This document talks about the challenges organizations face when upgrading Support pack/ Net weaver for SAP GRC 10.0. Organizations that upgrade support pack with Net weaver version for SAP GRC 10.0, might face many challenges at different stages of project. Here we are discussing some of the challenges faced in real time environment while upgrading GRC 10.0 to SP13 from existing SP07 and SAP Net Weaver 7.31 SPS 8 from existing SAP Net Weaver 7.02.
- Backend Plugin Upgrade
- If organization is planning to upgrading GRC 10.0 from SP level below SP10, they are require to plan and coordinate for GRC Plugin upgrade in backend systems also. GRC is normally connected to most of the system in any organization for user provisioning, risk analysis and emergency access…, which are at difference NW version and plugin level.
- To avoid product compatibility issues, suggested to plan plugin upgrade before GRC system upgrade.
- SU25 and Web dynpro components upgrade
- It is tough for Security consultant to understand effect for authorization updates in SU25 steps 2a, 2b, 2c on GRC front end, as it don’t provide details for change in authorization check for GRC front end application.
- Suggested detail planning for testing strategy and scenario testing to cover all Authorization check changes and role charge requirement
- Mass user locking
- Normally in any ECC, BI… systems total number of user are in thousands, but in GRC system number of user is high, depending on number for systems connected to it and how user’s data is updated. While upgrade to avoid user to login, it is recommend to lock users.
- In general SU10 is used for mass locking but for locking users in Lakhs via SU10 is not a suitable approach.
- Agent not found access requests ending into error or completing without role owner approval
- Post upgrade roles with approvers not defined in GRACOWNER table or not defined as owner in “Access control owner” in from end, will not be able to approve request. Post upgrade GRC started checking for approvers in GRACOWNER table.
- Before go live update all role approvers as Role Owners in Access control owner list.
- Dumps in system while clicking on link in email received from GRC
- Post NW and SP upgrade for GRC 10.0, users might start getting below ABAP dump in system
Category ABAP Programing Error
Runtime Errors Assertion Failed
ABAP Program CL_GRFN_API_IDENT================CP
Application Component GRC
- Please check for OSS note 1888486 if applicable for your system to fix issue