on 11-19-2015 2:55 PM
Dear Community,
we want to execute an import of critical roles
NWBC-> Set up -> Critical Access Rules -> Critical roles includes 2 roles.
Therefore, I have execute program GRAC_DOWNLOAD_CRITICAL_OBJECTS (Object type "Critical Role") to see the requested format of the file.
I have added an additional role and executed GRAC_UPLOAD_CRITICAL_OBJECTS (Object type "Critical Role").
Then I've got an error message: Rules upload failed, please check logs. Invalid role XXXX at line 3.
If I delete the roles from NWBC-> Critical roles an upload the original fil, it works.
If I delete the roles from NWBC-> Critical roles and upload a file from which I have deleteda role, it works too.
Can someone help me to solve the problem.
BR
Melanie
Hello,
I have the same issue on GRC 10.1 (SP12). The upload of critical roles does not work with program GRAC_UPLOAD_CRITICAL_OBJECTS but it does manually via the standard webdynpro page (NWBC).
After debugging the program it seems the issue comes from table GRACEXTOBJ. If the roles do not exist in this table it shows the error message.
Please see the related code lines below (from line 143) :
SELECT SINGLE ID INTO lv_role_id FROM GRACEXTOBJ WHERE OBJECTID = <ls_critical_role_data>-OBJECTID.
IF lv_role_id IS NOT INITIAL.
[...]
ELSE.
MESSAGE S633 INTO LV_MSG WITH <ls_critical_role_data>-OBJECTID.
[...]
Looking at SAP notes, I found a related note for mitigating controls (with the error message and same table) : 2101309 - https://launchpad.support.sap.com/#/notes/2101309/E
I guess then it is a SAP error in the program they should correct.
Best regards,
Jonathan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This message was moderated.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Melanie,
is the role you wanna upload available in BRM? Then it should work.
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Fernando,
unfortuntaly I had no time to push this topic, but I had another Problem in Connection with critial roles:
The automatic risk analysis - which is executed during our access request creation - displays risks if a role is inserted in the critical roles but for a CONNECTOR GROUP/LOGICAL SYSTEM.
If the role is entered in the critical roles for a Connector it works as it should and does not Show the risks automatically. This is what we expect.
I have seen that the SAP Standard roles for Approver and Requester does not include the authorization object GRFN_CONN for connector groups.
I have added this object with entries 16 and a * and it works as for single connectors.
Maybe this could be the solution for you problem, too.
BR
Melanie
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.