AE - Assign Mitigating Controls when Submitting Request?
With AE 5.1, can you assign mitigating controls when submitting a request?
In the "Configuration tab": for the "Risk Analysis" Configuration option, if you select "Perform Risk Analysis on request submission" to Yes:
Does the requestor have the option to assign mitigating controls at the time of request submission (if there is an SOD conflict)?
Hi,
NO the option for Mitigating the Risk while Submitting the Request is not there.Only Risk Analysis is Performed Which depends on the Configuration option to Having Set the Auto Risk Analysis ON/OFF.
Regards,
Similar Messages
-
Found NullPointerException when submitting requests in consecutive sequence
i found i met problem of 'NullPointerException' and inconsistence resultset when i fast submitting requests. For a example, i have a 'Go' button on my jsp page which will quote a search value to look for search result. I tried double-clicking the 'Go' image button to submit the search request in faster manner (e.g. double-clicking the icon rather than single-clicking), my mentioned error usually occurs. However, when i submit my request by slower manner, those mentioned error rarely occurs. I am using BC4J component with stateless connection and run on local mode. Any hints for my mentioned problem?
Thanks for your replies!Please let me provide the tracing message for the NullPointerException:
java.lang.NullPointerException
java.lang.Object oracle.jbo.server.ViewObjectImpl.getSyncLock()
oracle.jbo.server.ViewRowSetImpl oracle.jbo.server.ViewObjectImpl.getDefaultRowSet()
boolean oracle.jbo.server.ViewObjectImpl.hasNext()
int MyApp.tags.MyTag.doStartTag()
void MyJsp.jspService(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
void oracle.jsp.runtime.HttpJsp.service(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
void oracle.jsp.runtimev2.JspPageTable.service(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.String)
void oracle.jsp.runtimev2.JspServlet.internalService(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
void oracle.jsp.runtimev2.JspServlet.service(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
void javax.servlet.http.HttpServlet.service(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
void com.evermind.server.http.ServletRequestDispatcher.invoke(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
void com.evermind.server.http.ServletRequestDispatcher.forwardInternal(javax.servlet.ServletRequest, javax.servlet.http.HttpServletResponse)
boolean com.evermind.server.http.HttpRequestHandler.processRequest(com.evermind.server.ApplicationServerThread, com.evermind.server.http.EvermindHttpServletRequest, com.evermind.server.http.EvermindHttpServletResponse, java.io.InputStream, java.io.OutputStream, boolean)
void com.evermind.server.http.HttpRequestHandler.run(java.lang.Thread)
void com.evermind.util.ThreadPoolThread.run()
javax.servlet.jsp.JspException: [MyTag..doStartTag]: Exception - null
int MyApp.tags.MyTag.doStartTag()
void MyJsp.jspService(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
void oracle.jsp.runtime.HttpJsp.service(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
void oracle.jsp.runtimev2.JspPageTable.service(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.String)
void oracle.jsp.runtimev2.JspServlet.internalService(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
void oracle.jsp.runtimev2.JspServlet.service(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
void javax.servlet.http.HttpServlet.service(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
void com.evermind.server.http.ServletRequestDispatcher.invoke(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
void com.evermind.server.http.ServletRequestDispatcher.forwardInternal(javax.servlet.ServletRequest, javax.servlet.http.HttpServletResponse)
boolean com.evermind.server.http.HttpRequestHandler.processRequest(com.evermind.server.ApplicationServerThread, com.evermind.server.http.EvermindHttpServletRequest, com.evermind.server.http.EvermindHttpServletResponse, java.io.InputStream, java.io.OutputStream, boolean)
void com.evermind.server.http.HttpRequestHandler.run(java.lang.Thread)
void com.evermind.util.ThreadPoolThread.run()
I HOPE SOMEONE WOULD NOTICE MY MENTIONED PROBLEM, RATHER THAN IGNORE IT AGAIN!!In fact, I think the 'Stateless' connection and multi-thread from Java nature causes such problem. However, because my users would just submit searching requests, I don't want to use those connection method in which visitors' state is stored. Please advice.
