Access Control 5.3 - RAR
Hi Experts,
Help needed. I am a newbie with GRC.
I have executed the background jobs for RAR:
- roles/profiles/users sync
- batch risk analysis
- mgt rpt
all full sync and with * values
Once completed, the infor was updated in the informer tab under mgt view.
Question 1: What is puzzling me is, though i have setup the rule architect with critical roles and profiles (SAP* roles & S profiles) and under config tab to ignore critical roles and profiles (set to YES). Why is the mgt view->risk violations still showing me IDs assigned with SAP_ALL? This is definitely not a good place for top mgt to view the report since it is not reflecting the "accurate" situation of the system. Right?
Is risk analysis->user analysis, role analysis the "right" place for top mgt to view the reports then? Please advice.
Question 2:
When I change the background job parameters for Batch Risk Analysis with specific usergroup and specific role range, why it doesnt reflect in the mgt view->risk violations? it still show me all the users in the systems and not the range of users that i specified.
Thanks.
Hi Annie,
For your first question check this thread -
GRC 5.3 Zero Violations & unable to exclude critical profiles
Question 2:
When I change the background job parameters for Batch Risk Analysis with specific usergroup and specific role range, why it doesnt reflect in the mgt view->risk violations? it still show me all the users in the systems and not the range of users that i specified.
As per my uderstanding mgt-risk violation will show you the results based upon the selected criteria in the view and not based upon the background job you selected. Once Full Batch Risk Analysis is done, the data is there in GRC database. After that it keeps syncing each time you run a new batch risk analysis and adds any new changes.
Showing in mgmt report is based upon what you select to see.
Regards,
Sabita
Similar Messages
-
GRC Access Controls v5.3 RAR Batch Job Risk Analysis Incr Analysis
Hi All!
re: GRC Access Controls v5.3 RAR Batch Job Risk Analysis Incr Analysis
Can anyone list or direct me to a help link that has the progress list of processes that are contained in this batch job?
Thanks!Hi All,
I have answered my own question. The processes are:
User Permission Analysis
Profile Action Analysis
Role Action Analysis
User Action Analysis
Role Permission Analysis
-john -
Access Control 5.3 RAR - BW Reporting 0GCC_UPV
Hi experts,
I have activated the SAP GRC Access Control content and everything works fine so far. However, I can't report risks by users properly, as mitigated controls are not taken into account in cube 0GCC_UPV. Mitigated users are stored in 0GCC_MTUS.
Has anyone experience with this ? Of course we want to report on users which are not mitigated and still have risks.
The query select * from virsa_cc_prmvl on Java Stack says that MITREFNO is always empty. However, there is the possibility on the java stack to report on users and select/deselect mitigation. I don't believe they join two tables during runtime !
Any help is appreciated !
Thanks,
MaxHi Annie,
For your first question check this thread -
GRC 5.3 Zero Violations & unable to exclude critical profiles
Question 2:
When I change the background job parameters for Batch Risk Analysis with specific usergroup and specific role range, why it doesnt reflect in the mgt view->risk violations? it still show me all the users in the systems and not the range of users that i specified.
As per my uderstanding mgt-risk violation will show you the results based upon the selected criteria in the view and not based upon the background job you selected. Once Full Batch Risk Analysis is done, the data is there in GRC database. After that it keeps syncing each time you run a new batch risk analysis and adds any new changes.
Showing in mgmt report is based upon what you select to see.
Regards,
Sabita -
GRC Access Control 5.3 - RAR Risk Analysis in offline mode
Hi expert,
I'm trying to do RAR Risk Analysis in offline mode following this guide (https://www.sdn.sap.com//irj/sdn/go/portal/prtroot/docs/library/uuid/20a06e3f-24b6-2a10-dba0-e8174339c47c). But to generate User Action file the ABAP have a problem when try to get a COMPOSITE ROLE field for a Role that is asociate to many Composite role as the unique record consists of fields IDUSER, ROLE and ACTIONFROM . Someone know how we can solve this conflict?
Best Regards!I'm sorry, I think I haven't made myself clear enough. The thing is that the User Action File has a "Composite Role" field and we don't know how fill it when the Single Role belongs to multiple Composite Roles. This is because of the primary key, we can't make multiple records for each userid/role combination, each one with one different Composite Role, such as the following example:
USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE1
USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE2
USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLEN
Should we instead do only one record with all the composite roles? What character should we use to separate the composite role names? A ",", a ";"? For example:
USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE1_,_ COMPOSITEROLE2_,_ COMPOSITEROLE3
Hope I explained myself. Thanks for your help. -
ACCESS CONTROLS - UME ROLES (RAR)
Hello Experts!
i was wondering if you could help me. Is there a way to create/modify a role with the activity to assign Custom User Groups in RAR?
