on 06-19-2014 5:37 AM
Hi Friends,
I have activated SOD review WF.
when I run job generate data for SOD review, the job runs successfully and user too has SOD, but it actually does not create SOD review risk.
19.06.2014 06:18:25 GRCADMIN Job scheduled successfully
19.06.2014 06:18:30 GRCADMIN Job ID : 09482500 created
19.06.2014 06:18:30 GRCADMIN Extraction of user-risk data started
19.06.2014 06:18:30 GRCADMIN Total Number of Users:1
19.06.2014 06:18:30 GRCADMIN Extraction of user-risk data completed
19.06.2014 06:18:30 GRCADMIN Request to be group by risk owners
19.06.2014 06:18:30 GRCADMIN Request generation started
19.06.2014 06:18:30 GRCADMIN Request generation completed
19.06.2014 06:18:30 GRCADMIN Total number of request created: 0
Batch job has been run.
This user shows risk in "Access Management" and "Reports and analytics"
Any help would be great.
BR,
Mangesh
Dear Mangesh,
before running the SOD review workflow you have to ensure that a the prerequisites are done:
Keep me updated if it works.
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Alessandro,
Thanks for your time first.
I ran the reports in sequence you suggested.
My workflow is not based on Risk Owner approval, review request will be directly send to one team which is user group based agent.
So I did not had risk owner assigned, but now I assigned one user to risk F028.
User is available in management report and show it in medium risk list through pie chart.
I ran my background job to generate SOD with following criteria,
Connector: XYZ-100
User ID: Z*
Job ran successfully but no request created,
19.06.2014 06:18:25 GRCADMIN Job scheduled successfully
19.06.2014 06:18:30 GRCADMIN Job ID : 17111700 created
19.06.2014 06:18:30 GRCADMIN Extraction of user-risk data started
19.06.2014 06:18:30 GRCADMIN Total Number of Users: 2
19.06.2014 06:18:30 GRCADMIN Extraction of user-risk data completed
19.06.2014 06:18:30 GRCADMIN Request to be group by risk owners
19.06.2014 06:18:30 GRCADMIN Request generation started
19.06.2014 06:18:30 GRCADMIN Request generation completed
19.06.2014 06:18:30 GRCADMIN Total number of request created: 0
Anything else I should check?
I can create request with these scenarios for risks which do not have risk owner assigned.
But not luck in QAS.
Configuration shows same parameters for SOD RISK review process in DEV and QAS, only difference is version, as 0008 in DEV and 0004 in QAS. As I had generated many versions in DEV during my initial configuration.
When I had transported SOD review, I checked through "Generate MSMP Process Versions" in simulation mode, it showed one entry as yellow "No active version available for this process ID" after that I have generated 4 versions in QAS to check.
Any idea?
BR,
Mangesh
BR,
Mangesh
HI Mangesh
I had issues recently with SoD Review WF and am not using Risk Owners as the reviewers either
However, because I ran the job with group by Risk it still looked for the Risk Owner and then also wanted the risk owner to have a Coordinator assigned. If not no entry would appear in GRACREQ
Maybe try those two data mappings (assign risk a risk owner and assign the risk owner a coordinator in Maintain Coordinators) to see if it generates
I'm unsure if this is design or not but if design not happy with it being inflexible as I didn't want to have to assign a risk owner to each risk (prefer manage via central criteria)
Regards
Colleen
Dear Colleen,
I have no words to express my thanks.
Yes, it went like a charm. You saved my day. really
But very strange, I have not assigned any cordinator to risk owner but still it is producing SOD review request.
Could you please help me with understanding the troubleshooting tools in SAP GRC AC10.0, any link to such docs, would be great help.
Sometimes you feel so sad that it work in DEV but not in QAS and you really can't give explaination to client saying "My configuration is right but it is not working in QAS"
But really really a BIIIIIIIIIIIIIIIIIIIIIIIIIIIGGGGGGG thank you for the solution.
BR,
Mangesh
Hi Mangesh
But very strange, I have not assigned any cordinator to risk owner but still it is producing SOD review request.
I had to do that for mine but that may not be required (I'm still figuring that out)
Consider my correct answer fate for you as I only spent 4-6 hours in the last week debugging to figure out the requests weren't getting created for me Glad to hear someone else benefited from my frustration
most of the tools I used is SCN. I have not had access to a GRC system for over a year so I have read and particpated in SCN (a lot less recently due to system access and experience compared to others). However, when on a system, the key tools i use is:
In short, practice and experience will get us both there
Regards
Colleen
Dear Colleen,
Thanks for the guidance on tools It is great help to start with right direction.
I can understand how fustrating it can be when system does not work as documented.
Well I have few more issues, may be you can give some insights,
I have set parameter 1072 (Mitigation of critical risk required before approving the request) to YES, I was expecting risk defined as critical will be checked through this parameter, but though the access request has Critical risk (through Role) but still role owner can approve the risk (Without assigning mitigation control)
So it means system allowing approval, without mitigating risk.
Did I understand Critical risk means risk of type Critical or it means something else.
UAR problem,
I have 4 users all has4 separate roles assigned, and role owner assigned, my UAR is on role owner approval.
So Ideally it should create request for all 4 users, but it is creating them for only 2.
Any idea? Hope I am not troubling you too much.
BR,
Mangesh
Hi Mangesh
For your follow up questions I suggest a new question for each (assuming you have already searched SCN and not found the topic)
UAR Review may be similar to SoD Review. There is configuration parameter 2006 to group by MANAGER or ROLE OWNER. Which one is yours grouped by?
Regards
Colleen
P.s. - you are not wasting my time but remember you with good questions and explanations in SCN you get more than just my time in this community
User | Count |
---|---|
15 | |
4 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.