cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Roles imported in NWBC are not showing up for Access Request

Go to solution
Former Member

on ‎03-06-2013 2:51 PM

0 Kudos

Hi All

I have imported few test roles from Roles import option in NWBC.When I try to create a new access request but I am not  able to see those roles in the search.

Please help me to resolve this issue.

Regards

Pradeep

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎09-18-2013 5:23 PM

Hi All

Thanks for your help .This issue is resolved long back actually system validity was not reflecting properly .So I corrected the System validity for the roles and it started reflecting in the Access Request for provisioning.

Regards

Pradeep

Show replies
Show replies
Former Member
‎02-09-2015 12:27 PM
0 Kudos

Hello, Pradeep!

I have the same problem! Could you please assist. What value for system validity should I set?

Best regards

Elvira Huzina

Former Member
‎02-09-2015 1:48 PM
0 Kudos

Hi Elvira,

If you go to BRM,In Provisioning tab if you see we have a System Validity column which needs to be filled in with some date and once you saved it ,it will start reflecting in the roles.

Make sure Role status is Production.Role is in Complete Stage.

Hope this helps.

Regards

Pradeep

Former Member
‎02-09-2015 2:28 PM
0 Kudos

Thank you for reply, Pradeep! Unfortunately, it didn't help me.

Do you know some other parameters that I should set?

Best regards

Elvira Huzina

alessandr0
Active Contributor
‎02-09-2015 2:49 PM
0 Kudos

Elvira,

also check authorization issues as roles are only populated in ARQ if the user has the sufficient authorization. Therefore check authorization objects GRAC_ROLE*.

Alternatively check transaction STAUTHTRACE if authorization is missing. For test purpose use SAP_ALL.

Regards,

ALessandro

Former Member
‎02-09-2015 3:18 PM
0 Kudos

Hi, Alessandro.

I'm using SAP_ALL, but the problem is still actual.

Thank you!

Best regards

Elvira Huzina

alessandr0
Active Contributor
‎03-04-2015 4:38 PM
0 Kudos

Dear Elvira,

as this thread has been answered a long time ago I would like to ask you to open a new question with your own information. I will close this one.

Thanks for your understanding.

Regards,

Alessandro

Answers (6)

Answers (6)

Former Member
‎04-17-2013 7:05 AM
0 Kudos

Hi Pradeep

Can you please check if the role Exists option for the particular role is set to YES.

Thanks!!

Jyotsna

Show replies
Show replies
Former Member
‎04-17-2013 4:25 PM
0 Kudos

Hi Jyotsna

This issue is resolved now it was just a validity period issue.

Regards

Pradeep

Former Member
‎03-11-2013 4:19 AM
0 Kudos

There are several steps that need to occur in order to use a role within an Access Request.

1. If the roles exist in the backend system, perform a full repository object sync job as noted.  As of GRC AC 10 Support Pack 10, an incremental sync does not bring in new roles.

2. Import the roles.  Your import file needs to populate several specific fields in BRM.  The system needs to match the system name in SM59 for the backend system.  The Provisioning and Auto Provisioning fields should be set to Y.  The Methodology status needs to be C for complete.

3. The connector setup in SM59 needs to be defined and configured for provisioning in the IMG.

Show replies
Show replies
Former Member
‎03-11-2013 1:31 PM
0 Kudos

Hi Greg

I have CUA in my client's landscape.So under connection settings I have just mentioned the CUA master system in this case ERDCLNT140 as CUA master will be provsioning the same to child system.

Please correct me if I am wrong.

Regards

Pradeep

Colleen
Advisor
Advisor
‎03-11-2013 10:25 PM
0 Kudos

For Maintain Connection Settings, you need these connectors all defined for the role repository to work properly. In Integration Framework Steps applies to a few different areas.

In the User Provisioning, complete Maintain CUA Settings to link the CUA mode.

Former Member
‎03-12-2013 10:48 PM
0 Kudos


Hi Colleen

I checked my Maintain Connection Settings I have configured the following:

1.For Integration Scenario AUTH: Connectors for ECC,CUA & GRC

2.for Integration Scenario ROLMG :Connectors for ECC,CUA & GRC

3.For Integration Scenario SUPMG: Connectors for ECC,CUA & GRC

4.For Integration Scenario PROV: Connector for CUA only.

For Maintain CUA Settings for CUA global system I have defined my CUA master system connector .

For Child system I have defined Target connector  i.e master cua connector with each of child CUA system connectors

Colleen
Advisor
Advisor
‎03-12-2013 11:29 PM
0 Kudos

In relation to: 4.For Integration Scenario PROV: Connector for CUA only.

SAP advises "all access control connectors must be assigned to the following integration scenarios: AUTH, PROV, ROLEMG and SUPMG"

Therefore, please assign the child systems to PROV as well. I suspect the CUA configuration will manage the provisioning via CUA for the child systems.

Former Member
‎03-13-2013 2:17 PM
0 Kudos

Hi Colleen

Do you think will that really work  by adding all child system connectors to PROV scenario??.

Also I checked with that CUA settings and read a lot it works that way .

Regards

Pradeep

Former Member
‎03-13-2013 7:52 PM
0 Kudos

Hi Colleen

I tried doing that also but still it is not working and I am unable to see the roles in the search.

Regards

Pradeep

Colleen
Advisor
Advisor
‎03-14-2013 10:09 PM
0 Kudos

I would check filters on the role view and possibly run a ST01 trace to check auths and also configuration parameter to see if any working.

