CUP 5.3 (SP11) Risk Owner Approval in CUP workflow

Similar Messages

• Risk Owners approval using ABAP Function class

  Dear All
  I have implemented ABAP function class ZCL_GRAC_WFA_RISK_OWNER to identify the risk owners once the role approval is done, the Workflow is working fine with one exception.
  My scenario is like this - i have mapped P059 risks to PR risk approver coming from PR role, S007 risks is mapped to SD risk approver coming from SD role, so when the role owner have approved both the roles, i would like to send seperate risk approval requests to 2 diff risk approvers as per my mapping.
  But currently P059 & S007 risks are routed to both approvers at the same time & when one of them approves the risks - both risks get approved & provisioning is taking place.
  i would like 2 risk approval to be put in place - any idea on how to acheive this?
  Naveen

  Dear Hari
  Thanks for your response.. Yes i have implemented the note 1670504..
  As mentioned earlier i have checked my Risk approval Stage setting with both options "ALL APPROVERS" & "ANY ONE APPROVER"
  but still when one of the risk owner approves all the risks are get approved & the provisioning is completed.
  PFA
  Do let me know if you have any more options.
  Naveen

• Risk Mitigation approval in CUP

  Hi All
  I am trying to mitigate a role for a specified risk. The workflow gets successfully trigerred from RAR and is shown to the approver in CUP. However when the approver tries to approve the request in CUP, system shows an error "Error Processing your request, Request no.__ in stage: CC_MITOBJ"
  Can someone help me out in resolving this.
  Thanks
  Nitin

  Hi,
  I am not getting the link to Mitigate the riks for the Roles requested from CUP. when I am trying to select the risk to mitigate after the Risk Analysis is done from RAR and the report is fetch to CUP no links are showing. It shows error on the screen "Correct the following errors: Select a risk."
  The message "Error on page" shows in the bottom left corner of the browser. I can not go any further to mitigate the risk.
  The soluition was put to import the AE_init_append_data.xml as instructed n the A 5.3 installation guide. This file contains lines for background color that ar enecessary for display of the Risk. each support package of 5.3 has this file and is delivered in the .SAR file, and this should always be updated if delivered.
  I have tried this and still falling to Mitigate the risk as the problem remains. May I know if you have some other solution or if you can provide me with the correct and update file for above request.
  Thanks,
  Abhimanyu

• GRC AC 5.3 - CUP automatically pick up Risk Owners?

  Hi GRC Experts,
  Just wanted to know, is there any way CUP can pick up Risk Approvers without configuring them in CAD? Role approvers automatically get picked up when choosing the "Role" as the approver determinator within a CUP "stage"; Is there any such option for a CUP stage to pick up the Risk Approvers in the same manner?
  Thanks and Best regards,
  Sandeep

  Hi Chinmaya,
  Firstly, thanks for your help and support.
  According to the post, I mean when the user manager or approver, receives the request to assign one role to a user, the approver has to decide the needs of the user to use that role.
  Then the approver can check (clicking on Risk Analysis button) the number of concflicts or criticals risk that the user could violate. The issue is when the approver launched the anaylisis and it shows same conflict risks that have been mitigated in the previously assignment. It may show the possible risks between the new role and the others, isn´t it?, or instead of the case ,that the oldest risks are showed. Must that  risks showed  as mitigated?
  Thanks, regards.

• CUP 5.3 (SP12) Risk Analysis Errors in CUP

  Hello Experts,
  When I run risk analysis in CUP for user provisioning. I get an error message:
  Risk analysis failed: Exception in getting the results from the web service : Service call exception; nested exception is: java.lang.Exception: Incorrect content-type found 'text/html'
  Connector names are the same across all the components. We have a CUP test environment with SP11, and we did not have this kind of errors. I virtually tried everything I could.
  If you can, please assist me.
  HM

  Hello HM, 
  I had this error when I first upgraded to SP12 but I don't know if it is a SP issue or not.
  My CUP --> RAR SOD Analysis works for me on SP12.
  You might try double checking the following:
  1. Check all CUP configuration Web Service parameters in CUP --> Configuration --> 1) Risk Analysis & 2) Mitigation.
  2. Check that you uploaded the latest UME roles that were delivered with SP12.
  3. Check the UME user that is configured in CUP for risk analysis to make sure the password is still correct and that it has enough assigned roles.
  4. Make sure you uploaded all the required XML configuration files to CUP --> Configuration --> Initial System Data.

• Request owner approval in Transport Workflow (DEV to QTY)

  Hello,
  I have set up the transport workflow between DEV and QTY systems on ERP6.
  I need to allow developers and consultants to approve their own transport proposals in order to facilitate transport to the QTY system.
  Currently, when an user releases a transport request and creates a transport proposal, the approval message is sent to the TMS Worklist.
  Therefore, only administrators can approve transport proposals.
  How to allow users to approve and import their own requests through the Transport Proposal Inbox in Transport Organizer (SE10) ?
  Thanks in advance.