Thanks for your replying. -
Mitigation controls assignation to users in RAR
Hi,
While assigning mitigation control to the users (RAR>Mitigation> Mitigated Users-->Add), it is only possible to assign 1 user at a time...Would it be possible to assign more than 1 user through multiple selection
Thanks
AbhijeetAbhijeet,
From that path, you cannot assign multiple users at once however, if authorised, you can upload mitigation controls and within the upload files, you can upload users assigned to them.
Simon -
GRC CUP 5.3 SP16.3 Mitigation Controls automation removal
Does anyone know that if you create any user requests to remove roles from a user, that if any mitigation controls were assigned to the users for those roles, the mitigating control ids can also be automatically removed from RAR during auto provisioning of the request?
Right now, GRC CUP, if configured properly, during auto provisioning, will assign the mitigation controls automatically to the userid in RAR to mitigate the risks when the request is processed if the new access will give any SOD violations. But if you remove the roles from a user and he/she had any mitigation ids assigned in RAR, can the request also automatically remove the mitigated control id associated with it if the user will no longer have that risk? I have not seen the request automatically remove the mitigated id from RAR when the role was removed from the user id during auto provisioning. But I'm not sure if this requires additional workflow configuration or not.
Will greatly appreciate if any1 is aware of this issue and how to resolve it. Or is the only solution to manually remove it from RAR..but this can be tiresome..bc then you have to run the report every week or month in RAR to remove the excessive controls assigned if the users do not have the risks anymore..comparing reports from current to previous month, etc.
Thanks,
A.Hi Alley,
It is not possible to automate the removal of mitigation controls through a workflow in CUP. The only solution is to review on a regular basis and remove them manually from RAR
We also has the same issue and performing manual review at regular intervals of the user & role assigned mitigation controls
Best Regards,
Srihari.K -
GRC AC10 Mitigation Control Temporary Tables
Hi everyone,
I'm trying to find the table where GRC stores the organizational unit for a new mitigation control before the request is approved. As I could see, after approval (when the control is created) they are moved to HRP1000, 1001, etc.
I've also tried with system trace (ST01 and ST05) but I could only find these tables: GRFNMWRTINST, GRFNMWRTINSTAPPL. Unfortunately I've checked them but they don't store OU data.
Maybe it is stored in an XML file and that's why I cant reach the table.
If you have any idea or any experience to share, I would really appreciate it!
Thanks and regards,
FernandoHi Fernando
Maybe it is stored in an XML file and that's why I cant reach the table.
I was trying to figure out the same thing and suspected that was the case. Or if there might be a temporary text file
I hope someone here can clear it up. But it's a bit annoying in the approach as you cannot tell what changes have been requested or compare changes to current. Hope SAP eventually cleans this up.
Might need to trace it to identify the function module that is used by approver to view the request?
Regards
Colleen -
Role level mitigating controls not affecting position level reports
Hi,
Here's the problem we're having with mitigating controls:
When I assign a mitigating control to a role, it correctly mitigates the risk when we perform a role level SoD analysis. However, when we perform a position level analysis, the same role shows up again in the report as not mitigated. Anyone else running into this issue? We are on CC5.2 with SP4. Is this fixed in later SPs?
Simple Example:
Role ABC has conflicting tcodes FBV0 and FBVB. We applied a mitigating control to this role and it doesn't show up anymore on the role level reports.
When running the position level SoD analysis, position number 50010000 contains role ABC and the same conflict shows up again even though the conflict is entirely within Role ABC and not with other roles that are in position 50010000.
Thanks,
RobertAll,
I opened a customer message with SAP and it seems that this issue is a limitation with CC 5.2 Mitigating at the role level will will not follow through to the position level reports. However, it seems that it will follow through to the user level as long as you have configured it under the Configuration->Additional Options tab. There is a setting there that will allow rule level mitigating controls to take affect at the user level.
Thanks,
Robert -
Mitigation control usage in PC 10
Hi Experts,
I am able to create Mitigation control under the PC of GRC 10. The same can be seen under the Mitigation control tab of AC. However, I am unable to see the mitigation controls that are designed under AC for assignment in PC.
Is there any configuration that has to be done to connect both AC and PC?
Please let me know.
Thanks,
SumaHello Adreas,
Thanks for the reply.
As you mentioned i have maintained the organization under Setup --> Organizations. However, I am still unable to see Mitigation controls under the subprocess.