I checked the actions that exist for VIRSA.CC and didnt found any relevant actions.
I dont want to give authorization for all the actions in the Configuration tab but only for creating Custom User groups.
Thanks in advance!
davidhello Frank,
I want to give the authorization to our service desk, to create Custom User Groups over RAR> Configuration>Custom User Groups.
But i searched the actions over the UME and i couldnt find about custom groups.
I didnt want to give the authorization for the configuration tab.
Thanks
david -
Change in Access Control components on the Service Marketplace
Hello GRC community:
We would like to inform you that as of yesterday (5/30) the Access Control components for support messages/SAP Notes have been changed (they have actually been replaced so all messages/notes logged under the old component will be moved/replaced to the new).
The main 4 components are now:
New: GRC-SAC-ARA Access Risk Management
Old: GRC-SAC-SCC Risk Analysis & Remediation (formerly Compliance Calibrator)
New: GRC-SAC-ARQ Access Request
Old: GRC-SAC-SAE Compliant User Provisoning (formerly Virsa Access Enforcer)
New: GRC-SAC-EAM Emergency Access Management
Old: GRC-SAC-SFF Superuser Privilege Management (formerly Virsa Firefighter)
New: GRC-SAC-BRM Business Role Management
Old: GRC-SAC-SRE Enterprise Role Management (formerly Virsa Role Expert)
There are also NEW components specific to areas of functionality. If you are not sure of what component to log your message under, please use the main components above.
GRC-SAC-ADS Directory Services
GRC-SAC-BI Access Control BW
GRC-SAC-CONF Configuration
GRC-SAC-DAS Dashboard
GRC-SAC-REP Repository
GRC-SAC-RPT Reporting
GRC-SAC-UAR User Access Review
GRC-SAC-UPG Installation & Upgrade
GRC-SAC-WF Workflow
Ramelyn Paredes
AGS Primary SupportHello COmmunity,
To Summarise in Short: New features introduced to V10.0 : GRC 10.0 is ABAP based, so extraction of data from users is fast & analysis as well.
As usual, the names for the Access control tool has been changed
A. Access Risk Analysis (RAR)
1. USOBT & object information will be automatically updated with GRC rather than manual upload (earlier version)
2. Mass Users can be imported from .CSV file for risk analysis, Role analysis etc.,
3. Variant creation / reuse for any report analysis
4. Option of having multiple rule sets & simulating users across multiple rule sets at same time
5. Risk analysis for CUA, Composite roles
6. Mitigation by system, risk id, mass mitigation for users, audit trail etc.,
7. Risk analysis for HR objects
B. Emergency Access Management (SPM)
1. Mass reporting for all FF users, Ids, Executions
2. Centrally maintained for all systems rather than individual ERPs.
C. User Access Management (CUP)
1. Customizable Access request forms
2. HR based role assignment for position, org unit
3. IDM integration using GRC Web services
D. Business Role Management (ERM)
1. Concept of Business role mapping for Technical roles.
2. Audit Trails & PFCG Change history.
Finally, the look, reporting format has been changed to provide additional information for analysis.
More important - GRC V5.3 support is till 2015 & SAP has planned to push the customers to upgrade to 10.0. Eventually SAP is also planning to release GRC 11.0 by mid next year. So we have to wait & watch the show -
Query: Best practice SAN switch (network) access control rules?
Dear SAN experts,
Are there generic SAN (MDS) switch access control rules that should always be applied within the SAN environment?
I have a specific interest in network-based access control rules/CLI-commands with respect to traffic flowing through the switch rather than switch management traffic (controls for traffic flowing to the switch).
Presumably one would want to provide SAN switch demarcation between initiators and targets using VSAN, Zoning (and LUN Zoning for fine grained access control and defense in depth with storage device LUN masking), IP ACL, Read-Only Zone (or LUN).
In a LAN environment controlled by a (gateway) firewall, there are (best practice) generic firewall access control rules that should be instantiated regardless of enterprise network IP range, TCP services, topology etc.
For example, the blocking of malformed TCP flags or the blocking of inbound and outbound IP ranges outlined in RFC 3330 (and RFC 1918).
These firewall access control rules can be deployed regardless of the IP range or TCP service traffic used within the enterprise. Of course there are firewall access control rules that should also be implemented as best practice that require specific IP addresses and ports that suit the network in which they are deployed. For example, rate limiting as a DoS preventative, may require knowledge of server IP and port number of the hosted service that is being DoS protected.
So my question is, are there generic best practice SAN switch (network) access control rules that should also be instantiated?
regards,
Will.Hi William,
That's a pretty wide net you're casting there, but i'll do my best to give you some insight in the matter.
