on 03-06-2013 2:51 PM
Hi All
I have imported few test roles from Roles import option in NWBC.When I try to create a new access request but I am not able to see those roles in the search.
Please help me to resolve this issue.
Regards
Pradeep
Hi All
Thanks for your help .This issue is resolved long back actually system validity was not reflecting properly .So I corrected the System validity for the roles and it started reflecting in the Access Request for provisioning.
Regards
Pradeep
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Pradeep
Can you please check if the role Exists option for the particular role is set to YES.
Thanks!!
Jyotsna
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
There are several steps that need to occur in order to use a role within an Access Request.
1. If the roles exist in the backend system, perform a full repository object sync job as noted. As of GRC AC 10 Support Pack 10, an incremental sync does not bring in new roles.
2. Import the roles. Your import file needs to populate several specific fields in BRM. The system needs to match the system name in SM59 for the backend system. The Provisioning and Auto Provisioning fields should be set to Y. The Methodology status needs to be C for complete.
3. The connector setup in SM59 needs to be defined and configured for provisioning in the IMG.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Colleen
I checked my Maintain Connection Settings I have configured the following:
1.For Integration Scenario AUTH: Connectors for ECC,CUA & GRC
2.for Integration Scenario ROLMG :Connectors for ECC,CUA & GRC
3.For Integration Scenario SUPMG: Connectors for ECC,CUA & GRC
4.For Integration Scenario PROV: Connector for CUA only.
For Maintain CUA Settings for CUA global system I have defined my CUA master system connector .
For Child system I have defined Target connector i.e master cua connector with each of child CUA system connectors
In relation to: 4.For Integration Scenario PROV: Connector for CUA only.
SAP advises "all access control connectors must be assigned to the following integration scenarios: AUTH, PROV, ROLEMG and SUPMG"
Therefore, please assign the child systems to PROV as well. I suspect the CUA configuration will manage the provisioning via CUA for the child systems.
Hi Pradeep
By posting to the community, you receive the benefit of multiple experts providing input, clarification and recommendations. In return, your question and advise is retained and available for use by all community members.
Asking me for my details to provide you with free private consulting advise removes the community benefits.
If you are concerned of privacy, then blank out values in the screen shots to remove connection to your company. If you are unable to do this, I would recommend you raise a message with SAP.
Hi Pradeep
Can you check your configuration parameters settings relating to the following groups:
20 Access Request Business Role
13 Access Request Default Roles
14 Access Request Role Mapping
12 Access Request Role Selection
Also, check your configuration for:
(Integration Framework) Maintain Connection Settings - for PROV - Provisioning to ensure connectors are in place
(Access controls) Maintain Mapping for Actions and Connector Groups - ensure connection group in place for 0004 Provisioning
As an aside, have you been able to manually create a role in BRM in GRC and then make it available to provision? If so, possibly compare each screen of the manual on to the one you uploaded to see if any difference? This step can help you determine if it's a master data BRM issue or a configuration/security issue
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Pradeep
I had the same issue in the past.
Make sure that when you upload the Role its in Complete Status.
Also Run Program GRAC_ROLEREP_ROLE_SYNC with Full Sycn
Hope it resolves your issue.
Regards
Mustafa
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Pradeep,
please execute report GRAC_REPOSITORY_OBJECT_SYNC in Incremental Mode for Profiles/Roles in your GRC backend system.
This should update the roles to be selected in access requests.
Regards,
Markus
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.