Financial Management Blogs by Members
Dive into a treasure trove of SAP financial management wisdom shared by a vibrant community of bloggers. Submit a blog post of your own to share knowledge.
cancel
Showing results for 
Search instead for 
Did you mean: 
madhusap
Active Contributor


Hi All,

We are currently on GRC SP13. I could see lot of community members also working on same SP. There are lot of issues in GRC SP13. I am just updating the issues with relevant SAP notes here just to make it easy for the guys who come across the issues just like mine :smile:

There are still lot of issues which we are working on and will update this blog regularly based on our issues and fixes.

Access Request (ARQ)

 

Password Self Service (PSS) - Issues

 

In Password Self Service (PSS) when the user clicks on “Register Security Questions”. Users can add questions using either Admin defined or User defined option.

As shown below “User Defined Questions” has spelling mistake where “DEFINED” is spelled as “DEFINDED” and this can be fixed using SAP note

1907848 - UAM: Incorrect text for User Defined Questions




1600374 - CUP: Admin and user questions option not configuration

EUP Issues

 

Below SAP notes are implemented for issues regarding EUP.

1897794 - UAM: Request for value not coming from EUP in model user

1842378 - Default roles are getting added though they don’t exist in BE

 

Role Mapping Issues

 

Below SAP notes are implemented for issues regarding role mapping.

1900076 - UAM: Role mapping not working based on parameter 2015

2014524 - Common mapped role deleted on removing one of parent

Provisioning Settings Issues

 

Below SAP notes are implemented for issues regarding provisioning settings.

1966404 - UAM: System level provisioning settings not considered correctly

Role and Function Approval Workflows

 

During Role and Function approvals, below SAP notes are implemented for resolving comments pop up issue.

2044309 - During role and function approval, Comments popup is opening in case of approval and rejection without checking the configuration


1906672: Removed Function apprear in Risk Approval Request


Risk Approval Workflow - Issues

 

In case of risk approval workflows, Title was not coming in header while opening the risk for approval as shown below.

Fix the issue using SAP note 1921318 - Risk Approval Screen - Title is not coming in header

2049421 - Forward with Return for Risk Approval WF issue

 

Mitigation Control Maintenance Workflow - Issues

 

In case of mitigation control workflows,no message is shown to the approver if one approver forwards the request to another approver.

Fix the issue using SAP note 2050047 MIC Upon Forward no successful message

Business Roles - Issues

 

Before discussing about business roles issues, please go through below SAP note on business roles which explains all Pros and Cons of business roles

1981001 - Recommendations: Using business role provisiong in access request

Business roles are not supported in GRC with “RETAIN” provisioning action. But in SP13 users are able to submit access requests with business roles having “RETAIN” provisioning action.

To fix this please implement the SAP note 1982339 - UAM: End user is able to submit request for business role with retain provisioning action

 

In case of Business roles having common technical roles, role de-provisioning is not happening correctly.

To fix this please implement the SAP note

 

1930923 - UAM:-Business role removal is not working correctly in Access Request
1922082    UAM: Rejected business roles are getting provisioned

1951749    UAM: Business role not provisioned correctly in language other than English

 

Role Import - Issues

 

Role Import in GRC SP13 is not showing all roles in the preview and as well as not importing all roles based on role range.

 

To fix this issue please implement the SAP note 1897975 - Role import does not show roles in the preview

 

Firefighter Login - Issues

 

When FF user is logging in with the assigned FF ID system is throwing dumps.

 

To fix this issue please implement the SAP note 1800347 - Short Dump on FF Login

 

Risk Analysis - Access Request - Issues

 

1938722 - Risk analysis icon incorrect in access request

 

Default Roles - Access Request - Issues

 

2056035 - UAM: Role descrip not displayed for default Roles

1842378 - Default roles are getting added though they dont

2061875 - UAM: Role description for default roles not displa

 

Mitigation Control – Issues

Create Mitigation control and assign Risk and Approver/ Monitor to that control.

Click on Save/Submit button.


Error comes: "Saving Note Failed"


To fix this issue please implement SAP note 1890058 - "Saving note failed" error comes while saving Mitigation Control


 


Create Mitigation control and assign Risk and Approver/ Monitor to that control. The AC Reports are not displayed in the "Reports" tab of a mitigation control

Error message Action is inconsistent with system is displayed when you add a new AC report to a mitigation control and save/submit.


