EUP – Common Issues and Solutions, Important tables and takeaways
I am presenting a consolidated document of common issues and solutions collected from the forum as well as few faced by me related to EUP along with information on few important tables and takeaways on EUP.
Anyone is free to make changes and update new issues here.
- The End user Personalization helps the administrators to set the parameters that define the behaviour of the fields and the pushbuttons on the Access Request screen.
- The default EUP Id is 999.
- The Pre-requisite is activating the BC Set
- EUP helps to:
- Specify the number of visible rows
- Set Fields to visible or hidden
- Set fields as mandatory
- Define Default values for the fields
Inspite of defining the Approve/Reject own request field as NO and Defining the field as not editable and not visible and maintain the EUP id under task settings in MSMP, the user is still able to approve his request
Implement the SAP NOTE: 2088522
EUP is set to not Editable for Manager field. Even then, Multi User Requests Manager field show as Editable.
In Single User Request, you can add any User which is valid GRC user. It will create a Request & you have full options to make any User a Manager.
Self & Others Requests works with EUP, whereas EUP is not supported for Multi-user Requests.
Is there any way to customize EUP ID 999? If a Functional area field is selected, then Manager Field should become mandatory.
There is no provision of doing any customization in EUP 999. Only fields can be made visible/invisible, mandatory/optional & editable/non-editable.
The user is able to submit a second (duplicate) request while previous request is in the process of getting created. In a scenario where an access request takes a longer time to complete risk analysis on submission, the user is able to submit a second (duplicate) request for the same user.
To prevent the creation of a duplicate request, set the parameters below:
Configuration parameter 1071 = Yes
EUP parameter One User per Request per System = Yes (under the Mandatory column)
Why is there no Sub-Process field available in the EUP configuration section?
The sub-process field is not supported in the EUP settings.
In Maintain EUP Fields, for few fields the user cannot change the settings for “Mandatory” field. For Example, the field mandatory and Visible is disabled from editing for Last name.
This behavior is by design for some fields as they are the minimum information required to be given in an access request.
How do you troubleshoot if the ?
Find the solution in the following SAP Notes: 2111894, 1884227
Creating a new EUP, click on ‘Maintain EUP fields’ does not populate any data, and in the Edit menu, the ‘New entries’ option is grayed out.
Activate the BC set “GRAC_ACCESS_REQUEST_EUP“ from SCPR20
ARM Data not getting populated from EUP
EUP Default values are considered only, when it’s New User or the value for Existing User is not maintained i.e. field value is blank.
If any value is maintained in Connector from which User Details has to be fetched, then the Value and Format will come from Backend System.
Is EUP supported for multiple user requests?
EUP validation for multiple users request is not available in GRC 10.0 release or GRC 10.1 release with SP level lower than 04.
This feature was introduced as part of GRC 10.1 SP 04 (SAPK-V1104INGRCFNDA), therefore customers on GRC 10.1 SP03 or lower, make sure to have SAP Note 1960479 applied.
- The Default EUP id is 999.
- EUP Default values are considered only if the field values are blank.
- The sub-process field is not supported under business process in the EUP settings.
- There is no provision of doing any condition based customization in EUP ID 999.
- In GRC 10.0 application, only EUP configuration for SELF and OTHER user request types is supported. On MULTIPLE user request types, EUP configuration is not supported. This functionality is available in GRC AC 10.1 release.
- For few fields the user cannot change the settings for “Mandatory” field as this behavior is by design for some fields as they are the minimum information required to be given in an access request.
- For “Delete Request Type”, the EUP setting for User Group as “Mandatory” is not applied as for Delete account the only action is to delete the user and not to make any field changes for provisioning, hence we cannot assign the User group , as then it will be considered as provisioning action and the motive of the delete request is to delete the user and not provision the parameters.
Hope this document will be useful. Feel Free to make any corrections or updates.
Rakesh Ram M