on 11-17-2015 4:05 PM
Hi All,
I found GRCUSER table also consists data of connectors which are not even maintained in "Maintain data source configuration"
GRACUSER table should only store the records of the connectors which are maintained in User data source and table GRACRLCONN should store all the records of connectors in which user id exits.
I have tried by running Full sync job twice for all the connectors but these entries are got getting removed instead they are updating(If new user is created). We are in SP 16.
Thanks in advance.
Regards,
Abhi
Hi Abhi,
In order to delete entries from GRC tables for a given connector (which is not in use anymore) you can use program GRAC_DELETE_ACCESS_RULES.
I am little unsure of what you are looking for: GRACUSER is suppose to hold all IDs in sync with GRC system, that is for all connectors but not connector wise . They may or may not be assigned as a data source.
Thanks,
Priyanka Mathur
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Priyanka,
Thanks for your reply, Let me be more clear.
As per my knowledge i feel table GRACUSER should only contain data of connectors which we maintained in "Maintain data source system". Say suppose your GRC system is connected to 10 systems and only 2 system connectors are maintained in "Maintain data source system" then table GRACUSER should contain unique User entry from 2 system connectors which are maintained in Maintain data source but based on Priority. Please correct me if am correct.
I have also checked the program GRAC_DELETE_ACCESS_RULES but little confused to execute, will it also delete entries from table GRACRLCONN and all other corresponding tables in which the data exits of the connector which we have choose to delete.
Thank you.
Regards,
Abhi
Hi Abhi,
Thanks for explaining.
I am quiet sure GRCACUSER has nothing to do with Data Source maintenance. I just cross checked the table for one of our clients who are not utilizing Data Source for authentication and it still has entries for users for all the connectors I have defined in SPRO. It gives details of the user/ personnel number/ manager data/email etc. As it records unique values across all connectors ,I think that's the reason it will read 'abc' differently from 'ABC'.
Coming to program GRAC_DELETE_ACCESS_RULES it is to delete data from GRC tables for the connectors not in use.
Deletes Rules data for Physical, Logical and Cross Systems
Deletes Mitigation & Violation data for Physical and Cross Systems
Deletes Synchronization data for Physical Systems
I don't recommend the use of it in your case as it is not the requirement in your case.
Thanks,
Priyanka
Hi Abhi,
1. At the time of initial implementation time you/team might be maintained system as Data Source system and later removed. Please confirm it once again about datasource system.
2. GRACRLCONN table mainly used to store the backend system roles but not for users. The table description also indicates the same and please find the table details
3. For your third query:
The full sync concept is system will delete all the existing entries from the table and update the table freshly with all the entries from the backend system.
With Regards
Trinadh Bokka
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello All,
I have also observed another strange thing in table GRACUSER is its accepting User ID based on case sensitive.
I mean we have entries of user "ABC" and also "abc". Here Capital entries of User ABC is from SAP system and lower case User "abc" is from portal connectors.
Thank you.
Regards,
Abhi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Abhi,
Please implement the below note for correction,it will solve your issue
1945640 - Inconsistencies in GRACUSER table after running sync jobs
Regards
Baithi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Data source can consist of only 1 connector, eg. LDAP. But connectors can be multiple. So, GRACUSER will consist of single occurrence of a user id, and it necessarily need not be from Data source.
regards
Plaban
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.