cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

System. No records found for the search criteria entered

former_member182655
Contributor

on ‎02-18-2014 6:45 PM

0 Kudos

Hello GRC gurus!

I know that this error enough discussed on the forum, however, I would like to ask you how to kill the error.

First of all, I should notice that I have reviewed the configuration guides many times and as I can see everything is done according with them.

Also, I have reviewed many notes including 1584110 and 1562760 (with attachments), have visited lots pages that were searched with Google. Unfortunately, the result is the same.

What was done.

1) SM59. Connectors GRDSSD001 (CUA system) and GRDSSD200 (CUA-managed system) are created. Authorization check performed well (S_RFC+SAP_ALL are assigned to be sure)

2) SPRO -> Governance, Risk and Compliance -> Common Component Settings  -> Integration Framework -> Maintain Connectors and Connection Types

Connection type definition = SAP system predefined by the BCSet.

Define Connectors

Assign both connectors to SAP_CRM_LG group

3)  SPRO -> Governance, Risk and Compliance -> Common Component Settings  -> Integration Framework -> Maintain Connection Settings.

Assign connectors to 4 scenarious (as recommended in the note)

AUTH

PROV

ROLMG

SUPMG

4) SPRO -> Governance, Risk and Compliance ->Access Control -> Maintain Connector Settings

Assign for the connectors type 1 (SAP Application). No attributes were assigned.

5) SPRO -> Governance, Risk and Compliance ->Access Control -> Maintain Mapping for Actions and Connector Groups

Activate group SAP_CRM_LG with type 1.

Defaults valid only for GRDSSD200

By the way, here I found not correct recommendations for ABAP connector

"Logical Port - Not relevant" I would say that it is relevant!

I can select roles , which I made before, in AC request, but I cannot select system.

Looking forward to hearing from someone soon.

BR,

Artem

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

former_member182655
Contributor
‎02-24-2014 9:36 AM
0 Kudos

Colleen, Sanju

Maybe you know a table that is responsible for consistency or ability to choose a system?

I haven't found any useful table for this purpose.

This and this articles were reviewed.

Regards,

Artem

Show replies
Show replies
former_member352028
Explorer
‎02-24-2014 10:59 AM
0 Kudos

The other thing which could be effecting the systems would be the value of the authorization object "GRAC_SYSID" in the requestor role SAP_GRAC_ACCESS_REQUESTER.

Open the authorizations for the role and check the value of GRAC_SYSID (Connector Id), it should be set to *

Regards,

Sanju

former_member182655
Contributor
‎02-24-2014 11:47 AM
0 Kudos

Sanju, thank you for suggestion, but no.

As I mentioned my user has SAP_ALL authorization, and suim shows that this object is available for me. In spite of SAP_ALL I've created special role with the object, but it is useless

Regards,

Artem

former_member352028
Explorer
‎02-24-2014 11:53 AM
0 Kudos

Artem, could you please attach the screenshot for the roles assigned to your user, moreover, if possible, create a new user with only 3 roles - SAP_GRAC_BASE, SAP_GRC_NWBC,SAP_GRAC_ACCESS_REQUESTER and check if the new user is getting the systems or not, this way we will be sure that its not an authorization issue but some other issue.

Regards,

Sanju

former_member182655
Contributor
‎02-24-2014 12:53 PM
0 Kudos

101DIT00037 - Initial user, 101DIT0037 (without one 0) - requested by you. Result is the same.

Z roles were copied from the original ones.

Regards,

Artem

former_member352028
Explorer
‎02-24-2014 2:54 PM
0 Kudos

sorry to re-iterate but could you please verify once again if the authorization object GRAC_SYSID is set to "green" with value * in role ZSAP_GRAC_ACCESS_REQUESTER. (collapse the auth objects and attach a screenshot)

Best regards,

Sanju

former_member182655
Contributor
‎02-25-2014 5:36 AM
0 Kudos

No problem!

Trace:

Seems that the problem is not in permissions.

Regards,

Artem

former_member352028
Explorer
‎02-25-2014 6:41 AM
0 Kudos

Hi Artem,

Check the table "GRACCONNSTAT" and share the values which are exisiting in it.

Regards,

Sanju

former_member182655
Contributor
‎02-25-2014 6:55 AM
0 Kudos

Hi Sanju,

Seems ok:

MANDTCONNECTORAPPL_TYPE_IDACTIVEENVIRONMENTHRSYSPSS
200GRDSSD001001XPRD X
200GRDSSD200001XPRD X

Regards,

Artem

former_member352028
Explorer
‎02-20-2014 11:44 AM
0 Kudos

Hi Artem,

Please follow the steps and check if it works:

1) In the step -> Assign both connectors to SAP_CRM_LG group....Maintain the Connection Type for the Connector Group as "SAP"

2) For integration scenario "PROV" in "GRC->Integration Framework->Maintain Connection Setting": check for the connectors under Scenario Connector Link.

Best regards,

Sanju

Show replies
Show replies
former_member182655
Contributor
‎02-20-2014 2:16 PM
0 Kudos

Hi Sanju,

Regarding the first point:

I've maintained group as SAP, please look at my 2 fist pictures.

