Access Enforcer - Role Reaffirmation

Hi,
Access Enforcer offers a role <-> user assignment reaffirmation after a defined period.
My question is, what happens if using the Remove or Hold button in the Role Reaffirm menu entry.
I tried removing the access, but all that happens is the user entry is marked as "Remove".
Should an automatic Request for the role removal be triggered or what's the purpose of these two options?
Thanks,
Daniela

I answered the question myself.
Hold will keep the role in the queue to reaffirm.
Remove will automatically remove the role from the user once all user-role assignments have either been affirmed or removed.

Similar Messages

  • Access Enforcer Role Import - Reaffirm period

    Hello
    What does the following terms mean;
    last reaffirm
    reaffirmperiod
    We current upload roles into AE, with last reaffirm as current date, and reaffirmperiod of 60 which means 5 years.
    Can someone please explain what these terms mean, because many roles have reaffirm periods that end in 2010.
    Thanks

    Hi Prakas,
    Reaffirm period ( in months ) is the duration after which you would like the Approver of the Role ( Role Owner /Role Approver ) to get notified on which all user in SAP has access to that Role and Does he want to continue giving that role to them or wants to remove that Role from all of them or any one of them .
    He would get the details on which Role requires Reaffrim at following location :
    In AE 5.2 ;  login with Role approver id ( eg ABC )  into AE .
    In tab Access Enforcer > Reaffirm .
    A list of All the roles of which ABC is apporver and which require re-affrim would display here.
    ABC can now take approriate action by selecting the role name.
    *Last reaffrim * is the date when the Role was Reaffrim /revisited/reassgined last.
    In your scenario you have given Reaffrim period = 60 which means your Role Owner would get the Role in his Reaffrim inbox after 5 years .
    This is not best practise . For security reason , SAP advices to keep the Reaffrim period to a maximum of 2 months.
    I hope this answers your query .
    Thanks
    Jasmine

  • CUP 5.3 SP11.1 - Role Reaffirm - Java Overflow error

    Hi!
    We are currently using the CUP Role Reaffirm.  An user is trying to access the role reaffirm screen, he received an error message:
    Java.lang.StackOverflowError:Null   Exception: (00145EC6363A0065000005F100174014000490DB915AF7A1).
    The application log shows: 3]_20##0#0#Error#1#/Applications/AccessEnforcer#Plain### Ignoring Exception - U
    ser : 10102021  not found to get full name #.
    Does anyone know what this error message is?
    Thank you.
    Lynn

    Hi Alpesh,
    Yes, 10102021 is a valid user id.
    Here is the CUP system log:
    2010-09-22 12:51:04,289 [SAPEngine_Application_Thread[impl:3]_8] ERROR Requested navigation control not found
    com.virsa.ae.commons.utils.framework.ControlNotFoundException: Action not found - loadRequestorLoginPage
         at com.virsa.ae.commons.utils.framework.ScreenDefn.getActionDefn(ScreenDefn.java:141)
         at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:157)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(AccessController.java:219)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
    2010-09-22 13:05:57,833 [SAPEngine_Application_Thread[impl:3]_7] ERROR java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
    java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
         at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.execRiskAnalysis(RiskAnalysisEJB53DAO.java:305)
         at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:277)
         at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:419)
         at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.determineRisks(RiskAnalysisEJB53DAO.java:527)
         at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:103)
         at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
         at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1108)
         at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:335)
         at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:112)
         at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(AccessController.java:219)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
    2010-09-22 13:05:57,835 [SAPEngine_Application_Thread[impl:3]_7] ERROR Exception during EJB call, Ignoring and trying Webservice Call
    com.virsa.ae.service.ServiceException: Exception in getting the results from the EJB service : com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
         at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:295)
         at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:419)
         at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.determineRisks(RiskAnalysisEJB53DAO.java:527)
         at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:103)
         at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
         at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1108)
         at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:335)
         at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:112)
         at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(AccessController.java:219)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
    Caused by:
    java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
         at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.execRiskAnalysis(RiskAnalysisEJB53DAO.java:305)
         at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:277)
         ... 28 more
    Thank you.
    Lynn