Speaking pure fibre channel, your only real way of controlling which nodes can access which other nodes is Zones.
for zones there are a few best practices:
* Default Zone: Don't use it. unless you're running Ficon.
* Single Initiator zones: One host, many storage targets. Don't put 2 initiators in one zone or they'll try logging into each other which at best will give you a performance hit, at worst will bring down your systems.
* Don't mix zoning types: You can zone on wwn, on port, and Cisco NX-OS will give you a plethora of other options, like on device alias or LUN Zoning. Don't use different types of these in one zone.
* Device alias zoning is definately recommended with Enhanced Zoning and Enhanced DA enabled, since it will make replacing hba's a heck of a lot less painful in your fabric.
* LUN zoning is being deprecated, so avoid. You can achieve the same effect on any modern array by doing lun masking.
* Read-Only exists, but again any modern array should be able to make a lun read-only.
* QoS on Zoning: Isn't really an ACL method, more of a congestion control.
VSANs are a way to separate your physical fabric into several logical fabrics. There's one huge distinction here with VLANs, that is that as a rule of thumb, you should put things that you want to talk to each other in the same VSANs. There's no such concept as a broadcast domain the way it exists in Ethernet in FC, so VSANs don't serve as isolation for that. Routing on Fibre Channel (IVR or Inter-VSAN Routing) is possible, but quickly becomes a pain if you use it a lot/structurally. Keep IVR for exceptions, use VSANs for logical units of hosts and storage that belong to each other. A good example would be to put each of 2 remote datacenters in their own VSAN, create a third VSAN for the ports on the array that provide replication between DC and use IVR to make management hosts have inband access to all arrays.
When using IVR, maintain a manual and minimal topology. IVR tends to become very complex very fast and auto topology isn't helping this.
Traditional IP acls (permit this proto to that dest on such a port and deny other combinations) are very rare on management interfaces, since they're usually connected to already separated segments. Same goes for Fibre Channel over IP links (that connect to ethernet interfaces in your storage switch).
They are quite logical to use and work just the same on an MDS as on a traditional Ethernetswitch when you want to use IP over FC (not to be confused with FC over IP). But then you'll logically use your switch as an L2/L3 device.
I'm personally not an IP guy, but here's a quite good guide to setting up IP services in a FC fabric:
http://www.cisco.com/en/US/partner/docs/switches/datacenter/mds9000/sw/4_1/configuration/guides/cli_4_1/ipsvc.html
To protect your san from devices that are 'slow-draining' and can cause congestion, I highly recommend enabling slow-drain policy monitors, as described in this document:
http://www.cisco.com/en/US/partner/docs/switches/datacenter/mds9000/sw/5_0/configuration/guides/int/nxos/intf.html#wp1743661
That's a very brief summary of the most important access-control-related Best Practices that come to mind. If any of this isn't clear to you or you require more detail, let me know. HTH! -
Applying Support Packs at GRC Access Control 5.3 overall solution level
Hi All
I recently noticed something at a customer, that GRC Access Controls 5.3 launch pad shows a different SP level e.g. version8, while the components, Compliant User Provisioning shown SP10, RAR shown SP12 etc.
My questions are;
1. Should SP updates be applied at a component level i.e. at RAR, CUP, ERM, and SPM level?
2. Would this customer scenario cause an issue in the future, when for example RAR is sitting on a different SP level than CUP etc.?
3. If GRC Access Controls launch pad shows SP level/version, does this SP level/version represent the SP level/version that applies to all components? or does this represent SP level/version of the launchpad only?
4. Are the Support Packs required to be applied on the ABAP stack as well?
Thanks
OdwaHi Odwa,
Please see my replies below.
1. Should SP updates be applied at a component level i.e. at RAR, CUP, ERM, and SPM level? NO, Just apply them to the entire GRC-AC from the JSPM
2. Would this customer scenario cause an issue in the future, when for example RAR is sitting on a different SP level than CUP etc.? Yes, one of these days there is going to be a problem becuas eof this
3. If GRC Access Controls launch pad shows SP level/version, does this SP level/version represent the SP level/version that applies to all components? or does this represent SP level/version of the launchpad only?
4. Are the Support Packs required to be applied on the ABAP stack as well? Yes they need to be applied on all the ABAP stacks as well, it is very omportant that support packs remain in sync everywhere.
Thanks!
Chinmaya
Edited by: chinmaya prakash on Dec 6, 2010 4:10 PM -
How To Performance Optimize GRC Access Control 5.3
Hi Everyone,
GRC RIG published in BPX the following How-To-Guide:
How To Performance Optimize GRC Access Control 5.3
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/90aa3190-8386-2b10-c4ba-ced67322ea6d
We appreciate any feedback and will keep track of all suggestions to improve future versions of this guide.
