Quantcast
Channel: Governance, Risk and Compliance (SAP GRC)
Viewing all articles
Browse latest Browse all 205

Issues, Bugs in GRC SP13 - Related Fixes

$
0
0

Hi All,

 

We are currently on GRC SP13. I could see lot of community members also working on same SP. There are lot of issues in GRC SP13. I am just updating the issues with relevant SAP notes here just to make it easy for the guys who come across the issues just like mine

 

There are still lot of issues which we are working on and will update this blog regularly based on our issues and fixes.

 

Access Request (ARQ)


Password Self Service (PSS) - Issues


In Password Self Service (PSS) when the user clicks on “Register Security Questions”. Users can add questions using either Admin defined or User defined option.

 

As shown below “User Defined Questions” has spelling mistake where “DEFINED” is spelled as “DEFINDED” and this can be fixed using SAP note 1907848 - UAM: Incorrect text for User Defined Questions

 


 

EUP Issues


Below SAP notes are implemented for issues regarding EUP.

 

1897794 - UAM: Request for value not coming from EUP in model user

1842378 - Default roles are getting added though they don’t exist in BE


Role Mapping Issues


Below SAP notes are implemented for issues regarding role mapping.

 

1900076 - UAM: Role mapping not working based on parameter 2015

 

Provisioning Settings Issues


Below SAP notes are implemented for issues regarding provisioning settings.

 

1966404 - UAM: System level provisioning settings not considered correctly

 

Risk Approval Workflow - Issues


In case of risk approval workflows, Title was not coming in header while opening the risk for approval as shown below.

 

Fix the issue using SAP note 1921318 - Risk Approval Screen - Title is not coming in header

 

Business Roles - Issues


Before discussing about business roles issues, please go through below SAP note on business roles which explains all Pros and Cons of business roles

 

1981001 - Recommendations: Using business role provisiong in access request

 

Business roles are not supported in GRC with “RETAIN” provisioning action. But in SP13 users are able to submit access requests with business roles having “RETAIN” provisioning action.

 

To fix this please implement the SAP note 1982339 - UAM: End user is able to submit request for business role with retain provisioning action


In case of Business roles having common technical roles, role de-provisioning is not happening correctly.

 

To fix this please implement the SAP note


1930923 - UAM:-Business role removal is not working correctly in Access Request
1922082    UAM: Rejected business roles are getting provisioned

1951749    UAM: Business role not provisioned correctly in language other than English


Role Import - Issues


Role Import in GRC SP13 is not showing all roles in the preview and as well as not importing all roles based on role range.


To fix this issue please implement the SAP note 1897975 - Role import does not show roles in the preview


Firefighter Login - Issues


When FF user is logging in with the assigned FF ID system is throwing dumps.


To fix this issue please implement the SAP note 1800347 - Short Dump on FF Login


Mitigation Control – Issues

 

Create Mitigation control and assign Risk and Approver/ Monitor to that control.

Click on Save/Submit button.

Error comes: "Saving Note Failed"

 

To fix this issue please implement SAP note 1890058 - "Saving note failed" error comes while saving Mitigation Control


Create Mitigation control and assign Risk and Approver/ Monitor to that control. The AC Reports are not displayed in the "Reports" tab of a mitigation control

Error message Action is inconsistent with system is displayed when you add a new AC report to a mitigation control and save/submit.

 

To fix this issue please implement SAP note 1902129 - Unable to save Mitigation control after adding AC Report


Mitigation control assignments which are already deleted are still showing up in GRC system.

 

To fix this issue please implement SAP note 1873361 - Performance issue with GRAC_REPOSITORY_OBJECT_SYNC

 

LDAP Issues


2025895 - UAM: Users not searched from HR/LDAP connectors if real-time search parameter 2050 is YES

 


User Access Review (UAR) - Issues

UAR Requests are being generated for expired users or locked users though excluded in the filter criteria. Also UAR requests contains indirectly assigned roles like Child roles of Composite roles.

 

To fix this issue implement below SAP notes

 

GRC System

1970118 - UAM: Expired and locked Users and indirect role assignment are also display in UAR request

1988134 - UAM: Dump on executing UAR job for user group and indirect assignments displayed in UAR request


Synchronization Jobs – Issues


We are facing an issue related to the roles assigned to the users in the target system. When roles have been removed from users in the backend. They are still visible with existing assignments overview in GRC system (even after sync).

 

This results in provisioning error when requesting a "retain role" request. Plug-In system then gives error message that the role is invalid (because it was not assigned anymore to the user).

 

Once the roles are removed in the target system, they should not appear again under the existing assignments in GRC.

 

If this kind of issue is happening then the Synch jobs are not working fine and there is some issue with these.

 

To fix this issue implement below SAP notes

 

Target (Plug-In) System

 

1970532 - Audit log gives wrong information about role removal, the validity of the role is not getting changed in the backend systems

 

GRC System

 

1934813 - UAM: Incorrect audit log message for role assignment and provisioning error for multiuser request

 

Missing Notification Variables and Notifications Issues - GRC SP13


Notification variables like Request Reason, Comments, Approver First Name, Approver Last Name and Approver Full Name are missing.

 

To enable these variables please implement below SAP notes.

 

1971842 - Request reason notification variable is not available in Access Request workflow

1917639 - UAM: Adding Comments and approver name variables in Access Request approval mail

 

Symptom:

 

Symptom 1: Validity dates and user id are not shown in the submission notification for the system entry.

Symptom 2: In submission notification, some text available in English and not able to translate in any other language.

Symptom 3: Provisioning variable shown roles whose Allow Auto-provisioning value is No and which have not been provisioned to the user.

Symptom 4: Create an access request to assign roles to an existing user in CUA child system. The closing notification contains wrong message of user creation.

Symptom 5: Notification variable %submission% for EAM/FF access approval does not contain System level information and validity dates information like FF_XXX Superuser access added to the request for action assign.

 

To fix this issue implement below SAP notes

 

1907911 - UAM: Incorrect text in submission & provisioning variable


Viewing all articles
Browse latest Browse all 205

Trending Articles