Skip to Content

User Access Review – Nightmare in GRC SP13 I will update this regularly with all our issues and fixes.

Customize Review Instructions

For customizing the UAR review instructions in the UAR request approval screen, please implement the below SAP notes:

Below note is for creating a program and then creating a SE61 template for maintaining the customized instructions for UAR

1926795 – Not possible to customize UAR review instructions

Below is note is to format the instructions in the same way as maintained in SE61 in request approval screen:

1946444 – UAR Review Instruction Format in Access Request

BRF+ Fields for UAR requests

During UAR implementation, in BRF+ rule use ROLE_CONNECTOR and however your BRF+ rule doesn’t work. To fix this issue and to route your UAR requests based on System implelment below SAP note:

1917837 – UAM : Connector based brf + rule is not working

Basic UAR Issues


In the UAR request approval screen, we observed some below mentioned issues.

1. User Name is not coming

2. Individual Role can be forwarded to another approver

3. Sometimes only UserID shows up and no role details

We fixed all above issues mentioned using below SAP note:

1868950 – UAM: UAR request display, print and forward assignment issue

UAR Jobs – Issues


When we schedule UAR jobs, although they are completed, they are still shown with In-process status. For this SAP has provided a note specific to few customers only.


1997960 – UAM: Unable to generate request for UAR/SOD.

UAR Reports – Issues


When UAR request is forwarded to another approver, in the UAR status report Approver ID is showing wrong. To correct this we implemented below SAP note:

1895571 – UAM: User Access Review status report not working

We have raised a OSS message to SAP as there is no connector based search available for UAR status reports. Below is the note provided to us which is not yet released to all customers.

2072384 Connector Criteria available in UAR Status report

Attachment of this note also attached in this post. Please check.

Symptom:

1. UAR history and status reports dump due to huge data.

2. No system/connector criteria availabe in user review status report.

Reason and Prerequisites

All data for all request was being stored in an internal table

Solution

Implement attached correction instructions


Add connector in User review status report


   1. Go to T-code SE 11 and select View radio button.

   2. Enter V_GRFNREPFILTER and click on display button.

3. Click on highlighted icon.

4. Enter report name ‘GRAC_CUP_USR_RVW_RPT”.

5. Click on edit icon, a window will pop up and press enter.

6. Click on new entry and enter as new entry for connector as mentioned below.

7. Save and activate the view.

Other terms

UAR history, UAR status, reports, dump, memory overflow, connector

————————————————————————

|Manual Pre-Implement. |

————————————————————————

|VALID FOR |

|Software Component GRCFND_A GRCFND_A |

| Release V1000 SAPK-V1004INGRCFNDA – SAPK-V1017INGRCFNDA |

————————————————————————

Kindly follow the steps as mentioned in attached file

(Connector_add.docx)

________________________________________________________________________

Valid Releases

GRCFND_A

V1000

V1100

________________________________________________________________________

After implementing the SAP note 2072384, we got another issue in the UAR status report where Stage column in the report is showing the same stage for all requests. For this SAP has released another note for us which is not yet released to all customers. Below is the SAP note:

2096437 – UAM: User review status report showing Incorrect Stage details


Symptom

UAR- User Review status report shows incorrect stage details.

Reason and Prerequisites

Wrong value is passed.

Solution

Implement the correction instruction.

Other terms

GRC, AC, UAR, Stage, User Review Status, Report.

To report this post you need to login first.

3 Comments

You must be Logged on to comment or reply to a post.

  1. Alessandro Banzer

    Madhu,

    do you also have problems that the manager is wrongly picked? I am using HR as data source and I have the problem that when the manager is manager it picks himself.

    Regards,

    Alessandro

    (0) 
    1. Madhu Babu Post author

      Dear Alessandro,

      We are using LDAP as data source, may be that’s the reason we didn’t had that issue. You can include the details of your issue in this post, I have opened it for collaboration.

      Thanks,

      Madhu.

      (0) 
  2. Santosh Krishnan

    Hi Madhu,

    I have an interesting problem.  The UAR job ran correctly, and produced entries that were reviewed by an Admin and then they were assigned coordinators, and then the workflow was updated.

    Managers got their emails, went into their work inboxes and removed roles, which were auto provisioned correctly, and rejected users, and in other cases approved.

    For rejected users, I went to manage rejections and then set the users to “Generate Requests”.

    According to the UAR guide, there should be a background job called UAR Review Process Rejected. 

    Untitled.png

    However I am unable to find this in my background sheduler. 

    Am I looking in the wrong place?

    Untitled.png

    Thanks,

    Santosh

    (0) 

Leave a Reply