Skip to Content

This document talks about the challenges organizations face when upgrading Support pack/ Net weaver for SAP GRC 10.0. Organizations that upgrade support pack with Net weaver version for SAP GRC 10.0, might face many challenges at different stages of project. Here we are discussing some of the challenges faced in real time environment while upgrading GRC 10.0 to SP13 from existing SP07 and SAP Net Weaver 7.31 SPS 8 from existing SAP Net Weaver 7.02.

  • Backend Plugin Upgrade
    • If organization is planning to upgrading GRC 10.0 from SP level below SP10, they are require to plan and coordinate for GRC Plugin upgrade in backend systems also. GRC is normally connected to most of the system in any organization for user provisioning, risk analysis and emergency access…, which are at difference NW version and plugin level.
    • To avoid product compatibility issues, suggested to plan plugin upgrade before GRC system upgrade.
  • SU25 and Web dynpro components upgrade
    • It is tough for Security consultant to understand effect for authorization updates in SU25 steps 2a, 2b, 2c on GRC front end, as it don’t provide details for change in authorization check for  GRC front end application.
    • Suggested detail planning for testing strategy and scenario testing to cover all Authorization check changes and role charge requirement
  • Mass user locking
    • Normally in any ECC, BI… systems total number of user are in thousands, but in GRC system number of user is high, depending on number for systems connected to it and how user’s data is updated. While upgrade to avoid user to login, it is recommend to lock users.
    • In general SU10 is used for mass locking but for locking users in Lakhs via SU10 is not a suitable approach.
  • Agent not found access requests ending into error or completing without role owner approval
    • Post upgrade roles with approvers not defined in GRACOWNER table or not defined as owner in “Access control owner” in from end, will not be able to approve request. Post upgrade GRC started checking for approvers in GRACOWNER table. 
    • Before go live update all role approvers as Role Owners in Access control owner list.
  • Dumps in system while clicking on link in email received from GRC
    • Post NW and SP upgrade for GRC 10.0, users might start getting below ABAP dump in system

               ASSERTION FAILED

               Category           ABAP Programing Error

               Runtime Errors Assertion Failed

               ABAP Program  CL_GRFN_API_IDENT================CP

               Application Component GRC

    • Please check for OSS note 1888486 if applicable for your system to fix issue
To report this post you need to login first.

4 Comments

You must be Logged on to comment or reply to a post.

  1. Colleen Hebbert

    Hi Preeti

    Fantastic to see you writing this article. I have been wondering how everyone is approaching support packs, etc where they already have a production system

    For the SU25 – you might want to add which parts GRC needs to SU24 for (i.e. Function Definition in Ruleset and BRM Authorisations)

    Heaps of questions and ideas on what you could include (or you or anyone cover in future topics)………….

    How much time did you allow for the support pack upgrade from commencing activity (development) through to cut-over to production? Did you feel there was sufficient time?

    I realise your lock the users, but what sort of outage did you do for cut-over? Also, did you re-run full syncs on your job or continue delta?

    Did the support packs trigger a review of rule-set definitions or any other activity?

    What sort of testing did you do as part of your support pack approach and which people did you involve?

    This is most likely a new topic, but did you perform any system/client refreshes in Non-Production Systems that would cause a discrepancy between GRC and satellite system data?

    Do you have any key lessons learned for the approach you took and would you do anything differently next time round (there will be more SPs).

    Regards

    Colleen

    (0) 
  2. Ameet kumar

    Very useful and knowledge sharing psot.

    I was wondering to know exactly the same info some time back, but managed somehow. Definitely this would be helpful to others.

    Thanks a lot.

    Regards,

    Ameet

    (0) 

Leave a Reply