cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC 10: New Account Request for the existing User ID???

former_member184114
Active Contributor

on ‎12-03-2012 12:01 PM

0 Kudos

Hi,

Anybody faced or thought of a scenario where a request is submitted for a user whose user id is "already" available in the target system?

What will happen if such request is submitted? Whether workflow gets failed as it will try to create a user whose ID is already there?

Please share  your thoughts on this. I will disclose what happened at my end 

Regards,

Faisal

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member456183
Discoverer
‎02-05-2013 8:44 AM
0 Kudos

Dear all

are there any news from SAP? We facing the same issue:

When starting "New Account" workflow, a users should not be created if he already exists in the CUA (as with version 5.3).

Best regards

Dominik

Show replies
Show replies
former_member184114
Active Contributor
‎12-04-2012 6:57 AM
0 Kudos

Let me share my experience:

When I submitted a "new account" request for already existing user id, it simply "modified" the user details and did not throw any error as we get while trying to create a duplicate user in SU01!

I was expecting that the workflow would fail, but it did not.

How can we control this?

Regards,

faisal

Show replies
Show replies
Former Member
‎12-04-2012 9:43 AM
0 Kudos

Hi Faisal,

There are amny places you have to configure this authentication.

1. SPRO-GRC-Access Control-User Provisioning- Maintain Global Provisioning Settings-Account Validation Check-Error


2. SPRO-GRC-Access Control-Configuration Settings-

Parameter - Workflow - 2051-YES


3. SPRO-GRC-Access Control-Maintain Data Sources Configuration

The System will check the user against provided data source and if user exists, the system will throw error.

Hope it helps.

Regards,

Sabita

former_member184114
Active Contributor
‎12-04-2012 11:05 AM
0 Kudos

Sabita,

Thanks for this.

I was wondering what exactly needs to be done in point#3. Can you help?

Regards,

Faisal

former_member184114
Active Contributor
‎12-04-2012 11:23 AM
0 Kudos

I made the following configurations:

1. SPRO-GRC-Access Control-User Provisioning- Maintain Global Provisioning Settings-Account Validation Check-Error: set Account Validation to "Error"


2. SPRO-GRC-Access Control-Configuration Settings-

Parameter - Workflow - 2051-YES: made this setting for "PARM Group" workflow


3. SPRO-GRC-Access Control-Maintain Data Sources Configuration: Added SAP system as "User Authentication Data Source" where the user id is going to be created.

Still  I could see that, user is modified and no error is thrown.

Please suggest.

Regards,

Faisal

Former Member
‎12-04-2012 11:49 AM
0 Kudos

Hi Faisal,

I guess the parameter 2051 value should be NO. change it and try again.

Regards,

Sabita

former_member184114
Active Contributor
‎12-04-2012 12:00 PM
0 Kudos

Sabita,

Thanks for your reply.

Still the same issue. Any more suggestions?

Regards,

Faisal

Former Member
‎12-04-2012 12:20 PM
0 Kudos

Hi Faisal,

Now I remember that we had faced the similar case but with error "User doesn't exist". We had a discussion with SAP and they said that two configurations are required - one 2051 set to NO and User auto provisioning Account validation check set to error. It worked well for us.

Is account validation is checked with value error?

If not solved, then you may contact SAP.

Regards,

Sabita

former_member184114
Active Contributor
‎12-04-2012 1:51 PM
0 Kudos

Sabita,

I noticed that no check box is selected under "Create user if does not exist".

What happens at my end is, requestor simply selects roles from the list and automatically that user id will be created in the corresponding SAP system where the role is coming from. This is possbile via option "For Role Assignment Action" under "Create user if does not exist".

However, other option "For Change User Action" under "Create user if does not exist", I feel that it is effective when any modification is taking place.

But I this it does not serve my purpose, which is explained below:

When a request is submitted of type "new user account" for the user id which is already in the system, then the workflow simply should throw an corresponding error.

Please see my current configurations:

Regards,

Faisal

Former Member
‎12-05-2012 6:30 AM
0 Kudos

Hi Faisal,

The option "Create User if doesn't exist" is only for change user and/or role assignment as you have clearly stated. It has nothing to do with existing user ID validation.

As per reply given by SAP in response to my message, even above setting for account validation check is enough for ot to work. If we select parameter 2051, it should be no. we can even bypass this parameter.

Check with SAP if it doesn't work. Also, let us know how did you resolve it.

Regards,

Sabita

former_member184114
Active Contributor
‎12-05-2012 7:18 AM
0 Kudos

Sabita,

Thanks for your reply.

I will check and update you on this.

Regards,

Faisal

former_member192902
Participant
‎12-09-2012 9:18 AM
0 Kudos

HI Sabita

I am also facing same issue.

2051 parameter configured with "NO" and also selected "Error"  in auto provisioning option but still system allowing to create request for existing user.with New Account option

With Regards

Trinadh Bokka

former_member192902
Participant
‎12-09-2012 9:18 AM
0 Kudos

HI Sabita

I am also facing same issue.

2051 parameter configured with "NO" and also selected "Error"  in auto provisioning option but still system allowing to create request for existing user.with New Account option

With Regards

Trinadh Bokka

former_member184114
Active Contributor
‎12-09-2012 9:30 AM
0 Kudos

May be you can contact SAP for the same.

Please also update me on this.

Faisal

former_member704195
Participant
‎02-06-2013 9:21 AM
0 Kudos

Dear Faisal,

Workflow will not throw an error.

There are few validations which needs to be followed like

2051 parameter: YES and Accoiunt validation check if set error.

If both are set then user will not be able to submit the request for already existing user.

Regards,

Nidhi

former_member456183
Discoverer
‎02-07-2013 8:02 AM
0 Kudos

Hi Nidhi

that's correct, but we are facing an other issue. If we select "New Account" as request type, it should allow to create a user which does not exist. If we select "Change Account", it should validate the account.

We are using a CUA and did not connected GRC to LDAP.

If I set parameter 251 to YES and Account Validation check and set to error, it will not send the workflow if user does not exists. So workflow "New Account" does not make sense to us.

Best regards

Dominik

Ask a Question