Frank Rambo
Director RIG EMEA
SAP Governance, Risk and Complicanceto access CUP:
http://<hostname>:<portnumber>/AE
To access RAR:
http://<hostname>:<portnumber>/webdynpro/dispatcher/sap.com/grc~ccappcomp/ComplianceCalibrator
to access SPM
http://<hostname>:<port>/webdynpro/dispatcher/sap.com/grc~ffappcomp/Firefighter
to access ERM:
http://<hostname>:<portnumber>/RE
Launch pad link:
http://<server name>:5<instance>00/webdynpro/dispatcher/sap.com/grc~acappcomp/AC
NW start page:
http://<hostname>:<portnumber>/index.html -
SAP GRC Access Control 5.3 .TXT - where to upload it
Hi Experts,
can anyone please tell me, I have to deploy/upload the patch:
SAP GRC Access Control 5.3 .TXT SP04
As I am new to GRC, can somebody please tell me where I upload/deploy this file.
Is it on the server at operating system level, or through the application in the Web Browser ?
Thanks and regards,
Petr.HI ,
As sahad said that is the right way to extract the *.SAR files the syntax is given below .
for unix : SAPCAR -xvf /<path>/<filename>
windows : SAPCAR -xvf <volume>:\<path>\<filename>
If you donot specify the path then it would get extracted in the path where you are right now means the same location where you the *.SAR file is present and then you can upload .
Then you can login into RAR portal and then go to configuration tab then click on utilities which would be the last option and then click on import and give the file location. -
GRC Access Control 5.3 (Links to components)
Hi all,
My laptop has just packed up. This to the end of the project.
Would anyone be so kind and send me the links to access and navigate through the Access control 5.3 modules and technical netweaver platform.
This will be a huge help, I don't realy have time to go through all the manuals and SAP notes and scout for all of these at this point in time.
Please HELP !
Regards, Melvinto access CUP:
http://<hostname>:<portnumber>/AE
To access RAR:
http://<hostname>:<portnumber>/webdynpro/dispatcher/sap.com/grc~ccappcomp/ComplianceCalibrator
to access SPM
http://<hostname>:<port>/webdynpro/dispatcher/sap.com/grc~ffappcomp/Firefighter
to access ERM:
http://<hostname>:<portnumber>/RE
Launch pad link:
http://<server name>:5<instance>00/webdynpro/dispatcher/sap.com/grc~acappcomp/AC
NW start page:
http://<hostname>:<portnumber>/index.html -
GRC Access Control 5.3 Organizational Levels - logical AND - OR changed
Hello GRC Community,
We are working with Access Control 5.3 SP 12 and we are setting up organization levels for the risk analysis.
The setup is loaded with a flat file, and the configurations seems to be loaded in the right way.
Doing the configuration on the RAR portal, openning the tab "rule architect" then "organization rules" and "create", we have this information:
Organization Rule: Z001
Description: TEST
Risk Organization Level from to search type Status
F001* BUKRS PRE0 AND Enabled
F001* EKORG PR00 OR Enabled
F001* EKORG PR01 OR Enabled
F001* EKORG RP00 AND Enabled
F001* VKORG RP00 OR Enabled
F001* VKORG RP01 OR Enabled
F001* VKORG RP02 AND Enabled
F001* WERKS SV00 OR Enabled
F001* WERKS VS00 OR Enabled
Finally save button.
When we want to edit an organization rule or add new one with the screen of organization rules, after saving we have the next result when load the rule again:
In the case of the same organization rule (Z001), the RAR returns this info:
Organization Rule: Z001
Description: TEST
Risk Organization Level from to search type Status
F001* BUKRS PRE0 AND Enabled
F001* EKORG PR00 OR Enabled
F001* EKORG PR01 OR Enabled
F001* EKORG RP00 OR Enabled
F001* VKORG RP00 OR Enabled
F001* VKORG RP01 OR Enabled
F001* VKORG RP02 OR Enabled
F001* WERKS SV00 OR Enabled
F001* WERKS VS00 OR Enabled
So the RAR has changed the logical AND for OR.
Why is it happening? This effect doesnt happen if i made an upload from a ftlat file of organizational rules.
We already tryed this symptom doing the same exercise with RAR SP 14 with the same issue.
Thanks in advance for all your comments
Regards,
Alejandro
Edited by: Alejandro Acuña Acosta on Jun 3, 2011 8:53 AMHi,
>
> 1. The Addons HR and NonHR are installed on the erp?
>
Yes.
