on 03-18-2014 8:42 AM
Hi Experts,
We created derive roles through 'mass role derivation' and in the same time master role has not been approved yet.
All created derive roles are in locked mode (see screenshot below), even after approval of master role, those locks were not removed.
Now it is not possible to edit or delete them from BRM.
Any ideas how to remove those locks on derived roles? (currently we consider creating a program to remove those locks manually from GRACROLE table), but maybe someone has better solution? (We are on SP13)
Best regards, Andrzej
Hi Andrezej
Have a look at the following post for this issue. It may be that you need to complete the workflow or cancel it to remove the lock. There was a note some time last year pertaining to this error and BRM.
I would not recommend updating SAP standard table directly without direction by SAP
Double-check the WF via SWIA is actually closed out as well. Not sure what SP you are on but this was an issue last year and SAP released a note for it. I think that's referenced in the post above.
Regards
Colleen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Andrzej
I think you need to raise a customer message an incident on marketplace if you have already ruled out existing WF approvals as SM12 data locks
There is a KB article for a Z program to unlock the role
1805237 - How to Unlock the Role
but implies root cause was because you had insufficient authorisation to generate the role in the plug-in. Being stuck on the define stage doesn't make sense then
It may be that the program there is the way to fix it (at least it's SAP code) but if this issue is related to an SP then it needs to be fixed. E.g. maybe SAP should have a check preventing mass role derivation if the imparting is awaiting approval.
Also check role methodology to make sure you have defined what to do for a derived role. When you upload the roles did you attempt to choose complete methodology or intend to step through the process?
Regards
Colleen
Andrezj,
Please check the various types of Requests from Search Requests, such as Role Approval, UAR, SOD Review, Access Request Approval, etc. (I had to check every type of request, some did contain the Roles I could not delete).
ALSO - in BRM - for the Role in which says locked - check the Role Methodology, if in Role Approval and there is a Request, then this will lock the Role, not able to delete until you delete Role Approval Request (I also performed Reset Methodology, probably not required, but I wanted to get the role out of that role methodology step completely) - I also had to exit the window of Role Maintenance, and open and filter again, before the Role Delete would work for me.
Good Luck
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI Andrzej,
Kindly check any session has open for that derived role, master role and also kill the sessions are open status. check lock entries for that roles.
Regards,
Visu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.