  • Access Enforcer(error in approving the request) and import roles

    Dear all,
    error in approving the request at security stage(last)
    manager and role owner are successfully approved.
    and also importing roles into access enforcer was not successful.
    imortstatus : 0 roles imported of 28 records found.
    please find the system log:
    2008-09-05 13:01:34,625 [SAPEngine_Application_Thread[impl:3]_8] DEBUG com.virsa.ae.service.messaging.MessageFormatter : parseDesc :   : INTO the method : desc :Please specify a file to import.paramNames :paramsMap :{FIELD_NAME=#_!FIELD_NAME#_!}
    2008-09-05 13:01:34,625 [SAPEngine_Application_Thread[impl:3]_8] DEBUG com.virsa.ae.service.cache.AECacheUtil : getResourceBundle :   : INTO the method : en
    2008-09-05 13:01:34,625 [SAPEngine_Application_Thread[impl:3]_8] DEBUG com.virsa.ae.service.cache.AECacheUtil : getResourceBundle :   : INTO the method : en
    2008-09-05 13:01:34,625 [SAPEngine_Application_Thread[impl:3]_8] DEBUG com.virsa.ae.service.cache.AECacheUtil : getResourceBundle :   : INTO the method : en
    2008-09-05 13:01:34,625 [SAPEngine_Application_Thread[impl:3]_8] DEBUG com.virsa.ae.service.cache.AECacheUtil : getResourceBundle :   : INTO the method : en
    2008-09-05 13:01:34,625 [SAPEngine_Application_Thread[impl:3]_8] DEBUG com.virsa.ae.service.cache.AECacheUtil : getResourceBundle :   : INTO the method : en
    2008-09-05 13:02:28,234 [Thread-47] DEBUG

    In Addition to my previous response:
    I meant to include the following:
    Some of the fields that need to be properly defined with attributes are:
           System: must have the know SAP system defined here
           Role Approver (i presently are using most of the roles without having need for approval; I created a user called NOAPPRV in AE)
           Functional Area: need to have all the areas defined that roles will be assigned to
           Company: I only have one company so that's an easy one
    Some areas I presently do not use but found they must ne coded and coded properly:
           ResponsibilityID:   N/A  (coded as is)
           CommentsMandatory: NO (coded as is)
           Parent Role Owner:   NO
           Business Process: NA  (I believe I originally coded N/A and it did not like that)
           Sub Process: NA  (again N/A I believe error on me)
           Reaffirm Period: presently I am using 0 (zero)
           LastReaffirm: presently using 12/31/9999
    Hope this helps a bit
    I wanted to include an attachment with a sample of my Role Import spreadsheet but I'm not sure exactly how to do that; if I figure that out or someone can provide me the process I will include it
    Jerry Synoga
    Ryerson Inc.
    630-758-2021

  • Upload of role in Access Enforcer 5.2.

    Hi All,
    I need to upload roles in Access Enforcer from SAP ECC system. Actually i have uploaded the roles in Access Enforcer, but all unwanted roles have also got uploaded.
    Now i need some way, first to clean entire uploaded roles & then upload selected roles.
    Please suggest.
    Thanks & Regards,
    Pravin

    Hi Pravin,
       Here are the steps:
    1) Download all the roles into an excel spreadsheet:
    Go to configuration -> Roles- Search roles -> Click on 'Export' button. This CUP, go to 'Search Roles'. Click on 'Search' button without providing any search criteria. This will return all the roles available in CUP. Now, click on Export button. CUP will export all the roles into Excel spreadsheet in the format which CUP understands.
    2) Delete all the roles from CUP: Now, in the same screen as above, select all the roles and delete them.
    3) Delete not needed roles from spreadsheet and upload it into CUP:
    Now, delete all the unwanted roles from CUP and play with the spreadsheet to manipulate other parameters like role approvers, systems, business process etc and upload that spreadsheet into CUP.
    Regards,
    Alpesh
    SAP GRC Manager (PwC)

  • Access Enforcer Import Role Automation

    We would like to automatically import roles from SAP.
    We do know that you can use Role Expert which in itself can be used to automate the import. However, we still have to manually import into AE - even if RE is used as the role source.
    Is there a way to periodically automate the import from either SAP or RE because it does not make sense to have to manuall import roles every time a new role is created in SAP.
    Thanks

    Actually, it does make sense.
    One of the prime features of Access Enforcer is that you don't import all the roles, but just the ones you want users to be able to request.
    For each of the roles, it's useful to put them into some kind of category (functional area, business process, sub-process), which makes handling for users a lot easier, and you have to assign approvers.
    One way to do that is to use an Excel spreadsheet and manage the data there. Easy to use and update, and quick to upload into AE.
    Kind regards,
    Frank.

  • Access Enforcer - REMOVE roles/existing roles inoperant

    Hello
    After some time using the capability to ADD and REMOVE roles when creating a request on Access Enforcer (using the option 'Existing Roles' to REMOVE), now Access back to the screen to ADD always that we try to access 'Existing Roles'.
    So, the function to REMOVE roles are inoperant.
    Any ideas what It cold be?

    Hi,
    When you open a changing access request it's possible to add new roles and remove existing roles from the user, right?
    However, the option to remove roles (which is accessed through the 'existing roles' button) is not working longer.
    When that option is accessed, it's not showed anymore the current user's access: the screen returns to the add roles option.
    I haven't found any setting for the feature to remove roles and still don't know how that option, previously used in other requests, is not working for anyone else.
    Regards
    Heverton Kesseler

  • Access Enforcer and Import Roles

    Hi All,
    I am having issues importing roles that have the exact same name across different systems. This makes it almost impossible to implement Access enforcer across Dev/QA and Production environments at once. I would have thought that AE uses the (System ID, role name) as the key for that particular table used.
    Has anyone managed to find a workaround for this?
    Cheers,
    Cuneyt

    Nevermind i have solved the problem.

