cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

UAR - a bit hit and miss

Go to solution
Henrik1
Participant

on ‎08-02-2013 4:23 AM

0 Kudos

Hi all,

My scenario:

I have roles defined in the role management tool, with owners. I can see the users assigned to them through there, and that information is correct.

However, when I run the UAR report for the roles, not all users assigned to the roles are showing up. I can't find a pattern in which users are not showing up.

Apart from that, everything is working fine,

I have run the required sync jobs prior to running the UAR job.

Any ideas why that happens?

On SP12.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Henrik1
Participant
‎08-05-2013 2:13 AM
0 Kudos

So, seems to be a fair few fixes related to this and other UAR issues in SP13

Note 1822778 - Master Note for SAP Access Control 10.0 - Support Pack 13

Implementing now and will report back if my issues are fixed.

Note 1865864 - UAM: Wrong data in UAR Request & adding Expired Roles filter

Note 1866292 - UAR requests showing role usage for deleted roles and users

/henrik

Show replies
Show replies

Answers (1)

Answers (1)

alessandr0
Active Contributor
‎08-05-2013 10:18 AM
0 Kudos

Dear Henrik,

I am running UAR without any issue and trying to help you to figure out what is wrong.

Have you configured the admin review to pre-check before sending the workflow to the Managers/Role owners?

I have configured as follows:

2007 YES (Enable admin review)

2006 MANAGER (choose between manager and role owner for reviewing)

I would recommend to try with admin review first. If you have set the configuration, generate data for the UAR review.

Job Scheduler > Create > "Generates data for access request UAR review"


After running the job successfully you might see data's in NWBC: Access Management > Complaince Certification Reviews > Request Reviews.

Check if each request number has a reviewer assigned. Otherwise the request will not go through. Are there all user showing up or still some missing?

If all reviewers are assigned and all users are shown, start the job "Update Workflow for UAR request" and check if all workflows are triggerd properly.

Btw. are the missing users deactivated, invalid (validity date in the past), or role assignment not valid?

Thanks and regards,

Alessandro

Show replies
Show replies
Henrik1
Participant
‎08-05-2013 11:25 PM
0 Kudos

Hi Alessandro,

Thank you for responding!

I already found the cause and posted it - but due to my low point level, all my post are going through moderation 😞

What I saw was user who had been deleted off the system still showing up on the reports. From what I could trouble-shoot myself, this was due to them having entries in the GRACROLEUSAGE table and the system ignoring the fact that they had been deleted. Implementation of this note resolved it for deleted users

Note 1866292 - UAR requests showing role usage for deleted roles and users

There is still a bit of work to be done for expired roles, but until I can get the OSS notes applied (part of SP13), I can handle that with a bit of manual effort.

Regards,

Henrik

former_member854034
Explorer
‎09-12-2023 1:18 PM
0 Kudos

Hi Alessandro,

Our UAR is Line Manager based and I see some inconsistencies like a role assignment missing in UAR request for users. There are not many cases but I have noticed few. I checked the background tables for the role and user, The role assignment is updated in GRACUSERROLE table, role is enabled in GRC with PRD status in GRACUSER table. The role is available in GRACRLCONN and user is available in GRACUSERCONN and all other role assignments from different systems are captured in the request.

Can you guide any trouble shooting?

Regards,
Swathi.

Ask a Question