cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRAC_DOWNLOAD_CRITICAL_OBJECTS role upload failed

former_member225180
Participant

on ‎11-19-2015 2:55 PM

0 Kudos

Dear Community,

we want to execute an import of critical roles

NWBC-> Set up -> Critical Access Rules -> Critical roles  includes 2 roles.

Therefore, I have execute program GRAC_DOWNLOAD_CRITICAL_OBJECTS (Object type "Critical Role") to see the requested format of the file.

I have added an additional role and executed GRAC_UPLOAD_CRITICAL_OBJECTS (Object type "Critical Role").

Then I've got an error message: Rules upload failed, please check logs. Invalid role XXXX at line 3.

If I delete the roles from NWBC-> Critical roles an upload the original fil, it works.

If I delete the roles from NWBC-> Critical roles and upload a file from which I have deleteda role, it works too.

Can someone help me to solve the problem.

BR

Melanie

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎05-10-2016 11:57 AM
0 Kudos

Hello,

I have the same issue on GRC 10.1 (SP12). The upload of critical roles does not work with program GRAC_UPLOAD_CRITICAL_OBJECTS but it does manually via the standard webdynpro page (NWBC).

After debugging the program it seems the issue comes from table GRACEXTOBJ. If the roles do not exist in this table it shows the error message.

Please see the related code lines below (from line 143) :

SELECT SINGLE ID INTO lv_role_id FROM GRACEXTOBJ WHERE OBJECTID = <ls_critical_role_data>-OBJECTID.
         IF lv_role_id IS NOT INITIAL.
[...]

         ELSE.
           MESSAGE S633  INTO LV_MSG WITH <ls_critical_role_data>-OBJECTID.
[...]

Looking at SAP notes, I found a related note for mitigating controls (with the error message and same table) : 2101309 - https://launchpad.support.sap.com/#/notes/2101309/E

I guess then it is a SAP error in the program they should correct.


Best regards,

Jonathan

Show replies
Show replies
Former Member
‎05-09-2016 5:51 PM
0 Kudos

This message was moderated.

Show replies
Show replies
alessandr0
Active Contributor
‎11-20-2015 9:44 AM
0 Kudos

Dear Melanie,

is the role you wanna upload available in BRM? Then it should work.

Regards,

Alessandro

Show replies
Show replies
former_member225180
Participant
‎11-24-2015 9:19 AM
0 Kudos

Hi Alessandro,

I've imported the role in GRC and execute the repository object sync job.

If I add the new role to "Critical Roles" in NWBC manually, it works without any error message.

BR

Melanie

alessandr0
Active Contributor
‎11-24-2015 9:38 AM
0 Kudos

Dear Melanie,

I suggest to open an OSS call so that SAP can investigate the issue since it seems that notes are not available yet.

Regards,

Alessandro

Former Member
‎04-28-2016 1:00 PM
0 Kudos

Hi Melanie, could you solve this problem?

If I upload a critical role with a certain connector it works all right. But if I try to use a logical group I get the same error.

Thanks!

Fernando

former_member225180
Participant
‎05-02-2016 6:12 PM
0 Kudos

Hi Fernando,

unfortuntaly I had no time to push this topic, but I had another Problem in Connection with critial roles:

The automatic risk analysis - which is executed during our access request creation - displays risks if a role is inserted in the critical roles but for a CONNECTOR GROUP/LOGICAL SYSTEM.

If the role is entered in the critical roles for a Connector it works as it should and does not Show the risks automatically. This is what we expect.

I have seen that the SAP Standard roles for Approver and Requester does not include the authorization object GRFN_CONN for connector groups.

I have added this object with entries 16 and a * and it works as for single connectors.

Maybe this could be the solution for you problem, too.

BR

Melanie

Ask a Question