Activating webservices in GRC 10

Similar Messages

• Error while activating webservice-consumer-proxy

  Hi,
  I'm trying to generate a webservice-consumer-proxy from a Salesforce.com-WSDL-File. When trying to activate the proxy I receive an error-message from class CX_ESD_EXCEPTION stating "Beim Aktivieren des Proxys ist ein Fehler aufgetreten." (in english: "Error occured when activating the proxy"). The WSDL-File is SOAP-Version 1.1, Document/Literal.
  Thank you very much in advance,
  Olli
  [SAP Consulting by mindsquare|http://mindsquare.de]

  I have a similar issue and it says that the reason is one of the exception classes in XML  in not derived from either cx_static_check or cx_dynamic_check.  
  Please let me know if anyone have ideas how to resolve this

• Error generating/activating WebService BW DataSource

  Hello,
  I created a BW DataSource using WebService in BI7 and I got the following errors when trying to activate it.
  Error generating Web service /BIC/CQZBRSDAT00001000
  Message no. RSDS301
  Error when activating DataSource ZBRSDATA                      WEBSERVICE
  Message no. RSO404
  Could anyone please advise for any inputs/tips for the issue? I found below two threads but the OSS Note 913944 appreantly does not exist anymore (not sure if it is being removed, updated, etc).
  Web service data source - error RSDS301
  Problems with DataSource Web Service BI 7.0
  Thanks & Regards,
  Andy

  Hello
  We will move this thread to the [SAP NetWeaver BW|SAP Business Warehouse; forum as this is not a PI specific issue. You will have a better chance of getting a quality answer to your query on this forum.
  Regards
  XI/PI Moderator

• WebServices in GRC v10.0

  Hi all,
  I have three questions to WebServices regarding SAP GRC v10.0:
  1. Is it possible with v10 to check permissions via WebServices (SAPGRC_AC_IDM_*) only with the RAR component? In v5.3 it was only possible, if CUP was installed too.
  2. Contain the WebService SAPGRC_AC_IDM_RISKANALYSIS in v10 a analysis of critical permissions? In v5.3 only SoDs and critical actions was checked.
  3. What is the task of the parameter includeCrossSystemsAnalysis of the WebService VirsaCCRiskAnalysisService in v10? In v5.3 the value of this WebService has no impact to the SoD check (it SHOULD be:
  includeCrossSystemsAnalysis == true ==> cross system SoD check
  includeCrossSystemsAnalysis == false ==> single system SoD check
  But doesn't matter what's the value of the parameter. There is always a cross system check. Has this changed in v10.0?
  Regards
  Peter

  Hi Peter,
  AFAIK the web services have not yet been published.
  If you had the web service return violations without the requirement for CUP, what would you do with that information?
  I hear that question a lot, I would really like to understand the ideas behind it.
  To one of your other questions: cross system check is only possible for dedicated cross system risks. If there are no such risks defined, this will not yield any results no matter what the value of the parameter is.
  Thanks,
  Frank.

• Retry Activity - WebService Code Problem

  Hi all,
  We have an activity when contains a Web-Service Code. This activity calls an external Web-Service by passing parameters and waits for response from the external Web-Service.
  We want this activity which contains the Web-Service Code to retry 2 times before entering into a System Exception when failed.
  We have configured the parameters in the Process Administrator ----> Engine ---> Execution ---> Automatic Execution --> Retry Times = 2.
  But somehow this activity ONLY does not retry 2 times before entering into a System Exception when failed. The other activities which DO NOT have any Web-Service Call code, do retry 2 times before entering into a System Exception when failed.
  Why is this so?
  Is it that an activity having Web-Service Call code cannot be retried when failed before entering into a System Exception?
  How do we rectify this problem?
  Is there any other parameter that we need to change for the retry of an activity that CONTAINS WEB-SERVICE CALL CODE?
  Btw.. I am using Local Variables for calling parameters inside my web-service.. Is that a problem? If I use Instance Variables then the entire process fails to execute and it takes a lot of space too..
  Edited by: user8766631 on May 5, 2010 10:55 AM