> 2. The GRC could be an stand alone java server?
>
It should be on separate server.
> 3. The Spro config for process control is configured on the ERP or the grc server?
>
ERP server.
Thanks
Sunny -
UWL Integration - Process Control & Access Control
Hello Community,
Has anyone worked on UWL integration of Access Control 5.3 & Process Control 3.0?
Is this feasible by developing UWL custom connectors? Any hints?
(NW2004s - EP7.0)
Thanks!
DhanzHi
Even though you set risk analysis to be done at single in RAR , it will automatically consider following type if done from CUP
1. SOD conflict
2.Critical action
3. Critical Permission
If you want to have only SOD risk analysis ,then deactivate all critical action rules in RAR OR create a new ruleset and assign all SOD risk to it and use with CUP .
Thanks & Regards
Asheesh -
Users in different systems GRC Access Controls
Hello
Today we have more than 40 systems (dev, quality, prod)
We use access enforcer for provisioning to all these 40 systems.
Is there a way for us to find out if a user account exists in these 40 systems (connectors)?
Example:
User RAMSEY exists in quality, fix, prod r3
exists in prod bw etc.,
Can we find this information in any of the GRC Access Controls products?
ThanksSorry, Prakash. This fuctionality does not exist in CUP. It used to exist in early versions of Access Enforcer (AE.NET). This is a good feature and lots of cutomers want this feature. I hope SAP includes it.
You can find the user using RAR (CC) but again it will be maunal process. You can go to informer -> risk analysis. Over there you can select the system and search for user. If the user exists, it will show up. This will not work, if you have not done user sync from SAP system to RAR.
Regards,
Alpesh Parmar
SAP GRC Manager (PwC) -
We have a problem when execute the next steps in GRC Access Control 10.0
SPRO-->Governance, Risk and Compliance>Access Control--> Access Risk Analysis--> Batch RisK Analysis
We applied the next note, but problem is the same.
1563583 - SYSTEM_NO_TASK_STORAGE dump on AIX
Category
ABAP Programming Error
Runtime Errors
ASSERTION_FAILED
ABAP Program
CL_GRRM_DASHBOARD_MENU_AUTH===CP
Application Component GRC-RM
Date and Time
13.03.2013 11:50:04
|Short text
|
|
The ASSERT condition was violated.
|
|What happened?
|
|
In the running application program, the ASSERT statement recognized a
|
|
situation that should not have occurred.
|
|
The runtime error was triggered for one of these reasons:
|
|
- For the checkpoint group specified with the ASSERT statement, the
|
|
activation mode is set to "abort".
|
|
- Via a system variant, the activation mode is globally set to "abort"
|
|
for checkpoint groups in this system.
|
|
- The activation mode is set to "abort" on program level.
|
|
- The ASSERT statement is not assigned to any checkpoint group.
|
|What can you do?
|
|
Note down which actions and inputs caused the error.
|
|
|
|
|
|
To process the problem further, contact you SAP system
|
|
administrator.
|
|
|
|
Using Transaction ST22 for ABAP Dump Analysis, you can look
|
|
at and manage termination messages, and you can also
|
|
keep them for a long time.
|
|Error analysis
|
|
The following checkpoint group was used: "No checkpoint group specified"
|
|
|
|
If in the ASSERT statement the addition FIELDS was used, you can find
|
|
the content of the first 8 specified fields in the following overview:
|
|
" (not used) "
|
|
" (not used) "
|
|
" (not used) "
|
|
" (not used) "
|
|
" (not used) "
|
|
" (not used) "
|
|
" (not used) "
|
|
" (not used) "
|
|How to correct the error
|
|
Probably the only way to eliminate the error is to correct the program.
|
|
|
|
|
|
If the error occures in a non-modified SAP program, you may be able to
|
|
find an interim solution in an SAP Note.
|
|
If you have access to SAP Notes, carry out a search with the following
|
|
keywords:
|
|
|
|
"ASSERTION_FAILED" " "
|
|
"CL_GRRM_DASHBOARD_MENU_AUTH===CP" or "CL_GRRM_DASHBOARD_MENU_AUTH===CM001"
|
|
"IF_GRFN_MENU_ITEM_AUTH~IS_AUTHORIZED"
|
|
|
|
If you cannot solve the problem yourself and want to send an error
|
|
notification to SAP, include the following information:
|
|
|
|
1. The description of the current problem (short dump)
|
|
|
|
To save the description, choose "System->List->Save->Local File
|
|
(Unconverted)".
|
|
|
|
2. Corresponding system log
|
|
|
|
Display the system log by calling transaction SM21.
|
|
Restrict the time interval to 10 minutes before and five minutes
|
|
after the short dump. Then choose "System->List->Save->Local File
|
|
(Unconverted)".