  • GRC Access Control 5.3 - Role Reaffirm Notification Email

    Hi Experts,
    We have GRC 5.3 system and we want to change the content of Role Reaffirm notification email.
    Is there any way to change the default email text?
    We want to add few additional lines and CUP link in the email notification.
    Thanks,
    Rajendra

    Hi Alpesh,
    I found the entry in table VIRSA_AE_MESSAGE which is the same message as in the email notification.
    I changed the value for field MSGDESC in our test system but the new text is not reflecting in email.
    The email subject is coming as- Here are the roles that need to be reaffirmed
    The body of the email is as below-
    Here are the roles that need to be reaffirmed
    Z_FI_MANAGER
    Z_ALL_HR_DISPLAY_ALL
    I updated the table at database level.
    Is there anything else needs to be done?
    Also we are using UAR as well as Role Reaffirm (don't know why), is there any oss note which says that UAR can be used instead of Role Reaffirm?
    Thanks,
    Rajendra

  • CUA still necessary/recommended with Access Enforcer?

    Hello forum members,
    we are planning to implement SAP GRC Access Control for one of our clients. There are 5 R/3 Systems in the landscape, one of them a HR System. Currently there is no CUA in place an all users and roles are maintained separately in each system. Now with the introduction of GRC Access Control there is the question, if we should at the same time also have a CUA introduced or if it is better to directly provision the Users and Roles from Access Enforcer to the target systems.
    What are the pros/cons to have a CUA in between? Does Access Enforcer also provide overview on all users in all system and the assigned roles?
    Thanks for your replies.

    This is a question that I'm asked all the time.  For some environments, using CUA with AE is really nice.  For other environments, it's just not feasible to have CUA as the security authorisation strategies are too inconsistent across systems.
    For example:
    a. There are three systems (ECC, BI, and SRM) implemented with a consistent top-down (job) approach to defining roles.  So, a AP clerk will receive the 'AP Clerk' role in ECC, 'AP Clerk' role in BI, and 'AP Clerk' role in SRM (for simplicity).   Obviously, the roles are different as they are for different systems, but the point is, it is easy to categorise the authorisations for a particular job across each of the systems.  If security is consistent like this, then CUA can be implemented and the three single roles for the three systems can be grouped together in a cross-system composite role called 'AP Clerk'.  When AE is implemented over the top of this, a user only has to request the 'AP Clerk'  role (composite).  AE performs the workflows, risk analysis etc and then finally passes the request to CUA, which then provisions out to the other two systems.  Very easy from a user point of view as they only have to request one role, which is their job.
    b.  If however due to inconsistency between the systems, it is not feasible to group access into cross-system composites, it may just be better to go with AE without CUA.  In this scenario, a user must request the applicable roles from each of the three systems.  It is more flexible, but a little more difficult for the end user.
    I normally spend quite a bit of time developing the Access Controls strategy during the blueprint phase of the implementation just to make sure that I'm coming up with the optimal design.  A bit of prototyping helps also!

  • Role Reaffirm in GRC10

    Hi all,
    did anyone use the Role Reaffirm functionality within GRC10?
    The functionality seems to be available, but we cannot get any roles listed to be reaffirmed.
    We have defined approvers for roles in GRC, have users assigned, ran the RR Reminder background job.
    Is there anything missing?
    The config parameters seem to have magically disappeared from the list of available parameters.
    Also could not find any documentation on Role Reaffirm in AC 10
    Thanks for some input,
    Daniela

    Hello experts,
    I get the same issue:
    I have 1 role with reaffirm expiration on 05/16/2013 and 1 role which already had expired on 05/08/2013.
    In order of the fact, that today is 05/15/2013, I expect in 'Access Management > Role Mining > Role Reaffirm' a result of 2 roles which have to be reaffirmed.
    But it already gives the warning "No records found"!
    In advice of Leon I tried to type the value '1' in "Number of days before Duedate", so I would expect 1 role as result... but: "No records found"!
    I attached some screenshots of my configuration.
    Any ideas?
    EDIT: can somebody tell me the reminder email notification Job for role reaffirm? I only know the Job "GRAC_ERM_ROLE_CERTIFY_NOTIF" for role certification
    Thanks in advance :-)
    Edgar

  • Can access enforcer be implemented with going through the SOD check.