  I have tried calling them as webservices through CF and am
  getting the following Error:
  The string "--" is not permitted within comments
  I have turned off integrated Authentication and all the
  methods have Remote for the access property. I have some
  webservices I can call, others that I can't. They all follow the
  same pattern for their source code because of the code generator I
  wrote.
  There are always 2 CFCs involved, once CFC is nothing put
  <cfproperty> tags to create a message format, the DAO cfc
  (the ones I call directly) essentially get some rows from a
  database and return an Array of the CFC messageformat type, those
  are the methods that return no data, but other methods like
  updating and deleting data from the tables does work via a
  webservice, its only calling methods that return data that fails,
  and not for every service, only certain tables, and there is no
  rhym or reason to it thus far.
  Any other ideas? I would hate to have to start using
  .NET.....

• Activating WebService on R/3 to connect a non-SAP system (XML)

  Hi Experts,
  Apologize if my thread is not on the right category. I'm not sure where to put this.
  Is there any steps on how to activate webService to connect to a non-SAP system without using middleware like XI/PI. I'm trying to connect to a non-SAP system that sends an xml format message and then directly connect to an R/3 system. Is this possible? thanks!

  Hi,
  Check this link.
  Web Services from Function Module
  it might help u.
  Thanks.

• Need help in GRC Migration

  Hello Gurus,
  I am looking for an Expert who could assist me in GRC Migration.
  I have downloaded the Migration guide, which is available on Market Place.
  There is a Migration Tool available (Java Tool), howevre there is nothing mentioned about the migration tool in Migration Guide. This is confusing.
  Currently there 2 active modules in GRC 5.3 and those are RAR and SPM.
  ARM need to be configured once we migrate to GRC 10.
  I need help for migration planning or making a roadmap for Migration and also require help on requirement gathering / Business Blueprinting for ARM.
  Please revert back on the same thread.
  Thanks in advance.
  Regards,
  Atul Rajwade

  Hi Atul
  I need help for migration planning or making a roadmap for Migration and also require help on requirement gathering / Business Blueprinting for ARM.
  This type of help is architecture and strategy experience. Have you done design work before?
  If you are hoping for some assistance, you might get a better response if you provide what you are intending to do first and seek clarification on your thoughts rather then just say you need help without specify which parts your need assistance with.
  Asking someone to revert back to you this information to close to completing system design for you.
  If you do not know how to architect a solution, I recommend you seek a consultant to provide this service to you. The planning and roadmap will come back to the business process design, understanding what data needs to be migrated from 5.3 (e.g. rule set, mitigating controls, etc) as well as how GRC 10 is to be used.
  Regards
  Colleen

• Problem with local SAP name inside ABAP webservice

  Hi all,
  I've created a simple webservice in our SAP development machine, with the normal steps (create RFC, then generated the webservice inside SE38, then activated webservice in SOAMANAGER).
  The problem is that when I call the webservice from outside (external .NET program) I get the following error:
  There was no endpoint listening at http://srv.devm2.local:8004/sap/bc/srt/rfc/sap/zwebservice1/060/zwebservice1/zwebservice1 that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
  I believe this problem is related somehow with the internal srv.devm2.local SAP name that is unknown from outside.
  If I open the WSDL definition, in the end I can find this internal srv.devm2.local reference of our SAP DEV server:
  </wsdl:binding>
  <wsdl:service name="ZWEBSERVICE1Service">
  <wsdl:port name="zwebservice1" binding="tns:zwebservice1">
  <soap:address location="http://srv.devm2.local:8004/sap/bc/srt/rfc/sap/zwebservice1/030/zwebservice1/zwebservice1"/>
  </wsdl:port>
  </wsdl:service>
  </wsdl:definitions>
  How can I force the webservice to map our external IP address, instead of the internal local name srv.devm2.local?
  Or there it another problem that I'm not aware of?
  Thanks all!
  jc

  I meant changing it in the calling application (external .NET). Can you not download the wsdl to your pc and change it there manually and then use this local wsdl in your external application to call the webservice ?
  It is just to see if the sap name is the problem. If that is the problem then it should work if you replace the name with the IP address.
  If this works then maybe basis need to adjust some settings (firewall ?, access authorizations ?)
  Also are you sure the service is activated in SOAMANAGER ? Sometimes when you save it stays inactive and it does not give you a clear error message, easy to overlook.
  And try to call the webservice with SOAPUI and the wsdl from soamanager. Does that work ? When I test with SOAPUI I always use the http port and don't forget to fill in user and password.
  If soapui call works, then the problem is with the external .NET application.

