on 06-25-2014 11:14 AM
Hi Gurus,
We are using Business roles for user provisioning in GRC.
Business roles Provisioning and De-provisioning is working properly.
Issue is with the information in the mail notification.
For New account request type:
Hi GRC Demo User 3 (Z_GRAC_USER3),
The Request number : 197 , has been processed and the Request is Closed. The details are as follows:
Z_GRAC_USER3 User created in ME1CLNT200
The generated password is: *********
"YY" Business role assigned to Z_GRAC_USER3
Kind regards,
Access Control Administrator
For Change Account Request Type:
Hi GRC Demo User 3 (Z_GRAC_USER3),
The Request number : 198 , has been processed and the Request is Closed. The details are as follows:
Z_GRAC_USER3 User created in ME1CLNT200
"XX" Business role assigned to Z_GRAC_USER3
Kind regards,
Access Control Administrator
As mentioned above below is the Email notification being used.
Hi %USER_FIRST_NAME% %USER_LAST_NAME% (%USER_ID%),
The Request number : %REQNO% , has been processed and the Request is
Closed. The details are as follows:
%PROVISIONING%
Kind regards,
Access Control Administrator
Our concern is that for "CHANGE ACCOUNT" request type also Email notification says "Z_GRAC_USER3 user created in ME1CLNT200". This is wrong as user is already there in the system.
So we understand that %PROVISIONING% variable is actually populating wrong data for "CHANGE ACCOUNT" request types especially for business roles.
We tested the same scenario for other roles types provisioning and de-provisioning and everything is working fine.
Can someone let us know if anyone faced the same issue or If there is any resolution for the same
Regards,
Sai.
Hi,
IF you have created a "Change User" request and the user does not actually exist in the target system where the technical role within the Business roles is to be assigned, then GRC may have created the User ID (based on your provisioning settings in SPRO). That could be the reason why you are getting that notification reported back.
IF however, you have thoroughly tested the whole scenario, then you may require to raise a OSS call with SAP. It would be worth checking the user ID records in SU01 and see if the user has actually been re-created again as part of the GRC provisioning.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi that is correct, I didn't get the same issue as you , i.e. recreating a user that exists on the target system.
However, I have recently had a few new issues i regards to business role provisioning and having multiple paths and it seems that one of the latest notes is part of SP14.
Raise a call with SAP but I won't be surprised if the issue is fixed by a note from SP 14 or above.
Hi Harinam,
Thanks for the details. I have already raised a OSS message to SAP.
I have implemented SAP note 1930923 in GRC sandbox system and can see that the mail issue I am reporting was no longer appearing. But I have seen new one this time
After note implementation: (Change Account Request Type with Business Role Assignment)
Hi GRC User Demo 1 (Z_GRAC_USER1),
The Request number : 592 , has been processed and the Request is Closed. The details are as follows:
XX Business role assigned to Z_GRAC_USER1
Kind regards,
Access Control Administrator
Before and After note implementation: (Change Account Request Type with Business Role removal)
Hi GRC User Demo 1 (Z_GRAC_USER9),
The Request number : 593 , has been processed and the Request is Closed. The details are as follows:
YY Role removed from Z_GRAC_USER9 ( )
Kind regards,
Access Control Administrator
Now the issue during role assignment is resolved, but during role removal mail notification says role has been removed from user and ends with empty brackets ().
For single roles in this brackets it usually fills the system name. May be for business roles since there will not be any specific system it is coming empty, but I think SAP should fix this.
Let me know if you are also facing the same
Since you confirmed that you are using business roles, let me know any critical issues which you came across as part of SP13 as we are also on SP13 and could be helpful.
Thanks once again for taking your time in replying for my issue.
Regards,
Sai.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.