I see that I can create a new mitigation control when I navigate through Master data>select specific organization code> select the subprocess-->add new control. This tab shows the creation of new Mitigation control. However, it does not diplay the mitigation controls that were created under AC.
Am I missing something? Please suggest.
Thanks,
Suma -
Hi,
Is their a way we can maintain and update mitigating controls on GRC (GUI) back-end.UI can't be able to find those i created and migrated. Any ideas?
Regards, MelvinHi,
REF CALL # : 968707 / 2011
I created mitigating controls and imported the old mitigating controls from GRC 5.3.
When I go to the mitigating controls on the UI no mitigating controls appear when opening the page. When I do a drop down (drill) on the TAB (SETUP) Work Centre  Link - Mitigating Control
When drilling down on Mitigating Control IDu2019s
The only two displayed is the ones I created on the UI. When I import the GRC5.3 mitigating controls I get the following
message on the import tool within GRC10 back-end
--Start Loading File - Scenario of 5.3 Mitigation - Migration
sapvirdevexport53/BUNITdata.dat
Mitigation Control EA:BS001 already exists
Mitigation Control EA:BU001 already exists
Mitigation Control SOLMAN99 already exists
--File loaded successfully
The migration document refers to the following steps and this was followed
Why is the screen empty when going into the mitigating control link on the UI - Another strange phenomenon is when I run the mitigating report from report and analytics the mitigating control comes up blank.
When in the report and analytic work centre, and running the mitigation control report - -> I drill down on the Control ID and get the blank screen.
This is why im asking can I look at mitigating controls not from ECC but GRC back-end system and maintain it from their
Regards, Melvin -
Mitigation control request is empty when opened in Search Request
Issue: All fields in the Mitigation control request are empty when the raised request is opened in Search Request.
Error message when opening the MC id request in Search Request.
Error 1 - "Control CONTROL/L/50000XXX does not exist "
Error message when opening the MC id by clicking on Administration in Search Request
Error 2 - "Work item 000000065684 is not in the users work inbox"
However, the approver has all the fields populated when attempting to approve the request.
Please provide you inputs to ensure the issue is fixed.
Regards,
ArunHi Madhu,
We are on GRC 10 SP16.
FYI below.
Please provide inputs on the same.
Regards,
Arun -
Error when trying to approve a mitigation control in CUP
Hi,
I have created a Mitigation Control in RAR and set-up the necessary workflow. The request ends up in CUP and the approver is able to see the request when he/she logs in, however the approver cannot approve or reject the request.
The following error messages appear:
- Approve: Error processing your request, Request no: 2 in stage : MITIGATION
- Reject: Error rejecting request no: 2
I have check the workflow many times now and I have also checked the mitigation URL's.
Any idea what the problem can be?
Thanks.Thank you for your response. No the approver is not part of the DL. I just added the approver to the workflow (CAD).
Please find log details below:
2010-03-18 16:09:32,729 [SAPEngine_Application_Thread[impl:3]_8] ERROR Service call exception; nested exception is:
com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized. The requested URL was:"http://vgrdci.sap.client.co.za:51900/VirsaCCWFExitService5_2Service/Config1?style=document"
java.rmi.RemoteException: Service call exception; nested exception is:
com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized. The requested URL was:"http://vgrdci.sap.client.co.za:51900/VirsaCCWFExitService5_2Service/Config1?style=document"
at com.virsa.ae.request.ws.cc.Config1BindingStub.execWFExitService(Config1BindingStub.java:87)
at com.virsa.ae.request.ws.cc.Config1BindingStub.execWFExitService(Config1BindingStub.java:96)
at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.callCCExitService(RequestExitServiceHelper.java:263)
at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.callExitServiceForApprovedRequest(RequestExitServiceHelper.java:51)
at com.virsa.ae.accessrequests.bo.RequestBO.callExitService(RequestBO.java:5335)
at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:5174)
at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:4967)
at com.virsa.ae.accessrequests.actions.RequestViewAction.confirmRequestApproval(RequestViewAction.java:928)
at com.virsa.ae.accessrequests.actions.RequestViewAction.execute(RequestViewAction.java:103)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:425)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by:
com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized. The requested URL was:"http://vgrdci.sap.client.co.za:51900/VirsaCCWFExitService5_2Service/Config1?style=document"
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.handleResponseMessage(MimeHttpBinding.java:998)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1449)
at com.virsa.ae.request.ws.cc.Config1BindingStub.execWFExitService(Config1BindingStub.java:80)
... 33 more -
Multiple mitigation controls assignment through CUP
Dear All,
We have implemented CUP 5.3 and under SP9.
