cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP GRC BRM role import does not work

Go to solution
Former Member

on ‎03-02-2015 8:42 AM

0 Kudos

Hi SAP Expert

I'm trying to import some SNC roles into GRC BRM, but there's a role cannot be imported, the error message says:"Object class missing for permission AC_OTYPE". I ran GRAC_PFCG_AUTHORIZATION_SYNC to synchronize the authorization, but role importing still does not work. Hope someone can help me, thank you in advance

Best regards

James

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

AndrzejP
Active Participant
‎03-02-2015 9:28 AM
0 Kudos

Hi James,

I had similar error when uploading roles with tcode which does not exist in dictionary, we had to remove it from role before import, otherwise validation did not allow for import.

Best regards, Andrzej

Show replies
Show replies
Former Member
‎03-02-2015 9:33 AM
0 Kudos

Hi  Andrzej

Thanks for your reply, but I cannot found the error AO in the PFCG definition, I can just find it in the background database table. I don't know how the delete the error AO

Best regards

James

Answers (1)

Answers (1)

madhusap
Active Contributor
‎03-02-2015 8:58 AM
0 Kudos

Hi James,

Does you role has any authorization object which is under class AC_OTYPE?

Does your Object class exists AC_OTYPE? Check in SU21 if the class exists and objects are mapped to it?

Please check table GRACPERMCLS in GRC for Auth.Object vs Object class mapping also.

Regards,

Madhu.

Show replies
Show replies
Former Member
‎03-02-2015 9:16 AM
0 Kudos

Hi Madhu

I checked all points in your reply and following are the snapshots, there's no object class AC_OTYPE. Thank you

Best regards

James

madhusap
Active Contributor
‎03-02-2015 9:28 AM
0 Kudos

Hi James,

ACO_OTYPE is the authorization object.

Is there any such object in the roles which you are importing?

Authorization Object - ACO_OTYPE

Description : Create Administration Authorizations for Each Object Type

Object Class : ACO

Field Name 1 : ACTVT

Field Name 2 : ACO_OTYPE

Regards,

Madhu.

Former Member
‎03-02-2015 9:30 AM
0 Kudos

Hi Madhu

I found the root cause. There's AO AC_OTYPE defined in the background role define table, but the definition cannot be found in PFCG, is there any way to delete this definition? Thank you

Regards

James

Former Member
‎03-02-2015 1:35 PM
0 Kudos

Hi  Madhu

I imported role definition from other system which has AO AC_OTYPE but SNC has no AC_OTYPE defined. Now, I can only see the AC_OTYPE in background table but cannot find it in PFCG, hence, I cannot delete the AO AC_OTYPE . Is there some ways to delete the error AO which cannot be found in foreground? Thank you very much

Best regards

James

madhusap
Active Contributor
‎03-02-2015 1:46 PM
0 Kudos

Hi James,

Can you try importing this particular role dirrectly from backend system rather than through role import templates and check if it is still throwing error?

Regards,

Madhu.

Former Member
‎03-02-2015 1:56 PM
0 Kudos

Hi Madhu

Sorry, could you please tell me more detail about "importing this particular role dirrectly from backend system ".

We imported the role into background SNC system which has been exported from other system. There is no any error message and I successfully generated this role. Now we need to import the role definition into GRC BRM since the role can be found in GRC ARM once it has been imported into BRM

Regards

James

madhusap
Active Contributor
‎03-02-2015 2:10 PM
0 Kudos

Hi James,

Please import the role as shown below directly from backend and let me know if the same error shows up.

Regards,

Madhu.

Former Member
‎03-02-2015 2:28 PM
0 Kudos

Hi Madhu

The snapshots you attached are just the steps how did I imported this role. I cannot import the role  because there is no AO AC_OTYPE in SNC system. I think I need to find a way to remove the AO AC_OTYPE in role ZR_GL_CUST_ALL_N, unfortunately, I cannot see the AO AC_OTYPE in PFCG

Regards

James

madhusap
Active Contributor
‎03-02-2015 2:38 PM
0 Kudos

Hi James,

Then I suggest you to use the Role templates to upload this role into GRC.

Run Tcode /GRCPI/AC_ROLE_DNLD in target ECC system.

Then upload these files into GRC using Role Import functionality.

Regards,

Madhu.

Former Member
‎03-02-2015 2:46 PM
0 Kudos

Hi Madhu

Thanks for your help, I resolved this issue

I just re-generated this role, and the error AO AC_OTYPE was automatically deleted and I imported the role ZR_GL_M_CUST_ALL_N. Any way, really thanks for your nice help

Best regards

James

Ask a Question