cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User Level Risk analysis considers expired user in GRC 10.1 SP11

Former Member

on ‎12-23-2015 1:20 PM

0 Kudos

Dear All,

We are facing an issue with ARA component of the GRC 10.1 SP11.

While Running an User Level Analysis for set of users. Report shows expired and locked users in ARA report.

We have already set the configuration parameter 1028 (Include Expired users) and 1029 (Include Inactive Users) as "No".

Please refer the attached screenshot for the reference.

Regards,

Hardik Patel

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎03-29-2016 6:29 AM
0 Kudos

Dear All,

Request you to implement following notes in respective system:

Notes in GRC System:

1) 2268125 - Deleted and expired user get synched even though customizing
2) 2273193 - Expired users are not getting updated in GRACUSERCONN
3) 2280550 - Expired and inactive(locked) users not getting updated in ta

Note in Plugin System:
1) 2282947 - User Level Access Risk Analysis includes inactive users - pl

Post implementation of notes, Run Repository Synchronization Job for Users in Full Synch Mode.

Then Check the GRACUSERCONN table for indicator values. It should update the indicator with proper values.

Regards,

Hardik Patel

Show replies
Show replies
BrucevR
Explorer
‎04-05-2016 3:48 PM
0 Kudos

Thanks for the information Hardik. It seems that these notes only partially fixes the problem, or I may be wrong.

I have applied the notes as mentioned and executed the sync jobs and the table GRACUSERCONN is now updating the EXPIRED field correctly (if a user validity date has been changed in the plugin system)

However, the INACTIVE field is only updating if a user is locked due to incorrect logons. If the user is locked by the administrator, the INACTIVE field is still blank in the table. In my opinion, if a user is locked, whether is Admin/Global or incorrect logons, it should reflect as INACTIVE.

Please advise.

Former Member
‎02-05-2016 6:28 PM
0 Kudos

Hi Hardik,

  did you get any solution for this issue? We are on the same patch level and have the exact same issue.

I have raised a message with SAP too , still to get any reply.

Regards

Gaurav Duggal

Show replies
Show replies
former_member948371
Discoverer
‎03-16-2016 3:09 PM
0 Kudos

Anyone has found a resolution to this problem?

former_member197694
Active Contributor
‎12-23-2015 2:12 PM
0 Kudos

Hello Hardik,

Seems to be users data is not synchronized correctly.

Check in table GRACUSERCONN for expired and locked users status

INACTIVE status should be 'X' for expired and locked users.

Regards

Baithi

Show replies
Show replies
BrucevR
Explorer
‎01-08-2016 7:05 AM
0 Kudos

Hi

We are also facing the same problem. GRC 10.1 SP11

The Parameters 1028 & 1029  are maintained with Value "No"

The sync job is updating the user changes (New users, role assignments, validity dates etc) but it is not flagging them in the table as locked or expired.

navakanth_gayakwad
Explorer
‎01-08-2016 2:49 PM
0 Kudos

Hello Bruce

Please apply the the note - 2259378 - Repository Sync issue with expired and locked users - plugin. I think this may resolve your issue.

Regards

Navakanth

BrucevR
Explorer
‎01-11-2016 10:32 AM
0 Kudos

Thanks. I have applied the note(s) and executed the sync jobs again, but the Inactive & Expired fields in table GRACUSERCONN is still not being updated.

navakanth_gayakwad
Explorer
‎01-11-2016 12:32 PM
0 Kudos

Hello Bruce,

First implement 2168872 - Inconsistent entries in table GRACUSER and GRACUSERCONN if the problem still exists proceed as shown in the below sap Note.

2253834 - Repository sync collection of corrections

Regards

Navakanth

BrucevR
Explorer
‎01-11-2016 12:52 PM
0 Kudos

Thanks for the feedback. I have checked and note 2168872 cannot be implemented in our system and I have already applied the notes as per 2253834 because we had a problem where the user type did not update correctly to the GRACUSERCONN table after the sync jobs. The notes resolved the issue with the user type, but the Inactive & Expired fields are still not updating.

navakanth_gayakwad
Explorer
‎01-11-2016 1:13 PM
0 Kudos

Bruce

There are many productivity bugs in GRC 10.1

Let me try from my side can you please share the screen shots of GRACUSERCONN table and analysis criteria in RAR Report,

Regards

Navakanth

BrucevR
Explorer
‎01-12-2016 5:33 AM
0 Kudos

Please see printscreens below :

I am using the user TEST_AB1 for my testing :

The Inactive & Expired fields are not updated :

As per the ECC system, the user is locked and end dated.

Selection Criteria in RAR :

Ask a Question