on 04-04-2014 8:41 PM
Hi,
So I have and issue when I try to submit a request to add a role to a user and I'm trying to understand what could be the reason for it. Basically I have a workflow that works perfectly for a "Change Request". I can see that all the steps are executed and then at the end of the request when is suppose to do the actual role assignment I see the message "Provisioning log is not available" then the approval path is finish and the request is closed but when I take a look at the user in the back end the role is not assign. In terms of access I have try giving SAP_ALL to WF-Batch, nothing shows in Yellow or Red on SLG1 and in SPRO->AC-> User Provisioning -> Define request Type I see "Change Account" with SAP_GRAC_ACCESS_REQUEST. What else can I do to troubleshoot this error?
Note: I when back to the to the AC 10.0 Pre-Implementation From Post-Installation to First Access Request and everythings looks right in terms of the AC Configuration settings.
Hi Jonathan,
I presume you have setup gloval provisiong settings, correct?
On what service pack are you in? Does the user exist in backend?
Filip
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Filip,
Global Provisioning Settings as in Global Settings for the Workflow (SAP_GRAC_ACCESS REQUEST) then yes. I actually created a BRF+ for "super user" access VS regular users access and the super user provisioning works just fine. As far as service pack goes this is what I see:
GRCFND_A -> SP-Level 0013
GRCPINW -> SP-Level 0005
And yes the user exist in the backend, Im just running a user change request on my ID.
Hi Jonathan,
In my question I was referring to SPRO - GRC/access control/user provisioning / maintain provisioning settings. Those need to be setup (min. global provisioning settings) in order to have role being assigned to user at the end of path.
Change account option you can see under request type is referring to change user master data(e.g. password/ account validity / details).
Is this system maintain by CUA? If so settings have to be different (see CUA settings in SPRO)
I would recommend moving to SP14 as in SP13 there were many bugs, by the way I believe the worst SP ever since beginning of AC is SP13 (maybe due to number), as it destroys many working functionality.
Filip
Filip Nowak wrote:
I would recommend moving to SP14 as in SP13 there were many bugs, by the way I believe the worst SP ever since beginning of AC is SP13 (maybe due to number), as it destroys many working functionality.
Thanks for the warning, Filip; I think we must have implemented a lot of those SP13 "corrections" that not only failed to fix the symptom but actually made matters worse and either had to be reverted or had to be reinstalled with an updated/ improved version. By now, I think the smart course is to go to 10.1; I have heard it is much better.
Good luck!
Gretchen
Hi Dilip,
Sharing issues with standard service pack on this portal would not be the best idea, I believe. What I can advise is not to use User Access Review functionality with SP13 at all, as what was working in SP12 simply does not work anymore. But I can answer your question in slightly different way. Please take a moment an look at number of notes created as a part of SP14 and you will understand what I mean. All together there are 739 notes with 101 notes for Access Request area. I believe if something is working in stabilize mode you do not need to create 101 notes to fx it. The other details can be found at:
Regards,
Filip
Hi Filip,
So far no progress, the global provisioning settings were setup and request type configuration looks good as well. I'm trying to get some more information in terms of CUA but I'm 99% sure we are not using or going to use it. I'm looking in to how much effort it will take to do the upgrade to SP14 or if it's even a possibility. Other than that it looks like everything in the configuration is ok.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.