  Hi Serguei,
  Please check whether you have specified &_WF_INITIATOR& as excluded agent.
  Please remove &_WF_INITIATOR& as excluded agent.
  With Best Regards
  Julia

• Risk Owners/BPO

  working for a global client that has an existing process in place for mitigating controls using the SAP usergroup as the location. Each location has a unique Risk Owner/BPO.  Is there any way to do this for User Access Review/SOD reviews in GRC 5.3 SP11?

  Dear Hari
  Thanks for your response.. Yes i have implemented the note 1670504..
  As mentioned earlier i have checked my Risk approval Stage setting with both options "ALL APPROVERS" & "ANY ONE APPROVER"
  but still when one of the risk owner approves all the risks are get approved & the provisioning is completed.
  PFA
  Do let me know if you have any more options.
  Naveen

• Risk analysis after approval in CUP

  Hi,
  Can it be possible? CUP to do automatic risk analysis after the request is approved by the role approvers.  If there are no risks, roles will get provisioned. If risks exist based on the risk ID to have the request forwarded to the risk owner where the mitigation control, monitor details are entered.
  Please provide your inputs.
  Thanks
  R R

  Not a good idea, generally.
  What you can do is have the risk analysis performed automatically on request submission. The approvers would see the risks, but you can allow them to ignore them and have a detour on the last approval step.
  This has a few quirks:
  - if your last approval is a role approver, i.e. there may be a split approval to several people, the detour is tricky.
  - if one of the approvers changes something in the request, the risk analysis is invalid.
  I would also question the general idea - usually in case of risks, one of the approvers should also take action. If all they do is approve, get them out of the way.
  Unfortunately there is no step that says "automatic risk analysis, no manual approval required". That's an enhancement I would also welcome.
  Frank.

• Error in Provisioning Risk Update Request in CUP

  Dear Experts,
  I have configured all the required settings to configure Risk create/Update and change workflow in CUP.
  I am even successfully generate the requests type Create Risk in CUP from RAR.But , not able to generate request type update risk from same path and recieving error provisioning request at stage -
  Please provide any clue to resolve this issue.I am in SP12
  Thanks,
  Mukesh

  Please find..
  I am trying to remove a function from the below risk ID in RAR.
  getting this error when approving in CUP.
  2011-04-19 09:15:29,943 [SAPEngine_Application_Thread[impl:3]_74] ERROR com.virsa.ae.accessrequests.bo.RequestExitServiceHelper : callExitService() :   : Exception in calling the exit service,  error code : -1, error message : ERROR: Risk: B001 has exceeded the maximum number of rules (46,655) that can be generated for a risk
  2011-04-19 09:15:29,946 [SAPEngine_Application_Thread[impl:3]_74] DEBUG com.virsa.ae.accessrequests.bo.RequestBO : updateRolesForProvision() :   : INTO the method for reqno : 1116
  2011-04-19 09:15:29,946 [SAPEngine_Application_Thread[impl:3]_74] DEBUG com.virsa.ae.accessrequests.bo.RequestBO : updateRequestApplicationForProvisionStatus() :   : INTO the method for reqno : 1116
  2011-04-19 09:15:29,946 [SAPEngine_Application_Thread[impl:3]_74] DEBUG com.virsa.ae.accessrequests.bo.RequestBO : updateRequestApplicationForProvisionStatus() :   : listApplicationDTOs : []
  2011-04-19 09:15:29,946 [SAPEngine_Application_Thread[impl:3]_74] DEBUG com.virsa.ae.accessrequests.bo.RequestBO : insertRequestApplicationForProvisionStatus() :   : INTO the method for reqno : 1116
  2011-04-19 09:15:29,948 [SAPEngine_Application_Thread[impl:3]_74] ERROR Exception in calling the exit service,  error code : -1, error message : ERROR: Risk: B001 has exceeded the maximum number of rules (46,655) that can be generated for a risk
  com.virsa.ae.service.ServiceException: Exception in calling the exit service,  error code : -1, error message : ERROR: Risk: B001 has exceeded the maximum number of rules (46,655) that can be generated for a risk
       at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.callCCExitService(RequestExitServiceHelper.java:277)
  Thanks,
  Mukesh

• GRC 5.3: CUP asks to perform risk analysis even when there are no risks in request

  Hi All,
  We recently upgraded from GRC 5.3 SP13 to SP22.
  The one issue which we are facing after upgrade is that now CUP is forcing approvers to do Risk Analysis, even when there are no risks in the CUP Request, that is Risk Tab is Green.
  Previously approvers were able to approve requests without doing risk analysis, if there were no risks in the request.
  CUP used to force them to do risk analysis only when there were risks associated with requests.
  But now, it is forcing approvers to perform risk analysis, even if there are no risks, i.e. approvers are not able to approve requests without any risks without doing risk analysis.
  Please advise.
  Thanks
  Aditi

  Hi,
  Can you check if any change is made in Configuration -> Workflow -> Stage -> Approvers
  Regards,
  Claudio

• Mitigation Control Owner instead of Risk Owner.