|
|
|
|
3. If the problem occurs in a problem of your own or a modified SAP
|
|
program: The source code of the program
|
|
In the editor, choose "Utilities->More
|
|
Utilities->Upload/Download->Download".
|
|
|
|
4. Details about the conditions under which the error occurred or which
|
|
actions and input led to the error.
|
|
|
|
|
|System environment
|
|
SAP Release..... 702
|
|
SAP Basis Level. 0012
|
|
|
|
Application server... "KIO13701"
|
|
Network address...... "172.20.1.137"
|
|
Operating system..... "AIX"
|
|
Release.............. "7.1"
|
|
Hardware type........ "00F6C78E4C00"
|
|
Character length.... 16 Bits
|
|
Pointer length....... 64 Bits
|
|
Work process number.. 10
|
|
Shortdump setting.... "full"
|
|
|
|
Database server... "KIO13701"
|
|
Database type..... "DB6"
|
|
Database name..... "DGR"
|
|
Database user ID.. "SAPDGR"
|
|
|
|
Terminal.......... "192.168.0.5"
|
|
|
|
Char.set.... "C"
|
|
|
|
SAP kernel....... 720
|
|
created (date)... "Jul 8 2012 19:43:01"
|
|
create on........ "AIX 2 5 00092901D600"
|
|
Database version. "DB6_81 "
|
|
|
|
Patch level. 300
|
|
Patch text.. " "
|
|
|
|
Database............. "DB6 08.02.*, DB6 09.*, DB6 10.*"
|
|
SAP database version. 720
|
|
Operating system..... "AIX 2 5, AIX 3 5, AIX 1 6, AIX 1 7"
|
|
|
|
Memory consumption
|
|
Roll.... 0
|
|
EM...... 8379584
|
|
Heap.... 0
|
|
Page.... 16384
|
|
MM Used. 6205712
|
|
MM Free. 2170976
|
|User and Transaction
|
|
Client.............. 100
|
|
User................ "LVELASCO"
|
|
Language key........ "E"
|
|
Transaction......... " "
|
|
Transaction ID...... "51400164B1F00C40E1008000AC140189"
|
|
|
|
EPP Whole Context ID.... "5140015EB1F00C40E1008000AC140189"
|
|
EPP Connection ID....... "5140F9B0B19C1150E1008000AC140189"
|
|
EPP Caller Counter...... 1
|
|
|
|
Program............. "CL_GRRM_DASHBOARD_MENU_AUTH===CP"
|
|
Screen.............. "SAPMHTTP 0010"
|
|
Screen Line......... 2
|
|
Debugger Active..... "none"
|
|Server-Side Connection Information
|
|
Information on Caller of "HTTPS" Connection:
|
|
Plug-in Type.......... "HTTPS"
|
|
Caller IP............. "192.168.0.5"
|
|
Caller Port........... 44300
|
|
Universal Resource ID. "/sap/bc/webdynpro/sap/grfn_service_map"
|
|
|
|
Program............. "CL_GRRM_DASHBOARD_MENU_AUTH===CP"
|
|
Screen.............. "SAPMHTTP 0010"
|
|
Screen Line......... 2
|
|
|
|
Information on Caller ofr "HTTPS" Connection:
|
|
Plug-in Type.......... "HTTPS"
|
|
Caller IP............. "192.168.0.5"
|
|
Caller Port........... 44300
|
|
Universal Resource Id. "/sap/bc/webdynpro/sap/grfn_service_map"
|
|Information on where terminated
|
|
Termination occurred in the ABAP program "CL_GRRM_DASHBOARD_MENU_AUTH===CP" -
|
|
in "IF_GRFN_MENU_ITEM_AUTH~IS_AUTHORIZED".
|
|
The main program was "SAPMHTTP ".
|
|
|
|
In the source code you have the termination point in line 59
|
|
of the (Include) program "CL_GRRM_DASHBOARD_MENU_AUTH===CM001".
|
|Source Code Extract (Source code has changed)
|
|Line |SourceCde
|
| 29|
lv_dashboard = lv_value.
|
| 30|
|
| 31|
TRANSLATE lv_dashboard TO UPPER CASE.
|
| 32|
|
| 33|
CASE lv_dashboard.
|
| 34|
WHEN 'HEATMAP'.
|
| 35|
lv_report = 'GRRM_HEATMAP'.
|
| 36|
|
| 37|
WHEN 'LOSS_OVERVIEW' OR 'LOSS_STRUCTURE' OR 'OB_LOSS_OVERVIEW' OR 'OB_LOSS_STRUCTU|
| 38|
lv_report = 'GRRM_LOSS_ANALYSIS'.