• GRC, CUA and IDM

  We are in process of installing GRC 10.0 in our landscape. We have following questions?
  1. Can I run my CUA from GRC box instead of say Solman?
  2. Can I hook GRC with LDAP so I import the users from active directory?
  3. Do we need IDM, if active directory is hooked up to the system where we have the CUA?
  Regards,
  Kedar
  Edited by: Kedar Joshi on Aug 8, 2011 5:57 PM

  Hi Kedar,
  The easy answer to your question is yes to all of them!
  1. It is technically possible to run CUA from the GRC box as it is an ABAP based environment.
  Depending on your user provisioning processes though, you may want to consider the scope of using CUA.
  For example, you may want to retain CUA for pre-production access but may want to have automated Access Request Management (CUP) for the production environments. Alternatively, if you are going down the full IDM route, you may wish to have everything provisioned via GRC rather than having the additional manual assignments through CUA.
  2. Yes, you can still connect to LDAP Active Directory from GRC. There is a technical change in setting up the connection as it uses an RFC destination rather than a JCo but it's still possible and actually advisable for creating a single user master source.
  3. This is slightly more difficult to say without further knowledge of your organisation. Generally, IDM is focussed on a more holistic view of User Access across the enterprise estate. IDM is still of use when managing SAP and Non SAP applications and managing the roles from a business perspective. Whilst GRC is able to offer the business role concept inherently, it is still slanted towards the management of risk rather than pure Identify Management and therefore the tools do perform a separate yet integrated function.
  I hope this helps.
  Simon

• Do you trust the SAP standard rule set ?