    Hi All,
    I have couple of questions regarding Access enforcer:
    1. Can Access enforcer be implemented with going through the SOD check?
    2. Can we provision roles for the project team using Access Enforcer (without having a million SOD conflicts which need to be cleared)?
    I would really appreciate any insight on these questions.
    Thanks

    https://websmp103.sap-ag.de/~form/sapnet?_FRAME=OBJECT&_HIER_KEY=501100035870000015092&_HIER_KEY=601100035870000206624&_HIER_KEY=601100035870000212731&_HIER_KEY=601100035870000210510&_HIER_KEY=701100035871000519581&_SCENARIO=01100035870000000202&#HOME

  • CUA vs. Access Enforcer

    Can anyone explain the need for implemented both CUA and Access Enforcer?
    We are currently upgrading to ECC6.0 and implementing the GRC tools(5.2) and CUA  With the distributed access provisioning available in Access Enforcer, I am trying to determine the benefit of implementing CUA .

    Hi Patrick
    1) In this scenario the only benefit with CUA i can see is
         a) Password reset
         b) locking and unlocking the user.
    2) If you use GRC AC in landscape, it is not at all recommended to assign roles, profiles using CUA. This can lead to high level compliance /regulatory issues.
    3) If you are implementing new CUA, then i would recommend to go for NW Identity Management Solution. Advantages are
        1) User provisioning for SAP and non-SAP system
        2) can be integrated with GRC for Risk analysis and remediation.
        3) Password Management also possible.
            https://www.sdn.sap.com/irj/sdn/nw-identitymanagement
    regards
    Anand.M

  • Risk Analysis Error - Access Enforcer

    Hi Experts,
    I am getting error while running risk analysis in Access Enforcer and the error is
    <b>Risk analysis failed: Exception in getting the results from the web service : Service call exception; nested exception is: java.lang.Exception: Incorrect content-type found 'text/html'
    </b>
    We are using seperate RFC IDs for Access Enforcer connector and Comlaince Calibrator connector.
    Please help me.
    Thanks&Regards,
    Vijay

    Reddy,
    The user must indeed be created in the UME as a Compliance Calibrator user.
    I don't know exactly which role he should be assigned, usually I indicate there my CC admin user-id and password.
    When you see it is working with that user-id, you can try to re-fine the roles.
    Some more info regarding what needs to be set in the URI in case the one I inducated in my previous answer is not working:
    "There are two selectable versions of Compliance Calibrator. If you select 5.0 Web Service, three additional fields appear (URI, UserName, and Password). For the URI field, you need to navigate to the SAP NetWeaver Web Application Server Home page > Web Services Navigator > CCRiskAnalysisService > WSDLs > Standard link of Document, where you will see a list of all web services in the server. Select the desired URI address. If you select Compliance Calibrator 4.0, there is no need to connect to a URI address."
    Karim

  • Access Enforcer Risk Analysis question

    Hello All.
    We are receiving an error message in an AE request.  We are receiving the following error in Access Enforcer 'Mitigation control ZM030 could not be saved for user XXXX - Exception from the service: ERROR: This user is already mitigated for this risk' when doing the final approval on some requests.
    Request #1 approved without error but when I did Request #2 received error message.  I tried it again, same error, but the tick boxes are grey instead of green. 
    In all cases the roles were added to the user's account, but now AE request 1 and 2 cannot be removed from the listing.

    Ankur,
    this can happen under different circumstances - say 1 of 3 systems to provision to is down. You will get an error message and the request is not closing, although provisioned to the other 2.
    Jonathan,
    for this request that is still open, can you remove the mitigation? And then re-run Risk Analysis and approve again.
    From version 5.3 you cannot create multiple concurrent requests for the same user, this will prevent your exact error.
    Regards
    Daniela

Maybe you are looking for

  • No access at all to NDS since server crash

    last weekend our single server crashed (NW 6.1, SP2). with a nss rebuld Ive fixed the volume problem, the SYS partition is working again. but also the NDS database seems to have crashed. its totally unable to login, even as an admin. ive tried DSREPA

  • Sound effects not working after upgrade

    After upgrading to Yosemite, my system sound effects are no longer working. Instead of hearing my selected Basso sound, my entire screen flashes.  Other sounds, such as the audio track of a video, still work fine. If I use the "afplay" command I can

  • Can Mail be re-installed?

    Can mail be re-installed when it is not working correctly?

  • InfoPackage in Process Chain Error

    Hi, I am working on a 3.1 Dev system which was copied from the Production system. The R/3 system was also copied. ......Prod.....Dev R/3.   LD1  --> LD3 BW.    LD6  --> LD5 The process chain is for Master Data Attributes. The problem i'm having is th

  • Disappearing tolerance lines on xy chart

    I don't understand why my limit lines are disappearing on my xy chart. They should follow the green signal which starts from 0,0 up to 12,12, then back down to -12,-12, then back to 0,0. This is hard to see because the data points overlap. As soon as