Hi All,

We are currently on GRC SP13. I could see lot of community members also working on same SP. There are lot of issues in GRC SP13. I am just updating the issues with relevant SAP notes here just to make it easy for the guys who come across the issues just like mine 🙂

There are still lot of issues which we are working on and will update this blog regularly based on our issues and fixes.

Access Request (ARQ)


Password Self Service (PSS) – Issues


In Password Self Service (PSS) when the user clicks on “Register Security Questions”. Users can add questions using either Admin defined or User defined option.

As shown below “User Defined Questions” has spelling mistake where “DEFINED” is spelled as “DEFINDED” and this can be fixed using SAP note

1907848 – UAM: Incorrect text for User Defined Questions


1600374 – CUP: Admin and user questions option not configuration

EUP Issues


Below SAP notes are implemented for issues regarding EUP.

1897794 – UAM: Request for value not coming from EUP in model user

1842378 – Default roles are getting added though they don’t exist in BE


Role Mapping Issues


Below SAP notes are implemented for issues regarding role mapping.

1900076 – UAM: Role mapping not working based on parameter 2015

2014524 – Common mapped role deleted on removing one of parent

Provisioning Settings Issues


Below SAP notes are implemented for issues regarding provisioning settings.

1966404 – UAM: System level provisioning settings not considered correctly

Role and Function Approval Workflows


During Role and Function approvals, below SAP notes are implemented for resolving comments pop up issue.

2044309 – During role and function approval, Comments popup is opening in case of approval and rejection without checking the configuration

1906672: Removed Function apprear in Risk Approval Request

Risk Approval Workflow – Issues


In case of risk approval workflows, Title was not coming in header while opening the risk for approval as shown below.

Fix the issue using SAP note 1921318 – Risk Approval Screen – Title is not coming in header

2049421 – Forward with Return for Risk Approval WF issue


Mitigation Control Maintenance Workflow – Issues


In case of mitigation control workflows,no message is shown to the approver if one approver forwards the request to another approver.

Fix the issue using SAP note 2050047 MIC Upon Forward no successful message

Business Roles – Issues


Before discussing about business roles issues, please go through below SAP note on business roles which explains all Pros and Cons of business roles

1981001 – Recommendations: Using business role provisiong in access request

Business roles are not supported in GRC with “RETAIN” provisioning action. But in SP13 users are able to submit access requests with business roles having “RETAIN” provisioning action.

To fix this please implement the SAP note 1982339 – UAM: End user is able to submit request for business role with retain provisioning action


In case of Business roles having common technical roles, role de-provisioning is not happening correctly.

To fix this please implement the SAP note


1930923 – UAM:-Business role removal is not working correctly in Access Request
1922082    UAM: Rejected business roles are getting provisioned

1951749    UAM: Business role not provisioned correctly in language other than English


Role Import – Issues


Role Import in GRC SP13 is not showing all roles in the preview and as well as not importing all roles based on role range.


To fix this issue please implement the SAP note 1897975 – Role import does not show roles in the preview


Firefighter Login – Issues


When FF user is logging in with the assigned FF ID system is throwing dumps.


To fix this issue please implement the SAP note 1800347 – Short Dump on FF Login


Risk Analysis – Access Request – Issues


1938722 – Risk analysis icon incorrect in access request


Default Roles – Access Request – Issues


2056035 – UAM: Role descrip not displayed for default Roles

1842378 – Default roles are getting added though they dont

2061875 – UAM: Role description for default roles not displa


Mitigation Control – Issues

Create Mitigation control and assign Risk and Approver/ Monitor to that control.

Click on Save/Submit button.

Error comes: “Saving Note Failed”

To fix this issue please implement SAP note 1890058 – “Saving note failed” error comes while saving Mitigation Control


Create Mitigation control and assign Risk and Approver/ Monitor to that control. The AC Reports are not displayed in the “Reports” tab of a mitigation control

Error message Action is inconsistent with system is displayed when you add a new AC report to a mitigation control and save/submit.