  Hello all,
  I have the impression that, too often, the SAP standard ruleset has been taken for granted : upload, generate and use. Here is a post as to why not to do so. Hopefuly, this will generate a interesting discussion.
  As I have previously stated in other threads, you should be very careful accepting the SAP standard rule set without reviewing it first. Before accepting it, you should ensure that your specific SAP environment has been reflected in the functions. The 2 following questions deal with this topic :
  1. what is your SAP release  ? ---> 46C is different than ECC 6.0 in terms of permissions to be included in the function permission tab. With every SAP release, new authorization objects are linked to SAP standard tcodes. Subsequently some AUTHORITY-CHECK statements have been adapted in the ABAP behind the transaction code. So, other authorizations need to provided from an implementation point of view (PFCG). And thus, from an audit perspective (GRC-CC), other settings are due when filtering users' access rights in search for who can do what in SAP.
  2. what are your customizing settings and master data settings ? --> depending on these answers you will have to (de)activate certain permissions in your functions. Eg. are authorization groups for posting periods, business areas, material types, ... being used ? If this is not required in the SAP system and if activated in SAP GRC function, then you filter down your results too hard, thereby leaving certain users out of the audit report while in reality they can actually execute the corresponding SAP functionality --> risk for false negatives !
  Do not forget that the SAP standard ruleset is only an import of SU24 settings of - probably - a Walldorf system. That's the reason SAP states that the delivered rule set is a starting point. 
  So, the best practice is :
  a. collect SAP specific settings per connector in a separate 'questionnaire' document, preferably structured in a database
  b. reflect these answers per function per connector per action per permission by correctly (de)activating the corresponding permissions for all affected functions
  You can imagine that this is a time-consuming process due to the amount of work and the slow interaction with the Java web-based GRC GUI. Therefore, it is a quite cumbersome and at times error-prone activity ...... That is, in case you would decide to implement your questionnaire answers manually. There are of course software providers on the market that can develop and maintain your functions in an off-line application and generate your rule set so that you can upload it directly in SAP GRC. In this example such software providers are particularly interesting, because your questionnaire answers are structurally stored and reflected in the functions. Any change now or in the future can be mass-reflected in all (hundreds / thousands of) corresponding permissions in the functions. Time-saving and consistent !
  Is this questionnaire really necessary ? Can't I just activate all permissions in every function ? Certainly not, because that would - and here is the main problem - filter too much users out of your audit results because the filter is too stringent. This practice would lead too false negatives, something that auditors do not like.
  Can't I just update all my functions based on my particular SU24 settings ? (by the way, if you don't know what SU24 settings are, than ask your role administrator. He/she should know. ) Yes, if you think they are on target, yes you can by deleting all VIRSA_CC_FUNCPRM entries from the Rules.txt export of the SAP standard rule set, re-upload, go for every function into change mode so that the new permissions are imported based on your SU24 settings. Also, very cumbersome and with the absolute condition that you SU24 are maintained excellent.
  Why is that so important ? Imagine F_BKPF_GSB the auth object to check on auth groups on business areas within accounting documents. Most role administrator will leave this object on Check/Maintain in the SU24 settings. This means that the object will be imported in the role when - for example - FB01 has been added in the menu.  But the role administrator inactivates the object in the role. Still no problem, because user doesn't need it, since auth groups on business areas are not being used. However, having this SU24 will result in an activated F_BKPF_GSB permission in your GRC function. So, SAP GRC will filter down on those users who have F_BKPF_GSB, which will lead to false negatives.
  Haven't you noticed that SAP has deactivated quite a lot of permissions, including F_BKPF_GSB ? Now, you see why. But they go too far at times and even incorrect. Example : go ahead and look deeper into function AP02. There, you will see for FB01 that two permissions have been activated. F_BKPF_BEK and F_BKPF_KOA.  The very basic authorizations needed to be able to post FI document are F_BKPF_BUK and F_BKPF_KOA.  That's F_BKPF_BUK .... not F_BKPF_BEK. They have made a mistake here. F_BKPF_BEK is an optional  auth object (as with F_BKPF_GSB) to check on vendor account auth groups.
  Again, the message is : be very critical when looking at the SAP standard rule set. So, test thoroughly. And if your not sure, leave the job to a specialized firm.
  Success !
  Sam

  Sam and everyone,
  Sam brings up some good points on the delivered ruleset.  Please keep in mind; however, that SAP has always stated that the delivered ruleset is a starting point.  This is brought up in sap note 986996     Best Practice for SAP CC Rules and Risks.  I completely agree with him that no company should just use the supplied rules without doing a full evaluation of their risk and control environment.
  I'll try to address each area that Sam brings up:
  1.  Regarding the issue with differences of auth objects between versions, the SAP delivered rulset is not meant to be version specific.  We therefore provide rules with the lowest common denominator when it comes to auth object settings.
  The rules were created on a 4.6c system, with the exception of transactions that only exist in higher versions.
  The underlying assumption is that we want to ensure the rules do not have any false negatives.  This means that we purposely activate the fewest auth objects required in order to execute the transaction.
  If new or different auth object settings come into play in the higher releases and you feel this results in false positives (conflicts that show that don't really exist), then you can adjust the rules to add these auth objects to the rules.
  Again, our assumption is that the delivered ruleset should err on the side of showing too many conflicts which can be further filtered by the customer, versus excluding users that should be reported.
  2.  For the customizing settings, as per above, we strive to deliver rules that are base level rules that are applicable for everyone.  This is why we deliver only the core auth objects in our rules and not all.  A example is ME21N. 
  If you look at SU24 in an ECC6 system, ME21N has 4 auth objects set as check/maintain.  However, in the rules we only enable one of the object, M_BEST_BSA.  This is to prevent false negatives.
  3.  Sam is absolutely right that the delivered auth object settings for FB01 have a mistake.  The correct auth object should be F_BKPF_BUK and not F_BKPF_BEK.  This was a manual error on my part.  I've added this to a listing to correct in future versions of the rules.
  4.  Since late 2006, 4 updates have been made to the rules to correct known issues as well as expand the ruleset as needed.  See the sap notes below as well as posting Compliance Calibrator - Q2 2008 Rule Update from July 22.
  1083611 Compliance Calibrator Rule Update Q3 2007
  1061380 Compliance Calibrator Rule Update Q2 2006
  1035070 Compliance Calibrator Rule Update Q1 2007
  1173980 Risk Analysis and Remediation Rule Update Q2 2008
  5.  SAP is constantly working to improve our rulesets as we know there are areas where the rules can be improved.  See my earlier post called Request for participants for an Access Control Rule mini-council from January 28, 2008.  A rule mini-council is in place and I welcome anyone who is interested in joining to contact me at the information provided in that post.
  6.  Finally, the document on the BPX location below has a good overview of how companies should review the rules and customize them to their control and risk environment:
  https://www.sdn.sap.com/irj/sdn/bpx-grc                                                                               
  Under Key Topics - Access Control; choose document below:
      o  GRC Access Control - Access Risk Management Guide   (PDF 268 KB) 
  The access risk management guide helps you set up and implement risk    
  identification and remediation with GRC Access Control.