We have multiple controls addressing same risk where in we are supposed to assign multiple controls to the users. When the manager is assigning multple controls, the old one is getting replaced with the new one for the same risk.
Is there any configuration change to be made to assign multiple mitigation controls to the same user for the same risk using CUP.
Thanks and Best Regards,
Srihari.KBen,
This is how CUP works. There is no configuration which allows you to ignore SOD violaton even if there is mitigation. You will have to live with this for now.
Regards,
Alpesh -
Error when submitting GRC request
Hello IDM Gurus, <br>
We were running into an issue when trying to set up our IDM - GRC integration; when submitting a request to GRC via the AC Validation task the "Submit AC Request" task always encounters an error, but in spite of which the request still gets created on the GRC end; weirdly enough, 2 requests get created each time:<br>
putNextEntry failed storingcn=TESTUSER,ou=submitrequest,o=grc
Exception from Add operation:javax.naming.CommunicationException: [LDAP: error code 2 - (GRC Submit Request:2:oracle.jdbc.driver.OracleDriver)]; remaining name 'cn=TESTUSER,ou=submitrequest,o=grc'
<br>
On the GRC end we noticed that we are getting the following error:<br>
2011-12-05 20:21:32,046 [SAPEngine_Application_Thread[impl:3]_30] ERROR com.sap.security.api.NoSuchUserAccountException: Cannot find user when logonid is null!
com.virsa.ae.service.umi.UMIException: com.sap.security.api.NoSuchUserAccountException: Cannot find user when logonid is null!
at com.virsa.ae.service.umi.ume.UMESearchUser.getUserById(UMESearchUser.java:304)
at com.virsa.ae.search.bo.SearchUserBO.getUserById(SearchUserBO.java:198)
at com.virsa.ae.ejbutil.submitrequest.RequestSubmissionBean.submitRequest(RequestSubmissionBean.java:564)
at com.virsa.ae.ejb.submitrequest.SubmitRequestEJBBean.getSubmitRequest(SubmitRequestEJBBean.java:45)
at com.virsa.ae.ejb.submitrequest.SubmitRequestEJBObjectImpl0_0.getSubmitRequest(SubmitRequestEJBObjectImpl0_0.java:119)
2011-12-05 20:21:32,064 [SAPEngine_Application_Thread[impl:3]_30] ERROR com.virsa.ae.core.BOException: Error in Searching Users...
com.virsa.ae.core.BOException: Error in Searching Users...
at com.virsa.ae.search.bo.SearchUserBO.getUserById(SearchUserBO.java:201)
at com.virsa.ae.ejbutil.submitrequest.RequestSubmissionBean.submitRequest(RequestSubmissionBean.java:564)
at com.virsa.ae.ejb.submitrequest.SubmitRequestEJBBean.getSubmitRequest(SubmitRequestEJBBean.java:45)
at com.virsa.ae.ejb.submitrequest.SubmitRequestEJBObjectImpl0_0.getSubmitRequest(SubmitRequestEJBObjectImpl0_0.java:119)
As a result of this error GRC AC Submit request never completes successfully and so the polling task never starts, instead immediately the pending values are skipped and removed from the user in question.<br>
<br>
What are we supposed to set the User data source as within CUP? Is there something else we should be doing to fix this?<br>
<br>
Would greatly appreciate your help with trying to fix this!<br>
<br>
Thanks a lot in advance!<br>
<br>
Best regards,
Sandeep
Edited by: Sandeep Jayendran on Dec 6, 2011 11:22 AMHello Gents,
I ran another test and had a look at the VDS Operation log to get more detail around the error; here's an excerpt from the operation log:
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
End element SOAP-ENV:Envelope
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
org.apache.axis.i18n.resource::handleGetObject(empty00)
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
NSPop (empty)
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
org.apache.axis.i18n.resource::handleGetObject(setMsgForm)
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Setting current message form to: FORM_OPTIMIZED (currentMessage is now org.apache.axis.utils.ByteArray)
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Exit: SOAPPart::saveChanges(): org.apache.axis.utils.ByteArray@7ecd78
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Operations result is:SUCCESS
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Additional message = msgcode=000;msgdescription=Request Created;msgtype=SUCCESS;requestno=92
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Requst number: 92
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Exception in GRC WS API call:oracle.jdbc.driver.OracleDriver
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
*** Fetch result code ***
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Info Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Operation result: 2
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Warning Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Exception: (GRC Submit Request:2:oracle.jdbc.driver.OracleDriver)
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Returning: opResult:2,info: ((GRC Submit Request:2:oracle.jdbc.driver.OracleDriver))
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Finished add operation
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Sending operation result
Time: Tue Dec 13 18:01:43 GMT 2011 Level: All Thread: Thread[3,3,LDAP
Sessions:main_listener_4389] Logger: Plain Message:
Sending response to socket: 63621
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
LDAP Session continues ...
