cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BRM - role in locked mode (in define stage)

Go to solution
AndrzejP
Active Participant

on ‎03-18-2014 8:42 AM

0 Kudos

Hi Experts,

We created derive roles through 'mass role derivation' and in the same time master role has not been approved yet.

All created derive roles are in locked mode (see screenshot below), even after approval of master role, those locks were not removed.

Now it is not possible to edit or delete them from BRM.

Any ideas how to remove those locks on derived roles? (currently we consider creating a program to remove those locks manually from GRACROLE table), but maybe someone has better solution? (We are on SP13)

Best regards, Andrzej

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Colleen
Advisor
Advisor
‎03-18-2014 9:19 AM
0 Kudos

Hi Andrezej

Have a look at the following post for this issue. It may be that you need to complete the workflow or cancel it to remove the lock. There was a note some time last year pertaining to this error and BRM.

I would not recommend updating SAP standard table directly without direction by SAP

Double-check the WF via SWIA is actually closed out as well. Not sure what SP you are on but this was an issue last year and SAP released a note for it. I think that's referenced in the post above.

Regards

Colleen

Show replies
Show replies
AndrzejP
Active Participant
‎03-18-2014 9:40 AM
0 Kudos

Hi Colleen,

I had a look on that note before, but it refers to approval stage (when approval workflow is initiated).

No information what to do if role is locked in Define Stage.

We are on SP13, currently testing SP14 - but the same error occurs.

Maybe any other ideas?

Regards, Andrzej

Colleen
Advisor
Advisor
‎03-19-2014 12:56 AM
0 Kudos

Hi Andrzej

I think you need to raise a customer message an incident  on marketplace if you have already ruled out existing WF approvals as SM12 data locks

There is a KB article for a Z program to unlock the role

1805237 - How to Unlock the Role

but implies root cause was because you had insufficient authorisation to generate the role in the plug-in. Being stuck on the define stage doesn't make sense then

It may be that the program there is the way to fix it (at least it's SAP code) but if this issue is related to an SP then it needs to be fixed. E.g. maybe SAP should have a check preventing mass role derivation if the imparting is awaiting approval.

Also check role methodology to make sure you have defined what to do for a derived role. When you upload the roles did you attempt to choose complete methodology or intend to step through the process?

Regards

Colleen

AndrzejP
Active Participant
‎03-19-2014 8:24 AM
0 Kudos

Hi Coleen,

Thanks for your help - I will raise an incident. Also this note is useful, as will not have to develop that program ourselves.

Regards, Andrzej

Answers (2)

Answers (2)

Former Member
‎03-18-2014 7:11 PM
0 Kudos

Andrezj,

Please check the various types of Requests from Search Requests, such as Role Approval, UAR, SOD Review, Access Request Approval, etc. (I had to check every type of request, some did contain the Roles I could not delete).

ALSO - in BRM - for the Role in which says locked - check the Role Methodology, if in Role Approval and there is a Request, then this will lock the Role, not able to delete until you delete Role Approval Request (I also performed Reset Methodology, probably not required, but I wanted to get the role out of that role methodology step completely) - I also had to exit the window of Role Maintenance, and open and filter again, before the Role Delete would work for me.

Good Luck

Show replies
Show replies
Former Member
‎03-18-2014 11:27 AM
0 Kudos

HI Andrzej,

Kindly check any session has open for that derived role, master role and also kill the sessions are open status. check lock entries for that roles.

Regards,

Visu

Show replies
Show replies
AndrzejP
Active Participant
‎03-18-2014 1:04 PM
0 Kudos

Hi Visu,

I have checked: no sessions open. No lock entry for master role... just for derived...

Regards, Andrzej

Ask a Question