2) Yes, it's assigned

Best regards,

Artem

former_member352028
Explorer
‎02-20-2014 4:36 PM
0 Kudos

Hi Artem,

In the IMG setting - SPRO -> Governance, Risk and Compliance ->Access Control -> Maintain Connector Settings

What is the value for "Environment" set for your connectors?

Best regards,

Sanju

former_member182655
Contributor
‎02-24-2014 9:02 AM
0 Kudos

Hi Sanju,

Though I tried different options, I set Production for both connectors.

Regards,

Artem

former_member352028
Explorer
‎02-24-2014 9:24 AM
0 Kudos

Hi Artem,

Check if the Request Type that you are using has "Create User" or "Change User" as actions assigned to it.

Although if these actions are not assigned then the option to  Add ->System should be unavailable but its worth checking it once.

GRC->Access Control->User Provisioning->Define Request Type

Regards,

Sanju

former_member182655
Contributor
‎02-24-2014 9:41 AM
0 Kudos

Yes, it's set by default

Regards,

Artem

Colleen
Advisor
Advisor
‎02-18-2014 9:07 PM
0 Kudos

HI

what does the BRM role set up look like for the role? What systems does it exist in?

are all your synch jobs scheduled?

Show replies
Show replies
former_member182655
Contributor
‎02-19-2014 1:38 PM
0 Kudos

Hell Colleen,

Thank you for response!

I don't get your question, what do you mean "BRM role set up"?

Role has the following attributes:

Role maintenance is finished, it exists in SSD200 system. Function  Area is defined for the role (BS_ALL), Owners/Approvers too. The other sections have empty fields (no company, no custom fields etc.)

Syncronization jobs were done with Incremental option. I will start them again in both modes (full and inc).

Just out of curiosity, could you tell me why you assume to check BRM and role part? I don't have such a big experience as you, but I supposed that the problem is in AC (CUP) part, particularly in sections related to connectors.

Regards,

Artem

Message was edited by: Artem Ivashkin Synchronization jobs finished without any errors (slg1 checked )

Colleen
Advisor
Advisor
‎02-19-2014 10:53 PM
0 Kudos

Hi Artem



Just out of curiosity, could you tell me why you assume to check BRM and role part?

I find with GRC that it's all integrated and a few of the CUP role issues were due to the BRM configuration for the role. For example, with BRM integration when someone can't understand why the role isn't appearing as an option to select in CUP we can see in BRM that the role may not be in Production Status.

I also interpreted your screen shot that maybe you wanted that role but for a different system. The BRM screen shot shows that the role only exists in the system already selected.

This is my approach to troubleshooting and learning the system but sometimes may not actually be related to your issue. In attempting to find the cause I have a tenancy to look for all possibilities before discounting them.



I don't have such a big experience as you,

You would be surprised - don't let my ranking in this community be mistaken for how much experience I have. Really, I'm just curious and like to understand the why so I took to debugging (I am not a developer) the code/testing scenarios and theories to figure out the answer. It just happened that others have asked the same question in SCN and threw a few points my way.

Back on topic: What do you mean by you can't select system?

Regards

Colleen

former_member182655
Contributor
‎02-20-2014 6:28 AM
0 Kudos

Hi Colleen,

Thank you so much for detailed answer!

In my phrase "I cannot select system", I meant that during creation of an Access Request for a new account no system is available for the selection.

The reasons why I'm trying to cope with the problem are the following. As I understand, if I select only system (or a role and a system) I don't need to set "Create User For Role Assignment" (SPRO -> AC -> Maintain Provisioning Settings). And the second one is we need to select CUA system for further processing, but it's more administrative issue than technical.

Regards,

Artem

Colleen
Advisor
Advisor
‎02-20-2014 10:07 PM
0 Kudos

Hi Artem

Only other things I can think of is checking if there is authorisation restriction (doubt it if you could assign roles) or check the Request Type configuration Actions for the option you chose on the form. Finally (I don't have access to a GRC system at the moment, check if the EUP - End User Provisioning - configuration has system field as a configurable setting)

If you have been able to assign a role and it provisions, then is it unlikely the connector setup is an issue.

Regards

Colleen

former_member182655
Contributor
‎02-24-2014 9:13 AM
0 Kudos

Hi Colleen,

Unfortunately, I do my experiments with SAP_ALL and all GRC AC standard roles. Trace showed that everything is ok.

The configuration of Request type is quite wide, I can see only Assign Object action, but I don't have possibility to determine what exactly I need, or do I?

EUP configuration doesn't include system field.

I will try once again to assign a role without system.

Regards,

Artem

Colleen
Advisor
Advisor
‎02-24-2014 9:56 PM
0 Kudos

Hi Artem

On your access request form which request type have you chosen? I only saw screen shots further down for the configuration. Have you attempted to choose a different request type to see if the screen layout changes?

Regards

Colleen

former_member182655
Contributor
‎02-25-2014 5:47 AM
0 Kudos

Hi Colleen,

I've chosen "New Account" type. I tried to select also the other types, such as

New Account, Change Account and Lock Account, but it was in vain. Also I tried to create request for "self" and "other". I've posted a message to SAP, but I think that they can help me within months... So that assistance of the community could help me efficiently.

Regards,

Artem

Ask a Question