on 03-29-2016 3:54 PM
Hi,
I am facing an issue regarding access request – “New Account”, user is creating request containing Roles and Systems. Ideally, they should select only Roles.
Once the system found System in the request, it goes to ESCAPE path.
But we search the request and open the Audit log, it is only showing systems. No Roles are showing which was selected.
But when we “open” the request, it is showing all roles and systems.
When I am trying to create new request by “Copy request”, it is showing below message and could not copy all the roles and System, it is only copy the systems.
Please help me on this issue.
Thanks,
Samrat
Hello Samrat,
As Alessandro said, it seems it has to deal with your authorizations in background GRC system. Juste once after the error message, go back to backend system and check if there any thing mentionned missing in su53. If not, you'll have to start as mentionned by Alessandro, a "STAUTHTRACE" on your user and redo the copy of the request to analyse the trace.
Regards
Séverine
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Samrat,
first of all you missed to mention your SP level which is crucial for helping you. Please see the following thread (further postings will be rejected if information is missing):
When you copy a request and it says "your missing authorization" you have to check the authorizations. I recommend to check the objects GRAC_REQ, GRAC_ROLED and GRAC_ROLEP. It's also recommended to run an authorization trace to see missing objects. Therefore use transaction STAUTHTRACE.
Please keep us posted.
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Samrat,
While copying the request please confirm if you have checked copy roles option as well. Thanks.
Regards,
Surya
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.