Former Member
‎03-18-2013 6:03 PM
0 Kudos

Hi Colleen

I checked in filters but nothing of help.Also does  ST01 works for NWBC??.

Regards

Pradeep

Colleen
Advisor
Advisor
‎03-18-2013 11:22 PM
0 Kudos

Hi Pradeep

Yes, I use ST01 and ST05 all the time

That or debug it (sometimes hard to find the break point on the webdynpro)

Former Member
‎03-27-2013 6:42 PM
0 Kudos

This message was moderated.

Colleen
Advisor
Advisor
‎04-01-2013 11:07 PM
0 Kudos

Hi Pradeep

By posting to the community, you receive the benefit of multiple experts providing input, clarification and recommendations. In return, your question and advise is retained and available for use by all community members.

Asking me for my details to provide you with free private consulting advise removes the community benefits.

If you are concerned of privacy, then blank out values in the screen shots to remove connection to your company. If you are unable to do this, I would recommend you raise a message with SAP.

Colleen
Advisor
Advisor
‎03-07-2013 10:59 PM
0 Kudos

Hi Pradeep

Can you check your configuration parameters settings relating to the following groups:

20    Access Request Business Role

13    Access Request Default Roles

14    Access Request Role Mapping

12    Access Request Role Selection

Also, check your configuration for:

(Integration Framework) Maintain Connection Settings - for PROV - Provisioning to ensure connectors are in place

(Access controls) Maintain Mapping for Actions and Connector Groups - ensure connection group in place for 0004 Provisioning

As an aside, have you been able to manually create a role in BRM in GRC and then make it available to provision? If so, possibly compare each screen of the manual on to the one you uploaded to see if any difference?  This step can help you determine if it's a master data BRM issue or a configuration/security issue

Show replies
Show replies
Former Member
‎03-08-2013 3:23 PM
0 Kudos

Hi Colleen

Can you please mention the standard value we should maintain for these parameters and I will cross verify with my values.

Regards

Pradeep

Colleen
Advisor
Advisor
‎03-11-2013 4:47 AM
0 Kudos

The values really depend on your design requirements.

As mentioned, have you tried to create a test role directly in the BRM repository and then see if available for provisioning? This will rule out your configuration (including a lot of the recommendations by everyone in this post).

Former Member
‎03-11-2013 5:38 PM
0 Kudos

Hi Colleen

There is a problem I am not able to create the role in BRM repository directly also.It gives me role name and Connector group should be unique.

Please suggest what can be the issue and how to correct it.

Regards

Pradeep

Former Member
‎03-11-2013 6:57 PM
0 Kudos

Hi Colleen

I am able to create the Role in BRM directly now but still that role I can't see in  the access request creation.

Please suggest what needs to be done now.

Regards

Pradeep

former_member208271
Participant
‎03-07-2013 8:23 AM
0 Kudos

Hi Pradeep

I had the same issue in the past.

Make sure that when you upload the Role its in Complete Status.

Also Run Program GRAC_ROLEREP_ROLE_SYNC with Full Sycn

Hope it resolves your issue.

Regards

Mustafa

Show replies
Show replies
Former Member
‎03-07-2013 2:46 PM
0 Kudos

Hi Mustafa

I did the Repository Role Sync but still it doesn't work for me .

Regards

Pradeep

Former Member
‎03-07-2013 4:10 PM
0 Kudos

Hi Pradeep,

please also check GRAC authorisations for UserID in object GRAC_REQ. This also can restricts role selection in Requests by eg Functional area assigned to roles, etc.

Regards,

Markus

Former Member
‎03-07-2013 6:58 PM
0 Kudos

Hi Markus

I have the access to GRAC_REQ also but still it doesn't work.

Regards

Pradeep

former_member541582
Participant
‎03-06-2013 4:07 PM
0 Kudos

Pradeep,

Make sure the roles has the status Production and are allowed for provisioning.

Something like this...

Best Regards,

Vit

Show replies
Show replies
Former Member
‎03-06-2013 8:31 PM
0 Kudos

Hi Vit

The roles are marked as production but still it doesn't reflect in the search.

Regards

Pradeep

former_member541582
Participant
‎03-06-2013 11:08 PM
0 Kudos

It might be an authorization error.  

If you are using the standard roles, check that object GRAC_SYS is included.

Former Member
‎03-06-2013 11:17 PM
0 Kudos

Hi Vit

You mean I should include this object GRAC_SYS in the roles assigned to my userid?

Regards

Pradeep

former_member541582
Participant
‎03-07-2013 9:16 AM
0 Kudos

That is correct.

Former Member
‎03-07-2013 2:45 PM
0 Kudos

Hi Vit

I already have the access to GRAC_SYS but still I am not able to see the role in the search while creating a Access Request.

Regards

Pradeep

Former Member
‎03-06-2013 4:06 PM
0 Kudos

Hi Pradeep,

please execute report GRAC_REPOSITORY_OBJECT_SYNC in Incremental Mode for Profiles/Roles in your GRC backend system.

This should update the roles to be selected in access requests.

Regards,

Markus

Show replies
Show replies
Former Member
‎03-06-2013 8:32 PM
0 Kudos

Hi Markus

I have already  run the sync job for repository but still it doesn't help.

Regards

Pradeep

Ask a Question