• Access Control 5.3 RAR - BW Reporting 0GCC_UPV

  Hi experts,
  I have activated the SAP GRC Access Control content and everything works fine so far. However, I can't report risks by users properly, as mitigated controls are not taken into account in cube 0GCC_UPV. Mitigated users are stored in 0GCC_MTUS.
  Has anyone experience with this ? Of course we want to report on users which are not mitigated and still have risks.
  The query select * from virsa_cc_prmvl on Java Stack says that MITREFNO is always empty. However, there is the possibility on the java stack to report on users and select/deselect mitigation. I don't believe they join two tables during runtime !
  Any help is appreciated !
  Thanks,
  Max

  Hi Annie,
  For your first question check this thread -
  GRC 5.3 Zero Violations & unable to exclude critical profiles
  Question 2:
  When I change the background job parameters for Batch Risk Analysis with specific usergroup and specific role range, why it doesnt reflect in the mgt view->risk violations? it still show me all the users in the systems and not the range of users that i specified.
  As per my uderstanding mgt-risk violation will show you the results based upon the selected criteria in the view and not based upon the background job you selected. Once Full Batch Risk Analysis is done, the data is there in GRC database. After that it keeps syncing each time you run a new batch risk analysis and adds any new changes.
  Showing in mgmt report is based upon what you select to see.
  Regards,
  Sabita

• SBL-ODU-01008 The HTTP request did not contain well-formed XML.

  I am trying to invoke the activity webservice using Msxml2.XMLHTTP.4.0 through PowerBuilder...
  I receive the following error when executing the code below: SBL-ODU-01008 The HTTP request did not contain well-formed XML.
  ls_post_url = "https://secure-ausomxxxx.crmondemand.com/Services/Integration/Activity;"
  ls_response_text = "jsessionid=" + sesId + ";"
  ls_post_url = ls_post_url + ls_response_text
       loo_xmlhttp.open ("POST",ls_post_url, false)
  // loo_xmlhttp.setRequestHeader("Content-Length", 200 )      
  // loo_xmlhttp.setRequestHeader("Content-Type", "text/xml; charset=utf-8" )      
  // loo_xmlhttp.setRequestHeader("Accept", "text/xml" )           
  // loo_xmlhttp.setRequestHeader("COOKIE", left(cookie,pos(cookie,";",1)-1) )
  //     loo_xmlhttp.setRequestHeader("COOKIE", left(cookie,pos(cookie,";",1)-1) )
       ls_post_url2 = "document/urn:crmondemand/ws/ecbs/activity/10/2004:ActivityQueryPage"
       loo_xmlhttp.setRequestHeader("SOAPAction", ls_post_url2)     
       loo_xmlhttp.send()
  If I uncomment the setRequestHeader info, then I get a different error:
  ls_post_url = "https://secure-ausomxxxx.crmondemand.com/Services/Integration/Activity;"
  ls_response_text = "jsessionid=" + sesId + ";"
  ls_post_url = ls_post_url + ls_response_text
       loo_xmlhttp.open ("POST",ls_post_url, false)
  loo_xmlhttp.setRequestHeader("Content-Length", 200 )      
  loo_xmlhttp.setRequestHeader("Content-Type", "text/xml; charset=utf-8" )      
  loo_xmlhttp.setRequestHeader("Accept", "text/xml" )           
  loo_xmlhttp.setRequestHeader("COOKIE", left(cookie,pos(cookie,";",1)-1) )
       loo_xmlhttp.setRequestHeader("COOKIE", left(cookie,pos(cookie,";",1)-1) )
       ls_post_url2 = "document/urn:crmondemand/ws/ecbs/activity/10/2004:ActivityQueryPage"
       loo_xmlhttp.setRequestHeader("SOAPAction", ls_post_url2)     
       loo_xmlhttp.send()
  SBL-ODU-01007 The HTTP request did not contain a valid SOAPAction header. The value of the header was
  I am unsure what I am missing in order to invoke the web service. If anyone can help I would truly appreciate it.
  Thanks

