cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP GRC AC 10 - ARM new user; "user type"?!

former_member379201
Explorer

on ‎03-29-2016 10:12 AM

0 Kudos

Good morning,

I am struggling to clear something a little bit strange in my GRC AC 10 setup.

In ARM workflow, the template created has "user type" set as mandatory, non-editable and visible. All fine in DEV and PRD. The field is auto-populated with "Dialog". All fine here. In QAS, to my surprise and annoyance, there is no default value. The field being set as mandatory but non-editable, the matter cannot proceed any further.

Looked extensively in the documentation left behind by vendor, in SAP SMP, and anywhere else I could search, to no avail. Everywhere I've looked in configuration settings, comparing between instances, everywhere the setup is identical.

In brief, for "New User" template, where is such "default" value for the field "user type" maintained?

The settings I have looked at, serve the purpose to setup different fields as mandatory, visible and/or editable; clear thing here. All these are identical between PRD and QAS.

How this can be addressed?

Will it help finding where are the default values for one field or another maintained and if there is a difference between PRD and QAS, to set it right?

If it helps clarifying where I am coming from:

In PRD and DEV:

Corresponding setup of the said template in PRD:

As you can see there is no entry to correspond to "Dialog" user type in the "Default" column.

In QAS:

Corresponding setup of the said template in QAS:

Here as well, there is no entry to correspond to "Dialog" user type in the "Default" column.

Looking forward to your assistance,

Thank you in advance,

Dan Georgescu

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎08-24-2016 2:33 PM
0 Kudos

Good Evening Mr.Dan,

 

               I know its a very late response but still i hope my suggestion will be very helpful for you.

               I have noticed in the PRD sys you have created a template with

request type : self

user name is : ADP00400

                and in QAS sys you have created a template with

request type : other 

user name is : ADP00218

               There are two possibilities for the error your facing,

1. The user ADP00400 has defined as dialog user while creating Check in su01, but it's not mentioned for the user ADP00218.

2. In the EUP settings you have a column Default value there you need to define your default value what should be pop up, for example: dialog (type A), service user, you need to mention so that if your creating a new user the default value will be automatically feeds, otherwise you need to make it editable too to proceed further.

      The reason is the user information is pulled out from LDAP if the information is not there then the system cant give a value so make sure whether the information is already present for the user or else ask your administrator to make the field as editable too.

     I hope i have explained clearly if any queries please feel free to post.

With Regards,

ManojRavi

Show replies
Show replies
plaban_sahoo6
Contributor
‎03-29-2016 4:02 PM
0 Kudos

Could you try admin mode of GRAC_OIF_REQUEST_SUBMISSION, and make changes to the field User type

Show replies
Show replies
former_member379201
Explorer
‎03-30-2016 6:59 AM
0 Kudos

Hi there,

Thanks for jumping into the discussion. I will try addressing the matter as suggested. Unfortunately I do not have the needed access, so I have to wait on somebody else pleasure...until next week.

I will surely come back with whatever has happened.

BR
Dan

Former Member
‎03-29-2016 11:25 AM
0 Kudos

Hello Dan,

For existing users the User Type will be fetched from the User Detail Data Source if it is present.

To set Dialog type as default, you can maintain default value of User Type as 'A' in EUP in SPRO.

Then if data is missing for User Type, the default value will be populated in access request.

Best Regards,

Zoltan

Show replies
Show replies
former_member379201
Explorer
‎03-29-2016 11:42 AM
0 Kudos

Thanks Zoltan for replying,

The issue is with new users; HR is the data source; employee details in HR cannot help here. "User Type" is of no consequence to HR and therefore such detail is not stored in HR employee master data.

As for "user Type = A (Dialog)" setup as default...it is as such. It is setup as such in "AC Configuration Settings", for Parameter ID 1026:

I would have liked this to help, but Param. 1026 seems to be relevant to "Risk Analysis". I am not sure it is relevant to ARM, user provisioning.

I suppose the root cause is somewhere else.

Best regards,

Dan

Former Member
‎03-29-2016 12:29 PM
0 Kudos

Hello Dan,

Parameter ID 1026 is irrelevant here, default value needs to be maintained in EUP.

SPRO > GRC > Access Control > User Provisioning > Maintain End User Personalization

Regards,

Zoltan

former_member379201
Explorer
‎03-29-2016 1:01 PM
0 Kudos

Hello Zoltan,

Yes, 1026 is not relevant here; thanks for confirming it.

The option in the Editable column, "Yes, if the data is missing" would be a possible solution, I imagine. I thought about it, but this doesn't explain why the same configuration item is exactly the same from DEV to QAS and PRD, i.e. no entry there, while the behavior is different QAS vs. DEV & PRD (see the initial attached images).

If there would have been a difference, it stands to reason I would have acted upon and level the playing field, making it the same in all instances. But IT IS already the same setup in all instances, while its behavior is different. This made me think the root cause must be somewhere else.

What do you think?

Best regards,

Dan

Former Member
‎03-29-2016 1:28 PM
0 Kudos

Hi Dan,

Yes, you might also use "Yes, if the data is missing" as the Editable attribute, although the main point of the screenshot was to set default value of User Type as 'A'.

About your initial attached images, the PRD one is a request for SELF, so in that case User Type was retrieved from the User Detail Data Source for the existing user. The QAS one is for OTHER new user and there is no default value set for User Type, this is the reason you see Select there.

Regards,

Zoltan

former_member379201
Explorer
‎03-29-2016 3:36 PM
0 Kudos

Hi Zoltan,

Right; I understand your pointing to the "default values" field not the "Editable" field in EUP.

Thing is the setup is identical in both PRD and QAS.

As for "request for" "Other or "Self", is the same thing; they do not seem to make a difference. This is how it looks in PRD for the same "OTHER" as in QAS:

the "User Type" doesn't seem to care much about provisioning for SELF or OTHER. The field is autocompleted with default value "Dialog".

Still cannot imagine where it is brought from.

Thank you for your time and replies,

I'll try tomorrow looking further for an answer.

BR

Dan

Former Member
‎03-30-2016 10:48 AM
0 Kudos

Hi Dan,

Please check the user ADP00444 in the systems, which you have set as user detail data source.

Most probably user type Dialog is fetched from a detail data source, also check parameter 5023.

Best Regards,

Zoltan

Ask a Question