on 12-03-2012 12:01 PM
Hi,
Anybody faced or thought of a scenario where a request is submitted for a user whose user id is "already" available in the target system?
What will happen if such request is submitted? Whether workflow gets failed as it will try to create a user whose ID is already there?
Please share your thoughts on this. I will disclose what happened at my end
Regards,
Faisal
Dear all
are there any news from SAP? We facing the same issue:
When starting "New Account" workflow, a users should not be created if he already exists in the CUA (as with version 5.3).
Best regards
Dominik
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Let me share my experience:
When I submitted a "new account" request for already existing user id, it simply "modified" the user details and did not throw any error as we get while trying to create a duplicate user in SU01!
I was expecting that the workflow would fail, but it did not.
How can we control this?
Regards,
faisal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Faisal,
There are amny places you have to configure this authentication.
1. SPRO-GRC-Access Control-User Provisioning- Maintain Global Provisioning Settings-Account Validation Check-Error
2. SPRO-GRC-Access Control-Configuration Settings-
Parameter - Workflow - 2051-YES
3. SPRO-GRC-Access Control-Maintain Data Sources Configuration
The System will check the user against provided data source and if user exists, the system will throw error.
Hope it helps.
Regards,
Sabita
I made the following configurations:
1. SPRO-GRC-Access Control-User Provisioning- Maintain Global Provisioning Settings-Account Validation Check-Error: set Account Validation to "Error"
2. SPRO-GRC-Access Control-Configuration Settings-
Parameter - Workflow - 2051-YES: made this setting for "PARM Group" workflow
3. SPRO-GRC-Access Control-Maintain Data Sources Configuration: Added SAP system as "User Authentication Data Source" where the user id is going to be created.
Still I could see that, user is modified and no error is thrown.
Please suggest.
Regards,
Faisal
Hi Faisal,
Now I remember that we had faced the similar case but with error "User doesn't exist". We had a discussion with SAP and they said that two configurations are required - one 2051 set to NO and User auto provisioning Account validation check set to error. It worked well for us.
Is account validation is checked with value error?
If not solved, then you may contact SAP.
Regards,
Sabita
Sabita,
I noticed that no check box is selected under "Create user if does not exist".
What happens at my end is, requestor simply selects roles from the list and automatically that user id will be created in the corresponding SAP system where the role is coming from. This is possbile via option "For Role Assignment Action" under "Create user if does not exist".
However, other option "For Change User Action" under "Create user if does not exist", I feel that it is effective when any modification is taking place.
But I this it does not serve my purpose, which is explained below:
When a request is submitted of type "new user account" for the user id which is already in the system, then the workflow simply should throw an corresponding error.
Please see my current configurations:
Regards,
Faisal
Hi Faisal,
The option "Create User if doesn't exist" is only for change user and/or role assignment as you have clearly stated. It has nothing to do with existing user ID validation.
As per reply given by SAP in response to my message, even above setting for account validation check is enough for ot to work. If we select parameter 2051, it should be no. we can even bypass this parameter.
Check with SAP if it doesn't work. Also, let us know how did you resolve it.
Regards,
Sabita
Hi Nidhi
that's correct, but we are facing an other issue. If we select "New Account" as request type, it should allow to create a user which does not exist. If we select "Change Account", it should validate the account.
We are using a CUA and did not connected GRC to LDAP.
If I set parameter 251 to YES and Account Validation check and set to error, it will not send the workflow if user does not exists. So workflow "New Account" does not make sense to us.
Best regards
Dominik
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.