  Hi,
  I tried the SOAP request you provided and got a different error response:
  <?xml version="1.0" encoding="UTF-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>Client</faultstring><detail><ErrorCode>SBL-ODU-01008</ErrorCode><ErrorMessage>The HTTP request did not contain well-formed XML. An attempt to parse it produced the following error: Unsupported wsse:Password Type. Valid Value: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText</ErrorMessage></detail></soap:Fault></soap:Body></soap:Envelope>
  After changing the Password Type from:
  Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wssusername-token-profile-1.0#PasswordText">hijklmno</wsse:Password>
  to:
  Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">hijklmno</wsse:Password>
  The request was successful.
  Please let me know if this resolves your issue.
  Thanks,
  Sean
  <?xml version='1.0' encoding='ISO-8859-1'?>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Header>
  <wsse:Security
  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  soapenv:mustUnderstand="1">
  <wsse:UsernameToken>
  <wsse:Username>abcdefg</wsse:Username>
  <wsse:Password
  Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">hijklmno</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </soapenv:Header>
  <soapenv:Body>
  <q0:ContactWS_ContactQueryPage_Input
  xmlns:q0="urn:crmondemand/ws/contact/">
  <q1:ListOfContact xmlns:q1="urn:crmondemand/xml/Contact/Query">
  <Contact>
  <ContactType>='Customer'</ContactType>
  <ContactFirstName>='Fred'</ContactFirstName>
  <IntegrationId />
  </Contact>
  </q1:ListOfContact>
  </q0:ContactWS_ContactQueryPage_Input>
  </soapenv:Body>
  </soapenv:Envelope>
  Edited by: Sean Duffy on Jun 4, 2010 9:38 AM

• Procee Control 2.5 - Organizational Structure

  Hello All,
  we have just installed the PC 2.5 in QA.
  after finishing all post-implementation activities, we saw that the HR structure was created automatically in the PC also.
  why is that ? how can we prevent it form happening when we install in PROD ?
  what can we do now if we want another structure ?
  Thansk