|
| 39|
|
| 40|
WHEN 'OVERVIEW'.
|
| 41|
lv_report = 'GRRM_OVERVIEW'.
|
| 42|
|
| 43|
WHEN OTHERS.
|
| 44|
ASSERT 1 = 2.
|
| 45|
|
| 46|
ENDCASE.
|
| 47|
|
| 48|
EXIT.
|
| 49|
|
| 50|
ENDLOOP.
|
| 51|
|
| 52|
WHEN 'GRRM_LOSS_MATRIX' OR 'GRRM_LOSS_MATRIX_NEW'.
|
| 53|
lv_report = 'GRRM_LOSS_ANALYSIS'.
|
| 54|
|
| 55|
WHEN 'GRRM_HEATMAP_REPORT'.
|
| 56|
lv_report = 'GRRM_HEATMAP'.
|
| 57|
|
| 58|
WHEN OTHERS.
|
|>>>>>|
ASSERT 1 = 2.
|
| 60|
|
| 61| ENDCASE.
|
| 62|
|
| 63| TRY.
|
| 64|
lv_regulation_id = cl_grfn_api_regulation=>if_grfn_api_regulation~get_regulation_id( i|
| 65|
|
| 66|
ev_authorized = cl_grfn_util_rep_auth=>has_rep_auth(
|
| 67|
io_session
= io_session
|
| 68|
iv_regulation_id = lv_regulation_id
|
| 69|
iv_report
= lv_report
|
| 70|
iv_activity
= grfn0_c_activity-print
|
| 71|
|
| 72|
|
| 73|
CATCH cx_grfn_exception.
|
| 74|
ev_authorized = abap_false.
|
| 75|
|
| 76| ENDTRY.
|
| 77|
|
| 78|ENDMETHOD.
|
|Contents of system fields
|
|Name
|Val.
|
|SY-SUBRC|4
|
|SY-INDEX|2
|
|SY-TABIX|1
|
|SY-DBCNT|1
|
|SY-FDPOS|0
|
|SY-LSIND|0
|
|SY-PAGNO|0
|
|SY-LINNO|1
|
|SY-COLNO|1
|
|SY-PFKEY|
|
|SY-UCOMM|
|
|SY-TITLE|HTTP Control
|
|SY-MSGTY|
|
|SY-MSGID|
|
|SY-MSGNO|000
|
|SY-MSGV1|
|
|SY-MSGV2|
|
|SY-MSGV3|
|
|SY-MSGV4|
|
|SY-MODNO|0
|
|SY-DATUM|20130313
|
|SY-UZEIT|115004
|
|SY-XPROG|SAPCNVE
|
|SY-XFORM|CONVERSION_EXIT
|
|Active Calls/Events
|
|No. Ty.
Program
Include
Line |
|
Name
|
| 34 METHOD
CL_GRRM_DASHBOARD_MENU_AUTH===CP
CL_GRRM_DASHBOARD_MENU_AUTH===CM001
59 |
|
CL_GRRM_DASHBOARD_MENU_AUTH=>IF_GRFN_MENU_ITEM_AUTH~IS_AUTHORIZED
|
| 33 METHOD
CL_GRFN_API_MENU_ITEM_ELA=====CP
CL_GRFN_API_MENU_ITEM_ELA=====CM001 126 |
|
CL_GRFN_API_MENU_ITEM_ELA=>IF_GRFN_MENU_AUTH~ITEM_AUTH
|
| 32 METHOD
CL_GRFN_API_MENU==============CP
CL_GRFN_API_MENU==============CM003
34 |
|
CL_GRFN_API_MENU=>IF_GRFN_MENU_AUTH~ITEM_AUTH
|
| 31 METHOD
CL_GRFN_LAUNCHPAD_UIBB========CP
CL_GRFN_LAUNCHPAD_UIBB========CM006
60 |
|
CL_GRFN_LAUNCHPAD_UIBB=>IF_FPM_GUIBB_LAUNCHPAD~MODIFY
|
| 30 METHOD
CL_FPM_LAUNCHPAD_UIBB_ASSIST==CP
CL_FPM_LAUNCHPAD_UIBB_ASSIST==CM001
76 |
|
CL_FPM_LAUNCHPAD_UIBB_ASSIST=>INIT_FEEDER
|
| 29 METHOD
/1BCWDY/T2POSMRSKMLY9L6LJP5Z==CP
/1BCWDY/B_T2POSBAR6C8HPR0XTR4P
410 |
|
CL_COMPONENTCONTROLLER_CTR=>WDDOINIT
|
|
Web Dynpro Component
FPM_LAUNCHPAD_UIBB
|
|
Controller
COMPONENTCONTROLLER
|
| 28 METHOD
/1BCWDY/T2POSMRSKMLY9L6LJP5Z==CP
/1BCWDY/B_T2POSBAR6C8HPR0XTR4P
181 |
|
CLF_COMPONENTCONTROLLER_CTR=>IF_WDR_COMPONENT_DELEGATE~WD_DO_INIT
|
|
Web Dynpro Component
FPM_LAUNCHPAD_UIBB
|
|
Controller
COMPONENTCONTROLLER
|
| 27 METHOD
CL_WDR_DELEGATING_COMPONENT===CP
CL_WDR_DELEGATING_COMPONENT===CM004
9 |
|
CL_WDR_DELEGATING_COMPONENT=>DO_INIT
|
| 26 METHOD
CL_WDR_CONTROLLER=============CP
CL_WDR_CONTROLLER=============CM00V
3 |
|
CL_WDR_CONTROLLER=>INIT_CONTROLLER
|
| 25 METHOD
CL_WDR_COMPONENT==============CP
