cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRACUSER table stores wrong connector records

Go to solution
Former Member

on ‎11-17-2015 4:05 PM

0 Kudos

Hi All,

I found GRCUSER table also consists data of connectors which are not even maintained in "Maintain data source configuration"

GRACUSER table should only store the records of the connectors which are maintained in User data source and table GRACRLCONN should store all the records of connectors in which user id exits.

I have tried by running Full sync job twice for all the connectors but these entries are got getting removed instead they are updating(If new user is created). We are in SP 16.

Thanks in advance.

Regards,

Abhi

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member222517
Explorer
‎11-18-2015 1:50 PM
0 Kudos

Hi Abhi,

In order to delete entries from GRC tables for a given connector (which is not in use anymore) you can use program GRAC_DELETE_ACCESS_RULES.

I am little unsure of what you are looking for: GRACUSER is suppose to hold all IDs in sync with GRC system, that is for all connectors but not connector wise . They may or may not be assigned as a data source.

Thanks,

Priyanka Mathur

Show replies
Show replies
Former Member
‎11-18-2015 4:15 PM
0 Kudos

Hi Priyanka,

Thanks for your reply, Let me be more clear.

As per my knowledge i feel table GRACUSER should only contain data of connectors which we maintained in "Maintain data source system". Say suppose your GRC system is connected to 10 systems and only 2 system connectors are maintained in "Maintain data source system" then table GRACUSER should contain unique User entry from 2 system connectors which are maintained in Maintain data source but based on Priority. Please correct me if am correct.

I have also checked the program GRAC_DELETE_ACCESS_RULES but little confused to execute, will it also delete entries from table GRACRLCONN and all other corresponding tables in which the data exits of the connector which we have choose to delete.

Thank you.

Regards,

Abhi

former_member222517
Explorer
‎11-19-2015 11:07 AM
0 Kudos

Hi Abhi,

Thanks for explaining.

I am quiet sure GRCACUSER has nothing to do with Data Source maintenance. I just cross checked the table for one of our clients who are not utilizing Data Source for authentication and it still  has entries for users for all the connectors I have defined in SPRO. It gives details of the user/ personnel number/ manager data/email etc. As it records unique values across all connectors ,I think that's the reason  it will read 'abc' differently from 'ABC'.

Coming to program GRAC_DELETE_ACCESS_RULES it is to delete data from GRC tables for the connectors not in use.

Deletes Rules data for Physical, Logical and Cross Systems

Deletes Mitigation & Violation data for Physical and Cross Systems

Deletes Synchronization data for Physical Systems

I don't recommend the use of it in your case as it is not the requirement in your case.

Thanks,

Priyanka

Former Member
‎11-19-2015 4:13 PM
0 Kudos

Hi Priyanka,

Thanks for your time. Then my understanding was not correct.As you said GRCACUSER has nothing to do with Data Source maintenance then its correct even in my case.

Thanks again.

Regards,

Abhi

Answers (5)

Answers (5)

former_member192902
Participant
‎11-19-2015 9:58 AM
0 Kudos

Hi Abhi,

1. At the time of initial implementation time you/team might be maintained system as Data Source system and later removed. Please confirm it once again about datasource system.

2. GRACRLCONN table mainly used to store the backend system roles but not for users. The table description also indicates the same and please find the table details

3. For your third query:

The full sync concept is system will delete all the existing entries from the table and update the table freshly with all the entries from the backend system.

With Regards

Trinadh Bokka

Show replies
Show replies
Former Member
‎11-18-2015 4:22 PM
0 Kudos

Hello All,

I have also observed another strange thing in table GRACUSER is its accepting User ID based on case sensitive.

I mean we have entries of user "ABC" and also "abc". Here Capital entries of User ABC is from SAP system and lower case User "abc" is from portal connectors.

Thank you.

Regards,

Abhi

Show replies
Show replies
former_member197694
Active Contributor
‎11-18-2015 2:13 PM
0 Kudos

Hello Abhi,

Please implement the below note for correction,it will solve your issue

  1945640 - Inconsistencies in GRACUSER table after running sync jobs

Regards

Baithi

Show replies
Show replies
Former Member
‎11-18-2015 4:19 PM
0 Kudos

Hello Srinivas,

I have already checked the note 1945640 which is obsolete, this was already implemented from the Support package. We are on SP 16 now.

Thank you.

Regards,

Abhi

plaban_sahoo6
Contributor
‎11-18-2015 10:31 AM
0 Kudos

Hi,

Data source can consist of only 1 connector, eg. LDAP. But connectors can be multiple. So, GRACUSER will consist of single occurrence of a user id, and it necessarily need not be from Data source.

regards

Plaban

Show replies
Show replies
former_member235395
Contributor
‎11-18-2015 3:04 AM
0 Kudos

Hi Abhi,

Check this thread: http://scn.sap.com/thread/3507522

Regards,

Show replies
Show replies
Ask a Question