  Yudit,
  Run the HR table cleanup locally in your QA environment and this will fix the problem.  There are specific changes you have to make locally when you bring up a new system and the HR data cleanup is one of them.  This does not transport.
  Most of the following configuration changes are not transportable and must be performed locally when a new system or client is created.  After transports are imported, some or all of the following steps need to be performed.  Steps will vary depending on whether you are creating a new client in an existing system or creating an entirely new system. 
  1)  GRC Process Control=>Workflow=>Perform Automatic Workflow Customizing
               - Make sure everything under "Maintain Runtime Environment" and "Classify Tasks as General"
                 is activated.
  2) GRC Process Control=>Workflow=>Perform Task Specific Customizing
               - Including SA38=>RS_APPL_REFRESH (if necessary)
               - Make sure everything under this activity is performed including "classifying all tasks as
                 general" and that event linking" is properly activated.
  3) GRC Process Control=>Workflow=>Manage Event Queue
               - Maintain Background Job tab "Number of events per read access to 12u201D. Reschedule job if
                 necessary.  Changing this value deletes the bckgrnd job.
  4) GRC Process Control=>Workflow=>Transfer Work Items to Replacement
               - Schedule job per IMG / Page 17 of Ops guide
               - Schedule or transfer job execution to BATCHUSER ID
  5) GRC Process Control=>Workflow=>Email Notifications=>Schedule job for sending email
               - Schedule job per IMG / Page 17 of Ops guide (every 15 mins)
               - Schedule or transfer job execution to BATCHUSER ID
  6) GRC Process Control=>Workflow=>Specify Fallback User for Work Items
               - Review for appropriateness
  7) GRC Process Control=>Cases=>Copy Cases to New Timeframe After Signoff
               - Schedule job per IMG / Page 17 of Ops guide
               - Schedule or transfer job execution to BATCHUSER ID
  8) GRC Process Control=>Cases=>Copy Documents After Carryforward into New Timeframe
               - There is an ERROR in the IMG setup for this job.  IMG is incorrect.
               - Schedule or transfer job execution to BATCHUSER ID
  9) GRC Process Control=>Structure Setup=>Cleanup HR Data=>Delete Table Entries     
  10) GRC Process Control=>Structure Setup=>Cleanup HR Data=>Rebuild Directory     
  11) GRC Process Control=>Reporting=>Maintain Reporting Buffer
               - Set up Background job according to IMG and NOT Ops Guide
               - Schedule or transfer job execution to BATCHUSER ID
  12) GRC Process Control=>Reporting=>Enter Role for Determining Responsible Person for an Object 
       (Optional)
  13) GRC Process Control=>Assessment and Test=>Automated Testing and Monitoring=>Register
        Connectors            
               - Review for appropriateness
  If you plan on having more than 1 client in a system, include the client number in the job name.  If not, you won't be able to distinguish which job is running in which client (by the job name alone) when viewing jobs in SM37.
  I hope this helps.
  Matt

• Consuming external webservice in an automated activity

  hi,
  i am consuming a bapi based webservice in an automated activity. i have checked this in wsnavigator using WSDL, it is working fine. when i consume this in my process dc , it asks me to create aService group. i have created one and now deployed dc to server. it doesn't work and in log error it shows that thsi service group is not assigned to any physical system.
  now i tried to create a business scenario communication, for this i created provider systems (it was created and pinged sucessfully, showed all the web services lying in its service registry). when i was creating business scenario, under first step credentials of service group and provider systems are provided. unser second step when i tried to add the services it didn't showed the services which it showed me while i pinged.
  please tell me how to sucessfully consume an external web service (bapi based).This is lying on SR but when i tried to access it through single service administration, it was not there. please guide me how can i sucessfully consume this webservice (using service group or logical destination).
  Thanks In Advance.

  Hi Rohit,
  try with Application Communication Configuration instead of Business Scenario (should be easier for single service). Make sure you have entered the correct credentials for the backend system (both for metadata retrieval and for runtime invocation).
  Instead of Service Registry you can also try with WSIL when creating the provider system. The WSIL URL for the ABAP system should look like this: http://host:port/sap/bc/srt/wsil.
  Please also check the SOA config guide by Alexander Zubev:
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/40dabb46-dd66-2b10-1a9a-81aa620098b3
  Hope this helps,
  Christian
  Edited by: Christian Loos on Dec 29, 2009 10:28 AM

• Warnings while activating BC SETs in  configuring ERM on  GRC 10.0

  Hello ,
  We are trying to configure GRC 10.0 , when I tried to configure ERM and tried to active the given BC Sets as per the Config Guide , We found that one of the BC SETS " GRAC_ROLE_MGMT_LANDSCAPE" is throwing a warning.All the other BC SETS are activated Successfully.
  Please let me know if any one tried the same and getting the warnings.
  Regards,
  Jagadish

  Dear Rajan,
  Today I tried to activate in Expert mode , still its throwing Warning !!.
  Regards,
  Jagadish Bhandaru