CL_WDR_COMPONENT==============CM019
24 |
|
CL_WDR_COMPONENT=>INIT_CONTROLLER
|
| 24 METHOD
CL_WDR_CONTROLLER=============CP
CL_WDR_CONTROLLER=============CM002
7 |
|
CL_WDR_CONTROLLER=>INIT
|
| 23 METHOD
CL_WDR_CLIENT_COMPONENT=======CP
CL_WDR_CLIENT_COMPONENT=======CM00E
24 |
|
CL_WDR_CLIENT_COMPONENT=>INIT
|
| 22 METHOD
CL_WDR_CLIENT_COMPONENT=======CP
CL_WDR_CLIENT_COMPONENT=======CM00A
42 |
|
CL_WDR_CLIENT_COMPONENT=>IF_WDR_COMPONENT_FACTORY~CREATE_COMPONENT
|
| 21 METHOD
CL_WDR_COMPONENT_USAGE========CP
CL_WDR_COMPONENT_USAGE========CM009
67 |
|
CL_WDR_COMPONENT_USAGE=>IF_WD_COMPONENT_USAGE~CREATE_COMPONENT
|
| 20 METHOD
CL_FPM_COMPONENT_MANAGER======CP
CL_FPM_COMPONENT_MANAGER======CM003
81 |
|
CL_FPM_COMPONENT_MANAGER=>ADD_COMPONENT
|
| 19 METHOD
CL_FPM_COMPONENT_MANAGER======CP
CL_FPM_COMPONENT_MANAGER======CM004
19 |
|
CL_FPM_COMPONENT_MANAGER=>ATTACH_COMPONENT_TO_USAGE
|
| 18 METHOD
CL_FPM========================CP
CL_FPM========================CM005
89 |
|
CL_FPM=>PROCESS_EVENT
|
| 17 METHOD
CL_FPM========================CP
CL_FPM========================CM00C
34 |
|
CL_FPM=>RUN_EVENT_LOOP
|
| 16 METHOD
CL_FPM========================CP
CL_FPM========================CM002
5 |
|
CL_FPM=>IF_FPM~RAISE_EVENT
|
| 15 METHOD
CL_FPM========================CP
CL_FPM========================CM003
11 |
|Hi Alberto,
The below Notes should resolve!
1428775
1744179
Hope this helps,
Luciana
Maybe you are looking for
-
Problem in creating workspaces..Please guide
Hello All, Am facing a problem in creating workspaces in DTR. Am working on EP7 SR2 (SP9) Have read mostly all related posts on SDN but cannot catch the missing link...Please guide me for the same: <u><b>setvars.bat</b></u> @echo off rem Default prop
-
How to Hide fields at Costing2 in Material Master
Dear Experts, One of my requirement is, i want to hide 3 fields in Material Master costing2 tab. The fields are Planned Price1, Planned Price2, Planned Price3. Can any one guide me how to hide those fields through SPRO. Otherwise how to approch this
-
I cannot reinstall quicktime - i was needing to downgrade my quicktime back to the 7.6.4 (download and install attempt) and the system kept saying that it couldn't do it because there was a more current version on the system - so i deleted the versio
-
Can a domain template have multiple dependencies?
Is it possible to create a domain template that has more than one dependency? It seems that the schema for domain-template-info allows only zero or one dependency elements. (and dependency allows only one 'requires' element? It seems like a basic req
-
Mail almost launches but won't open properly
Hi all I'm running Mac OS 10.4.10 on a G4. I've never had a problem with Mail but since yesterday it's failed to work. I click to open the program, it bounces in the dock, the menu bar at the top says "Mail" but I cannot get any further and control-c