Skip to Content

Hello All,


Reading this Document, You will find solutions for the following Audit Log Errors


/wp-content/uploads/2016/07/intro_998145.png


Audit Log Error #1


We get an error “Following error occurred in XXXCLNT### system while provisioning: 00024rabax during sapgui logon.” This error occurs when we are provisioning a Business Role through GRC. We don’t get this error when provisioning a single role to the same BI System.


This happens due to recent patches applied to BI system, and missing RFC authorization for RFC user between GRC foundation and plug-in system.


Provide the RFC user between GRC Foundation and GRC Plug-in with ALL the RFC authorizations (create new role as not all authorizations are included in SAP_ALL or SAP_NEW). The Authorization object S_RFCACL is also needed.


Audit Log Error #2


Error in provisioning and you see an error in Audit logs, stating “You are not authorized to assign User Group to Role xxx”


Audit_Log_2.png

  • Go to transaction SM59 and look for your RFC connector.


  • Select Logon & Security tab and check if your user maintained has the required authorizations to assign User Groups to a user in the connector system.


  • Also, check its password if it’s an active working password and user is not locked in the plugin system.

Audit Log Error #3


Facing error in the Audit log as “Escape path cannot be same as the current path”.

Audit_Log_3.png


The Stage used in the escape route, should have enabled the setting ‘Add Assignment’, so that the approver should be able to add the system in this stage.



Audit Log Error #4


While provisioning a user in CUA System, Facing error in the Audit log as “You are not authorized to create user”.



Audit_Log_4.png

To correct the problem, the CUA setting can be deactivated from the plugin system SCUA settings or maintain the CUA relationship in GRC system. If there are some systems which are connected to CUA master system but are not required for provisioning, these systems can still be maintained in CUA setting as child systems. This will enable GRC to identify the CUA master system and provisioning would work correctly.


So either the SCUA settings have to be corrected on the CUA System or the GRC CUA settings have to be maintained.


Another work around for this scenario would be to maintain CUA Settings in GRC with some unused connectors. If that is not an option, the CUA System can be maintained as both the parent and child in the GRC CUA Settings.




Audit Log Error #5


Facing error in the Audit log as: “Exception When Creating User”


Audit_Log_5.png


The Portal connector group parameter mapping in IMG is causing the error.


  • Go to Transaction SPRO and click on IMG.
  • Click on Access Control
  • Click on ‘Maintain Mapping for Actions and Connector Groups’
  • Click on ‘Assign default connector to connector group’
  • Highlight the affected Enterprise Portal connector with Connector Action: 0004 Provisioning.
  • Click on Assign Group Parameter Mapping.
  • Remove the following two Configuration Parameter mapping entries: CREATE_USER:OC, CREATE_USER:password


P.S. This solution is only applicable, if you primarily use Access Control 10.0 to provision roles in Enterprise Portal to existing users and do not use Access Control 10.0 for creating new users in Enterprise Portal.



Audit Log Error #6


Facing error in the Audit log as: “Log on Failed / CPI – CALL: ThSAPCMRCV”

  

Audit_Log_6.png


This error happens due to RFC error to the target system or incorrect configuration of the system connectors from the GRC box.



Audit Log Error #7

Facing Error in Audit logs as “Company address can not be selected”

This issue occurs if the company selected or created in the request is not actually available or created in the backend R/3 system. Because of this ARQ gives error while provisioning.


To overcome this, customer needs to have the ‘Company’ details with R3 system in both places (R3 system as well as in ARQ application), Company list should be identical.


Company that is maintained in the SPRO -> Governance Risk and Compliance->Access Control->Role Management->Define Companies should be same as the company maintained under user SU01.



Any Additions or Subtractions Most Welcome.


Regards,

Rakesh Ram M

To report this post you need to login first.

1 Comment

You must be Logged on to comment or reply to a post.

Leave a Reply