cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC10 Access control-how/where to check if an approval request email was sent?

former_member297605
Active Participant

on ‎05-22-2014 1:34 PM

0 Kudos

Hi experts

Please could you let me know how/where to check if an approval request email was sent?

I some approvers complaining that they havent received the approval request email from GRC.

Please advise.

Thanks

Ran

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Colleen
Advisor
Advisor
‎05-23-2014 1:18 AM
0 Kudos

Hi Ranjit

SOST will show the messages as Andrejz mentioned

The MSMP Instance Runtime for the Request will show you which messages are meant to be sent based on your MSMP notification configuration.

Using both to these together assist in troubleshooting email communication

Regards

Colleen

Show replies
Show replies
former_member297605
Active Participant
‎05-23-2014 5:44 AM
0 Kudos

Hi Colleen

I'm pretty new to GRC AC 10. How do I acccess the MSMP Instance Runtime for the Request?

Please could you detail the steps.

Thanks

Ran

Colleen
Advisor
Advisor
‎05-23-2014 5:58 AM
0 Kudos

Hi Ranjit

Step 1 - Google "MSMP Instance Runtime

Step 2 - Locate and then launch the transaction which will open a webdynpro

Step 3 - Learn and Discover - it's display only so you can't break anything

You will find lots of references as that transaction is your new best friend for troubleshooting MSMP workflows (very rare to go near SWIA transaction)

You'll find GRC easier if you start searching and reading up a bit when you see a term you are not familiar with

Regards


Colleen

former_member297605
Active Participant
‎05-23-2014 6:08 AM
0 Kudos

Thanks Colleen, will do that. Have a great weekend!!!

former_member297605
Active Participant
‎06-12-2014 2:40 AM
0 Kudos

Hi Colleen

Please could I request your help with the below.

I have found the MSMP Instance Runtime transaction GRFNMW_DBGMONITOR_WD and just been given access to it by the client. However when I run it I get a "You are not authorised..." message. Analysed the trace and found that it is failing on S_DEVELOP - OBJTYPE-DEBUG // ACTVT-02. Is this a required authorisation for GRFNMW_DBGMONITOR_WD. Given the criticality of this auth from an audit point of view I'm not sure I'm going to get the auth. The trace did not show any other failures. Do we need to activate a specific object in SU24 for this to work?

Your thoughts please.

Thanks

Ran

Colleen
Advisor
Advisor
‎06-12-2014 2:46 AM
0 Kudos

Hi Ranjit

you would solve this like any security authorisation issue

  1. S_DEVELOP Activity 02 DEBUG is a misleading check and should be disregarded
  2. SU24 is a mapping of proposals. It will not grant you access but assist in role build via PFCG
  3. Run ST01 trace over replicating it to find what you are misisng
  4. Confirm S_ICF is not required (if the SICF entry has an authorisation specific)

Without logging into a system right now I will not be able to answer the exact value. Other objects may be S_SERVICE, GRAC_REP, S_TCODE for the actual transaction code (yes obvoius).

When you analysed the trace was it a full ST01 or was it SU53?

Regards

Colleen

former_member297605
Active Participant
‎06-12-2014 4:28 AM
0 Kudos

Hi Colleen

I tried again and did ST01 trace again. PLease see below...

ST01 results. This is all I get in the trace.

Thanks

Ran

Former Member
‎06-12-2014 5:20 AM
0 Kudos

return code 4 means that the required authorization for the authorization object

in the user master is not available. now you know what to fix !

Colleen
Advisor
Advisor
‎06-12-2014 5:24 AM
0 Kudos

Yes but you shouldn't need S_DEVELOP Activity 02 for DEBUG unless you are debugging. This RC=4 is either misleading or the program needs to be fixed. The MSMP instance runtime is display only

Regards

Colleen

former_member297605
Active Participant
‎06-12-2014 5:29 AM
0 Kudos

Yes I think so to that it is a misleading auth failure. When you get some time please could you check in your system and confirm what auth checks happen for this transaction.

Thanks

Ran

Colleen
Advisor
Advisor
‎06-12-2014 9:22 AM
0 Kudos

Hi Ranjit

I tested it as well by stripping the access back and then used STAUTHTRACE (much nicer than ST01). You are right - it is asking for S_DEVELOP 02 DEBUG



METHOD check_admin_auth .
   DATA: lo_message_manager TYPE REF TO if_wd_message_manager,
       lo_api_controller TYPE REF TO if_wd_controller,
       lr_auth_node TYPE REF TO if_wd_context_node.

   lo_api_controller ?= wd_this->wd_get_api( ).
   lo_message_manager = lo_api_controller->get_message_manager( ).

   lr_auth_node = wd_context->get_child_node( name = 'AUTH' ).

   TRY.
       cl_grfn_msmp_authorizations=>check_sap_debug_authorization( ).
       lr_auth_node->set_attribute(
          EXPORTING
            value =     'X'
            name  =     'CAN_RUN'
        ).
     CATCH cx_grfn_msmp.
       MESSAGE e197(grfnmw) INTO cx_grfn_msmp=>m_msg_str. ----> E197 (GRFNMW) matches the error msg
       lo_message_manager->report_t100_message(



    METHOD check_sap_debug_authorization.

   AUTHORITY-CHECK OBJECT 'S_DEVELOP'
             ID 'DEVCLASS' DUMMY
             ID 'OBJTYPE'  FIELD 'DEBUG'
             ID 'OBJNAME'  DUMMY
             ID 'P_GROUP'  DUMMY
             ID 'ACTVT'    FIELD '02'.

   IF sy-subrc NE 0.
     MESSAGE e219(grfnmw) WITH sy-uname INTO cx_grfn_msmp=>m_msg_str.
     grfnw_msmp_raise_msg: cx_grfn_msmp_no_authorization.
   ENDIF.

ENDMETHOD.



I recommend raising a customer incident with SAP to get their input as I don't think DEBUG should be necessary for MSMP Instance Runtime - and then let us all know the outcome




Regards

Colleen


former_member297605
Active Participant
‎06-12-2014 10:33 PM
0 Kudos

Thanks Colleen

I'll try and progress this with the client.

AndrzejP
Active Participant
‎05-22-2014 1:42 PM
0 Kudos

Hi Ran,

please use transaction SOST, details here: SOST - Send Request Overview - Application Server Infrastructure - SCN Wiki

Regards, Andrzej

Show replies
Show replies
former_member297605
Active Participant
‎05-23-2014 1:10 AM
0 Kudos

Thanks Andrzej, will try this. Much appreciated!!

cheers

Ask a Question