It's the strangest thing, because it seems to send the request across successfully which is how the request is getting created in CUP but after it succeeds it encounters the exception with the GRC WebService call from the API; any ideas why this is happening? how can we possibly fix this?
Would greatly appreciate any insight / advice on this!
Cheers!
Sandeep -
Error when submitting GRC request from IDM
Hello GRC gurus,
We were running into an issue when trying to set up our IDM - GRC integration; when submitting a request to GRC via the AC Validation task the "Submit AC Request" task always encounters an error, but in spite of which the request still gets created on the GRC end; weirdly enough, 2 requests get created each time:<br>
putNextEntry failed storingcn=TESTUSER,ou=submitrequest,o=grc
Exception from Add operation:javax.naming.CommunicationException: [LDAP: error code 2 - (GRC Submit Request:2:oracle.jdbc.driver.OracleDriver)]; remaining name 'cn=TESTUSER,ou=submitrequest,o=grc'
<br>
On the GRC end we noticed that we are getting the following error:<br>
2011-12-05 20:21:32,046 [SAPEngine_Application_Thread[impl:3]_30] ERROR com.sap.security.api.NoSuchUserAccountException: Cannot find user when logonid is null!
com.virsa.ae.service.umi.UMIException: com.sap.security.api.NoSuchUserAccountException: Cannot find user when logonid is null!
at com.virsa.ae.service.umi.ume.UMESearchUser.getUserById(UMESearchUser.java:304)
at com.virsa.ae.search.bo.SearchUserBO.getUserById(SearchUserBO.java:198)
at com.virsa.ae.ejbutil.submitrequest.RequestSubmissionBean.submitRequest(RequestSubmissionBean.java:564)
at com.virsa.ae.ejb.submitrequest.SubmitRequestEJBBean.getSubmitRequest(SubmitRequestEJBBean.java:45)
at com.virsa.ae.ejb.submitrequest.SubmitRequestEJBObjectImpl0_0.getSubmitRequest(SubmitRequestEJBObjectImpl0_0.java:119)
2011-12-05 20:21:32,064 [SAPEngine_Application_Thread[impl:3]_30] ERROR com.virsa.ae.core.BOException: Error in Searching Users...
com.virsa.ae.core.BOException: Error in Searching Users...
at com.virsa.ae.search.bo.SearchUserBO.getUserById(SearchUserBO.java:201)
at com.virsa.ae.ejbutil.submitrequest.RequestSubmissionBean.submitRequest(RequestSubmissionBean.java:564)
at com.virsa.ae.ejb.submitrequest.SubmitRequestEJBBean.getSubmitRequest(SubmitRequestEJBBean.java:45)
at com.virsa.ae.ejb.submitrequest.SubmitRequestEJBObjectImpl0_0.getSubmitRequest(SubmitRequestEJBObjectImpl0_0.java:119)
As a result of this error GRC AC Submit request never completes successfully and so the polling task never starts, instead immediately the pending values are skipped and removed from the user in question.<br>
<br>
What are we supposed to set the User data source as within CUP? Is there something else we should be doing to fix this?<br>
<br>
Would greatly appreciate your help with trying to fix this!<br>
<br>
Thanks a lot in advance!<br>
<br>
Best regards,
SandeepHi Diego,
Thanks a lot for your quick response! Sorry for the delay in responding; I was travelling.
