Hi All,
We are currently on GRC SP13. I could see lot of community members also working on same SP. There are lot of issues in GRC SP13. I am just updating the issues with relevant SAP notes here just to make it easy for the guys who come across the issues just like mine
There are still lot of issues which we are working on and will update this blog regularly based on our issues and fixes.
Access Request (ARQ)
Password Self Service (PSS) - Issues
In Password Self Service (PSS) when the user clicks on “Register Security Questions”. Users can add questions using either Admin defined or User defined option.
As shown below “User Defined Questions” has spelling mistake where “DEFINED” is spelled as “DEFINDED” and this can be fixed using SAP note 1907848 - UAM: Incorrect text for User Defined Questions
EUP Issues
Below SAP notes are implemented for issues regarding EUP.
1897794 - UAM: Request for value not coming from EUP in model user
1842378 - Default roles are getting added though they don’t exist in BE
Role Mapping Issues
Below SAP notes are implemented for issues regarding role mapping.
1900076 - UAM: Role mapping not working based on parameter 2015
Provisioning Settings Issues
Below SAP notes are implemented for issues regarding provisioning settings.
1966404 - UAM: System level provisioning settings not considered correctly
Risk Approval Workflow - Issues
In case of risk approval workflows, Title was not coming in header while opening the risk for approval as shown below.
Fix the issue using SAP note 1921318 - Risk Approval Screen - Title is not coming in header
Business Roles - Issues
Before discussing about business roles issues, please go through below SAP note on business roles which explains all Pros and Cons of business roles
1981001 - Recommendations: Using business role provisiong in access request
Business roles are not supported in GRC with “RETAIN” provisioning action. But in SP13 users are able to submit access requests with business roles having “RETAIN” provisioning action.
To fix this please implement the SAP note 1982339 - UAM: End user is able to submit request for business role with retain provisioning action
In case of Business roles having common technical roles, role de-provisioning is not happening correctly.
To fix this please implement the SAP note
1930923 - UAM:-Business role removal is not working correctly in Access Request
1922082 UAM: Rejected business roles are getting provisioned
1951749 UAM: Business role not provisioned correctly in language other than English
Role Import - Issues
Role Import in GRC SP13 is not showing all roles in the preview and as well as not importing all roles based on role range.
To fix this issue please implement the SAP note 1897975 - Role import does not show roles in the preview
Firefighter Login - Issues
When FF user is logging in with the assigned FF ID system is throwing dumps.
To fix this issue please implement the SAP note 1800347 - Short Dump on FF Login
Mitigation Control – Issues
Create Mitigation control and assign Risk and Approver/ Monitor to that control.
Click on Save/Submit button.
Error comes: "Saving Note Failed"
To fix this issue please implement SAP note 1890058 - "Saving note failed" error comes while saving Mitigation Control
Create Mitigation control and assign Risk and Approver/ Monitor to that control. The AC Reports are not displayed in the "Reports" tab of a mitigation control
Error message Action is inconsistent with system is displayed when you add a new AC report to a mitigation control and save/submit.
To fix this issue please implement SAP note 1902129 - Unable to save Mitigation control after adding AC Report
Mitigation control assignments which are already deleted are still showing up in GRC system.
To fix this issue please implement SAP note 1873361 - Performance issue with GRAC_REPOSITORY_OBJECT_SYNC
LDAP Issues
2025895 - UAM: Users not searched from HR/LDAP connectors if real-time search parameter 2050 is YES
User Access Review (UAR) - Issues
UAR Requests are being generated for expired users or locked users though excluded in the filter criteria. Also UAR requests contains indirectly assigned roles like Child roles of Composite roles.
To fix this issue implement below SAP notes
GRC System
1970118 - UAM: Expired and locked Users and indirect role assignment are also display in UAR request
1988134 - UAM: Dump on executing UAR job for user group and indirect assignments displayed in UAR request
Synchronization Jobs – Issues
We are facing an issue related to the roles assigned to the users in the target system. When roles have been removed from users in the backend. They are still visible with existing assignments overview in GRC system (even after sync).
This results in provisioning error when requesting a "retain role" request. Plug-In system then gives error message that the role is invalid (because it was not assigned anymore to the user).
Once the roles are removed in the target system, they should not appear again under the existing assignments in GRC.
If this kind of issue is happening then the Synch jobs are not working fine and there is some issue with these.
To fix this issue implement below SAP notes
Target (Plug-In) System
1970532 - Audit log gives wrong information about role removal, the validity of the role is not getting changed in the backend systems
GRC System
Missing Notification Variables and Notifications Issues - GRC SP13
Notification variables like Request Reason, Comments, Approver First Name, Approver Last Name and Approver Full Name are missing.
To enable these variables please implement below SAP notes.
1971842 - Request reason notification variable is not available in Access Request workflow
1917639 - UAM: Adding Comments and approver name variables in Access Request approval mail
Symptom:
Symptom 1: Validity dates and user id are not shown in the submission notification for the system entry.
Symptom 2: In submission notification, some text available in English and not able to translate in any other language.
Symptom 3: Provisioning variable shown roles whose Allow Auto-provisioning value is No and which have not been provisioned to the user.
Symptom 4: Create an access request to assign roles to an existing user in CUA child system. The closing notification contains wrong message of user creation.
Symptom 5: Notification variable %submission% for EAM/FF access approval does not contain System level information and validity dates information like FF_XXX Superuser access added to the request for action assign.
To fix this issue implement below SAP notes
1907911 - UAM: Incorrect text in submission & provisioning variable