To fix this issue please implement SAP note 1902129 – Unable to save Mitigation control after adding AC Report


Mitigation control assignments which are already deleted are still showing up in GRC system.

To fix this issue please implement SAP note 1873361 – Performance issue with GRAC_REPOSITORY_OBJECT_SYNC

LDAP Issues


2025895 – UAM: Users not searched from HR/LDAP connectors if real-time search parameter 2050 is YES

1867742 UAM: Manager information is missing in request submission

Access Request – MultiUser Request – Issues

1864399 and 1886411 – Incorrect Template – Multiuser Request


User Access Review (UAR) – Issues

UAR Requests are being generated for expired users or locked users though excluded in the filter criteria. Also UAR requests contains indirectly assigned roles like Child roles of Composite roles.

To fix this issue implement below SAP notes

GRC System

1970118 – UAM: Expired and locked Users and indirect role assignment are also display in UAR request

1988134 – UAM: Dump on executing UAR job for user group and indirect assignments displayed in UAR request

1917837 – UAM : Connector based brf + rule is not working

1997960 – Unable to generate request for UAR/SOD.

2103409 – UAR: UAR approved request shows in work inbox util refresh.

1988128 – UAM: Missing line items with forward and return in UAR

Issue

UAR Requests are still showing up even after approval in work inbox until click on refresh button


2103409 – UAR: UAR approved request shows in work inbox until refresh.


User Defaults – Issues


2020712 – UAM: User group not provisioned after approval


Delegated Approver – Mail Issues


1589130 – GRC AC 10.0 – MSMP Notification Override BADi – En

1915928 – Delegated approver is not visible in instance status

1887512 – Incorrect approver list shown in instance status


Enterprise Portal Integration with GRC – Issues


1889792 – UAM: Portal sync results in time out/ Portal Object



Synchronization Jobs – Issues


We are facing an issue related to the roles assigned to the users in the target system. When roles have been removed from users in the backend. They are still visible with existing assignments overview in GRC system (even after sync).

This results in provisioning error when requesting a “retain role” request. Plug-In system then gives error message that the role is invalid (because it was not assigned anymore to the user).

Once the roles are removed in the target system, they should not appear again under the existing assignments in GRC.

If this kind of issue is happening then the Synch jobs are not working fine and there is some issue with these.

To fix this issue implement below SAP notes

Target (Plug-In) System

1970532 – Audit log gives wrong information about role removal, the validity of the role is not getting changed in the backend systems

GRC System

1934813 – UAM: Incorrect audit log message for role assignment and provisioning error for multiuser request

Missing Notification Variables and Notifications Issues – GRC SP13


Notification variables like Request Reason, Comments, Approver First Name, Approver Last Name and Approver Full Name are missing.

To enable these variables please implement below SAP notes.

1971842 – Request reason notification variable is not available in Access Request workflow

1917639 – UAM: Adding Comments and approver name variables in Access Request approval mail

Symptom:

Symptom 1: Validity dates and user id are not shown in the submission notification for the system entry.

Symptom 2: In submission notification, some text available in English and not able to translate in any other language.

Symptom 3: Provisioning variable shown roles whose Allow Auto-provisioning value is No and which have not been provisioned to the user.

Symptom 4: Create an access request to assign roles to an existing user in CUA child system. The closing notification contains wrong message of user creation.

Symptom 5: Notification variable %submission% for EAM/FF access approval does not contain System level information and validity dates information like FF_XXX Superuser access added to the request for action assign.

To fix this issue implement below SAP notes

1907911 – UAM: Incorrect text in submission & provisioning variable

Email Notifications – Issues


SAP Note 2018395 – E-mail Notifications cannot use HTML


Unlock Account – Valid To Date Issue


2069094 – For Unlock Action type Valid To Date for user is coming from


Escalation Notifications – Role Owner Stage – Issues


2008881 – Approved request items are also escalated

2000779 – UAM: Escalation on roleowner stage not working

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

Leave a Reply