Uploading the new files from the Note you mentioned allowed us to view what the actual errors were; but we've started running into new errors now; when looking at the operation logs for VDS, I see that the webservice actually returns an operation result of SUCCESS also quoting that "Finished add operation"; which is why the request does in fact get created in CUP but a couple of log entries later after the webservice returns the request number I encounter the following error within VDS:
Exception in GRC WS API call:oracle.jdbc.driver.OracleDriver
Here's the error found in sequence within a set of other operational log messages within VDS:
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
End element SOAP-ENV:Envelope
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
org.apache.axis.i18n.resource::handleGetObject(empty00)
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
NSPop (empty)
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
org.apache.axis.i18n.resource::handleGetObject(setMsgForm)
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Setting current message form to: FORM_OPTIMIZED (currentMessage is now org.apache.axis.utils.ByteArray)
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Exit: SOAPPart::saveChanges(): org.apache.axis.utils.ByteArray@7ecd78
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Operations result is:SUCCESS
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Additional message = msgcode=000;msgdescription=Request Created;msgtype=SUCCESS;requestno=92
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Requst number: 92
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Exception in GRC WS API call:oracle.jdbc.driver.OracleDriver
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
*** Fetch result code ***
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Info Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Operation result: 2
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Warning Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Exception: (GRC Submit Request:2:oracle.jdbc.driver.OracleDriver)
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Returning: opResult:2,info: ((GRC Submit Request:2:oracle.jdbc.driver.OracleDriver))
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Finished add operation
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Sending operation result
Time: Tue Dec 13 18:01:43 GMT 2011 Level: All Thread: Thread[3,3,LDAP
Sessions:main_listener_4389] Logger: Plain Message:
Sending response to socket: 63621
Time: Tue Dec 13 18:01:43 GMT 2011 Level: Debug Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
LDAP Session continues ...
It's the strangest thing, because it seems to send the request across successfully which is how the request is getting created in CUP but after it succeeds it encounters the exception with the GRC WebService call from the API; any ideas why this is happening? how can we possibly fix this?
Would greatly appreciate any insight / advice on this!
Cheers,
Sandeep -
Maintain Validity Date for Mitigation Control Assignment to Users Virsa 5.2
We have over 1,000 SoD's all mitigated. The val;idity date for these mitigation controls needs to be updated. Does anyone know a way to perform a range of updates so it is not necessary to update each user assigned to a Mitigation Control.
The only way to do that currently would be to download the table information, edit in Excel and re-upload the table.
Not for the faint of heart, but doable.
Frank. -
Multiple mitigating controls assigned to one risk
Hello experts. We are using GRC compliance calibrator 5.3. We are just starting to implement mitigating controls. The problem we have is we have multiple mitigating controls per risk. Some risks have one control and some have two or three. When we run our risk analysis the resulting report only shows the first mitigating control it finds.
Just wondering if anyone else has this situation. I wanted to check here before I created a message with SAP.
Thanks
DaveDave,
I think this is how the functionality is. You will have to open a CSS message with SAP.
Regards,
Alpesh
Maybe you are looking for
-
Acrobat 9 Pro and Office 2007 - Incompatibility??
I have been reading comments on other forums about a compatibility issues between these two softwares. See Amazon product feedback reviews on Acrobat 9 Pro for example. Is this a issue users here are experiencing?.
-
i use ant to deploy projects to server: adding properties file (with correct values) to ant build file, then starting ant script - it reports me, that everytjing is ok and ptoject is on server - but thereis no any deployed projects. If I deploy proje
-
Where can I find my settings file in Dreamweaver CS6?
I was given a brand new computer two days ago by our IT staff. They were kind enough to load all of my software onto the hard drive. However, they did not migrate any of my settings over and now I have a problem. All of my ftp information for my w
-
9300 frozen terms and condition help
Today my little brother decided to enter 10 wrong password all at once and it reformatted and when it was done reformatting the terms and condition popped up and it just froze the trackpad wouldn't scroll down or anything and but everything else work
-
Serializing 100MB with rmi: StackOverflowError
Hi all, I want to send 1000 trees with the size of 100 MB from Client to server and back. I want to have a large depth (6400). I use RMI. Now, I made serveral experiences: 1. When I set Xss=10M, Xms=Xmx=15M I am able to send 100 trees with depth=3500