To fix this issue please implement SAP note 1902129 - Unable to save Mitigation control after adding AC Report


 


Mitigation control assignments which are already deleted are still showing up in GRC system.

To fix this issue please implement SAP note 1873361 - Performance issue with GRAC_REPOSITORY_OBJECT_SYNC

LDAP Issues

 

2025895 - UAM: Users not searched from HR/LDAP connectors if real-time search parameter 2050 is YES

1867742 UAM: Manager information is missing in request submission

Access Request - MultiUser Request - Issues

1864399 and 1886411 - Incorrect Template - Multiuser Request

 

User Access Review (UAR) - Issues

UAR Requests are being generated for expired users or locked users though excluded in the filter criteria. Also UAR requests contains indirectly assigned roles like Child roles of Composite roles.

To fix this issue implement below SAP notes

GRC System

1970118 - UAM: Expired and locked Users and indirect role assignment are also display in UAR request

1988134 - UAM: Dump on executing UAR job for user group and indirect assignments displayed in UAR request

1917837 - UAM : Connector based brf + rule is not working

1997960 - Unable to generate request for UAR/SOD.

2103409 - UAR: UAR approved request shows in work inbox util refresh.

1988128 - UAM: Missing line items with forward and return in UAR

Issue

UAR Requests are still showing up even after approval in work inbox until click on refresh button

 

2103409 - UAR: UAR approved request shows in work inbox until refresh.

 

User Defaults - Issues

 

2020712 - UAM: User group not provisioned after approval

 

Delegated Approver - Mail Issues

 

1589130 - GRC AC 10.0 - MSMP Notification Override BADi - En

1915928 - Delegated approver is not visible in instance status

1887512 - Incorrect approver list shown in instance status

 

Enterprise Portal Integration with GRC - Issues

 

1889792 - UAM: Portal sync results in time out/ Portal Object

 

 

Synchronization Jobs – Issues

 

We are facing an issue related to the roles assigned to the users in the target system. When roles have been removed from users in the backend. They are still visible with existing assignments overview in GRC system (even after sync).


This results in provisioning error when requesting a "retain role" request. Plug-In system then gives error message that the role is invalid (because it was not assigned anymore to the user).


Once the roles are removed in the target system, they should not appear again under the existing assignments in GRC.


If this kind of issue is happening then the Synch jobs are not working fine and there is some issue with these.


To fix this issue implement below SAP notes


Target (Plug-In) System


1970532 - Audit log gives wrong information about role removal, the validity of the role is not getting changed in the backend systems


GRC System


1934813 - UAM: Incorrect audit log message for role assignment and provisioning error for multiuser ...


Missing Notification Variables and Notifications Issues - GRC SP13


 


Notification variables like Request Reason, Comments, Approver First Name, Approver Last Name and Approver Full Name are missing.

To enable these variables please implement below SAP notes.


1971842 - Request reason notification variable is not available in Access Request workflow


1917639 - UAM: Adding Comments and approver name variables in Access Request approval mail


Symptom:

Symptom 1: Validity dates and user id are not shown in the submission notification for the system entry.


Symptom 2: In submission notification, some text available in English and not able to translate in any other language.


Symptom 3: Provisioning variable shown roles whose Allow Auto-provisioning value is No and which have not been provisioned to the user.


Symptom 4: Create an access request to assign roles to an existing user in CUA child system. The closing notification contains wrong message of user creation.


Symptom 5: Notification variable %submission% for EAM/FF access approval does not contain System level information and validity dates information like FF_XXX Superuser access added to the request for action assign.


To fix this issue implement below SAP notes


1907911 - UAM: Incorrect text in submission & provisioning variable


Email Notifications - Issues


 


SAP Note 2018395 - E-mail Notifications cannot use HTML


 


Unlock Account - Valid To Date Issue


 


2069094 - For Unlock Action type Valid To Date for user is coming from


 


Escalation Notifications - Role Owner Stage - Issues


 


2008881 - Approved request items are also escalated

2000779 - UAM: Escalation on roleowner stage not working

5 Comments