actions.AuthAuthorizationDataAction.addObjsForNewTxns(AuthAuthorizationDataAction.java:3575)

at com.virsa.re.role.actions.AuthAuthorizationDataAction.reloadTransactions(AuthAuthorizationDataAction.java:4176)

at com.virsa.re.role.actions.AuthAuthorizationDataAction.execute(AuthAuthorizationDataAction.java:161)

at com.virsa.framework.NavigationEngine.execute(NavigationEngine.java:273)

at com.virsa.framework.servlet.VFrameworkServlet.service(VFrameworkServlet.java:230)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)

at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)

at com.virsa.framework.servlet.VFrameworkServlet.service(VFrameworkServlet.java:286)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:117)

at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:62)

at com.virsa.comp.history.filter.HistoryFilter.doFilter(HistoryFilter.java:43)

at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:58)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:384)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)

at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)

at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)

at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)

at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)

at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)

at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)

at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)

at java.security.AccessController.doPrivileged(Native Method)

at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)

at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)

2012-02-07 17:55:17,287 [SAPEngine_Application_Thread[impl:3]_19] ERROR com.virsa.re.role.actions.AuthAuthorizationDataAction

java.lang.Throwable: java.lang.NullPointerException

at com.virsa.re.service.sap.dao.ManageAuthDataDAO.getAuthorizationData(ManageAuthDataDAO.java:1084)

at com.virsa.re.bo.impl.AuthorizationDataBO.getNewTransactionObjects(AuthorizationDataBO.java:821)

at com.virsa.re.role.actions.AuthAuthorizationDataAction.addObjsForNewTxns(AuthAuthorizationDataAction.java:3575)

at com.virsa.re.role.actions.AuthAuthorizationDataAction.reloadTransactions(AuthAuthorizationDataAction.java:4176)

at com.virsa.re.role.actions.AuthAuthorizationDataAction.execute(AuthAuthorizationDataAction.java:161)

at com.virsa.framework.NavigationEngine.execute(NavigationEngine.java:273)

at com.virsa.framework.servlet.VFrameworkServlet.service(VFrameworkServlet.java:230)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)

at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)

at com.virsa.framework.servlet.VFrameworkServlet.service(VFrameworkServlet.java:286)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:117)

at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:62)

at com.virsa.comp.history.filter.HistoryFilter.doFilter(HistoryFilter.java:43)

at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:58)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:384)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)

at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)

at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)

at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)

at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)

at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)

at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)

at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)

at java.security.AccessController.doPrivileged(Native Method)

at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)

at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)

Thanks

Mash

Former Member
‎02-07-2012 6:31 PM
0 Kudos

Mash

What's your SAP_BASIS version and SP in the back-end... does the function module SUPRN_AUTH_DATA_IN_EXP_MODE exist?... please check note 1441463 - Interface to merge authorization data

And implement it if neccesary. What do you want to connect to RAR ??

Cheers,

Diego.

Former Member
‎02-07-2012 9:17 PM
0 Kudos

Hi Diego,

Right now, i am trying to configure GRC CUP UAR for that do i need role usage synchronization set up in GRC ERM system.What main things do i need to setup without using GRC RAR in GRC ERM. .I tried by uploading some roles through mass role import through GRC ERM by giving source connectors,system type(sap),system landscape and i used buIld download file (that file from backend system through /virsa/re/dnldroles) and i am unable to see that role in GRC ERM,although background job for role import successfully completed and i am unable to see that role. I guess for role usage synchronization,do i only have to manually upload role usage file(that has to be updated).

I need to setup GRC CUP UAR through GRC ERM without using GRC RAR in GRC ERM.

Thanks and Regards

Mash

Former Member
‎02-08-2012 12:05 AM
0 Kudos

Hello mash,

My replies so far were about your second issue: the problem adding transactions in ERM.

Regarding UAR, as per the configuration guide, for UAR you need these configurations:

- ERM: You configure system connectors. This is required for transaction usage and

for user-role assignment information.

- RAR: You configure connectors. This is required for alert generation to provide

transaction usage information.

- CUP: You define connectors, configure UAR, configure workflows, and define

coordinators.

You'll find a guide to configure UAR here: http://www.sdn.sap.com/irj/bpx/go/portal/prtroot/docs/library/uuid/b05010a3-ed45-2c10-79b2-96df60a6b...

Cheers,

Diego.

Former Member
‎02-09-2012 12:31 AM
0 Kudos 
Hello mash,
> 
> My replies so far were about your second issue: the problem adding transactions in ERM.
> 
> Regarding UAR, as per the configuration guide, for UAR you need these configurations:
> 
> - ERM: You configure system connectors. This is required for transaction usage and
> for user-role assignment information.
> - RAR: You configure connectors. This is required for alert generation to provide
> transaction usage information.
> - CUP: You define connectors, configure UAR, configure workflows, and define
> coordinators.
> 
> You'll find a guide to configure UAR here: http://www.sdn.sap.com/irj/bpx/go/portal/prtroot/docs/library/uuid/b05010a3-ed45-2c10-79b2-96df60a6b...
> 
> Cheers,
> Diego.

Thanks Diego,

what happened when i give role approvers as reviewers.Does it pick it up from role import excel template and what will happen if there are more roles in backend system than in GRC CUP after UAR Review load job runs .Do i have to update role excel template with those roles that were not present in GRC CUP and update with bacend system roles that are in use and use for UAR review.

Thanks

Mash

Ask a Question