cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to import Portal Roles which can be selected in ARM

Go to solution
Former Member

on ‎12-02-2014 10:41 AM

0 Kudos

Hi GRC Experts

Here we need to manage Enterprise Portal account via Access Control ARM, I know that before the user select EP roles in Access Request, we need to firstly import the EP roles into BRM. Please refer to the following snapshot, I cannot find the application type "Enterprise Portal", it seems that there's no way to import EP roles Can someone please help me? Thanks a lot

I would appreciate any link or knowledge share reference.


BR, James

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

madhusap
Active Contributor
‎12-02-2014 12:18 PM
0 Kudos

Hi James,

Depending on your GRC version please check below notes and complete EP configuration required in GRC

1607232 - GRC 10.0 Enterprise Portal Configuration

1977781 - GRC 10.1 Enterprise Portal Configuration.

Regarding role import for EP systems, you can refer

1937479 - Unable to import EP roles in BRM 10.0

Regards,

Madhu.

Show replies
Show replies
Former Member
‎12-03-2014 10:49 AM
0 Kudos

Hi  Madhu

Really appreciate your help, will update you the result, thanks a lot

BR, James

Former Member
‎12-04-2014 2:20 AM
0 Kudos

Hi  Madhu

I downloaded the none PFCG role template, there are 3 columns defined, the first column should be portal role PCD path; second column should portal role description; the last column should be the iView PCD path, right?  Also, I found that the maxim length is just 50, is that means that if our iView pcd path exceed 500, the ARA analysising portal roles or BRM importing portal roles will not work? Thanks a lot

Best regards

James

Former Member
‎12-04-2014 6:17 AM
0 Kudos

Hi  Madhu


Also, to define the offline roles, there's no portal role type, which type can I select? Thanks a lot

BR, James

Former Member
‎12-04-2014 6:27 AM
0 Kudos

An error message popup

"Role import server directory not maintained"

alessandr0
Active Contributor
‎12-04-2014 6:32 AM
0 Kudos

James,

check configuration parameter 3021 (Directory for mass role import server files).

Regards,

Alessandro

alessandr0
Active Contributor
‎12-04-2014 6:36 AM
0 Kudos

James,

please see note: http://service.sap.com/sap/support/notes/1929820

It says: "Portal roles are always imported as role type single and Landscape should be of type Enterprise Portal."

Regards,

Alessandro

madhusap
Active Contributor
‎12-04-2014 6:42 AM
0 Kudos

Hi James,

We are also using Portal roles for provisioning.

Assuming that you have completed all your required configurations and executed all Sync jobs.

Below is the template I am using for importing the portal roles to GRC.

Regards,

Madhu.

Former Member
‎12-04-2014 7:05 AM
0 Kudos

Hi Madhu and Alessandro

Really appreciate  your reply. I configured the parameter 3021, but it seems that that the issue still existing

Also, could you please help to have a look at my template file?

Best regards

James

Former Member
‎12-04-2014 7:07 AM
0 Kudos

Hi  Alessandro

Thanks for your reply, I configured 3021 but it seems that this error remains

Best regards

James

madhusap
Active Contributor
‎12-04-2014 7:16 AM
0 Kudos

Hi James,

Use options as

1. Role Attribute Source - Desktop

2. Role Authorization Source - Skip

Then import the template which you have created.

Regards,

Madhu.

Former Member
‎12-04-2014 7:35 AM
0 Kudos

Hi Madhu

I imported EP role now Thank you very much

Here I'm trying to create new EP account and assign the imported EP role to the created accont, but it seems that it does not work

Here is the workflow log

Here is the background parameter setting

Do I need configure more parameters? Thanks a lot

Best regards

James

Former Member
‎12-04-2014 7:48 AM
0 Kudos

The error message says "object class name does not exist in IDM"

madhusap
Active Contributor
‎12-04-2014 7:52 AM
0 Kudos

Hi James,

Please check if the below notes helps.

http://service.sap.com/sap/support/notes/2033714

http://service.sap.com/sap/support/notes/2029592

http://service.sap.com/sap/support/notes/2025129

Regards,

Madhu.

Former Member
‎12-04-2014 8:28 AM
0 Kudos

Hi  Madhu

I implemented note 2025129 but didn't implement note 2029592 since it has already been included by current SP06. Now it pops up a new error message saying that "Can not update role because: Can not update group as member null doesn't exist"

Best regards

James

Former Member
‎12-04-2014 8:36 AM
0 Kudos

is it that means that I have to assign user group to the new created account, but how can I import EP user group to BRM? Thanks a lot

Former Member
‎12-04-2014 8:51 AM
0 Kudos

Hi  Madhu

I'm trying to assign the imported role to the existing portal account, the workflow log says role assigned, but cannot find the assigned role in portal, have no idea...

Best regards

James

Former Member
‎06-09-2015 8:58 PM
0 Kudos

This message was moderated.

Answers (1)

Answers (1)

Former Member
‎09-05-2015 11:51 AM
0 Kudos

Hi James,

Even am getting same error message "Role already assigned" but its not assigned.

Please advise ?

Thank you.

Regards,

Abhi

Show replies
Show replies
Former Member
‎09-08-2015 1:20 PM
0 Kudos

Hi Abhi,

The provisioning engine first squeezes the assignment in internal GRC AC tables like GRACUSERROLE etc.

(such also happens if the engine encounters other errors in its routines afterwards)

When doing assignments it first checks these internal tables to see if assignment is already done.

If you rerun synch report GRAC_REPOSITORY_OBJECT_SYNC for your portal connector(s) those internal GRC tables will be updated (cleansed) again. Then error message "Role already assigned" should be gone.

Cheers,

George

Ask a Question