  Hi All,
  In a Provisioning request after Risk analysis if there is any SOD found then request needs to be forwarded to Mitigation Control Owner instead of Risk owner
  Please advice whether standard Functionality in GRC 10.1 address this requirement or it needs development.
  Thanks in Advance

  Hi Babu,
  There is no standard functionality to forward this to mitigatiion control owner.
  Even forwarding to risk owner ,you may need some customization as per SAP Note 1670504.
  Thanks,
  Mamoon

• CUP v5.3 SP11.1 - CUP Request button "Existing Roles/Groups"

  Hi!
  Re: CUP v5.3 SP11.1 - CUP Request button "Existing Roles/Groups"
  Can anyone explain why some of our CUP users will see this CUP button in the CUP Request and others will not? Are they missing a UME "ACTION"?
  The button works fine, but it only shows up for some users and not others.
  Thanks for your help!
  -john

  Hello ,
  For Approvers , the button "Existing Roles /Groups" will be visible only when the following "stage" level setting is set
  Change Request Content = Yes
  Add Role =Yes .
  Regards
  -Ranjiv

• Risk Analysis in a CUP request

  Is there any way to run a Risk Analysis in a CUP request on different Rule Sets?
  Letu2019s say you have 3 different Rule Sets like US - EU u2013 Global defined in RAR. Each one includes its own risks. In a CUP
  request, it shows risks based on the u201CVirsaCCRiskAnalysisServiceu201D defined in your CUP config.
  In our case we use the global Rule Set but the problem is for an EU request you can have US risks appearing that must be mitigated even if those risks are not relevant for EU.
  It would be great if we could link the attributes Company or Functional Area directly to a specific rule set.
  Please help/comment on this issue.
  Regards

  Hi,
  When we perform risk analysis on the request, ruleset for the risk analysis for CUP request is picked from RAR default values.
  RAR-> Configuration-> Default Values-> Default rule set for risk analysis.
  This rule set is picked by CUP to perform the risk analysis.
  With the current design it is not possible to link  the attributes Company or Functional Area directly to a specific rule set.
  Kind Regards,
  Srinivasan

• Risk analysis failed in CUP

  Hi,
  We have same connector name in CUP and RAR but risk analysis failed and throws error "Risk analysis failed: ExceptionRisk Analysis failed"
  have a look on detailed log as follows.
  2012-01-03 17:54:54,044 [SAPEngine_Application_Thread[impl:3]_7] ERROR Ignoring exception : com.virsa.ae.service.messaging.MessageNotFoundException: Code: '9923', Locale: 'en'
  com.virsa.ae.service.messaging.MessageNotFoundException: Code: '9923', Locale: 'en'
       at com.virsa.ae.service.messaging.MessageFormatter.formatAsText(MessageFormatter.java:103)
       at com.virsa.ae.commons.utils.JSValidationUtil.getMessage(JSValidationUtil.java:467)
       at com.virsa.ae.commons.utils.JSValidationUtil.formatMessage(JSValidationUtil.java:523)
       at com.virsa.ae.commons.utils.JSValidationUtil.formatMessage(JSValidationUtil.java:548)
       at jsp_common_import_export1321962467821._jspService(jsp_common_import_export1321962467821.java:60)
       at com.sap.engine.services.servlets_jsp.server.jsp.JspBase.service(JspBase.java:112)
       at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:566)
       at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:190)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.include(RequestDispatcherImpl.java:509)
       at com.sap.engine.services.servlets_jsp.server.jsp.PageContextImpl.include(PageContextImpl.java:176)
       at jsp_cfg_support1321962466399._jspService(jsp_cfg_support1321962466399.java:148)
       at com.sap.engine.services.servlets_jsp.server.jsp.JspBase.service(JspBase.java:112)
       at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:566)
       at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:190)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at
  Thanks,
  nayana

  Hi,
  We have uploaded the latest xml files as per service pack still getting message risk analysis failed . Have a look on following log
  and advice me.
  2012-01-04 23:45:45,273 [SAPEngine_Application_Thread[impl:3]_32] ERROR com.virsa.ae.core.BOException: ExceptionRisk Analysis failed
  com.virsa.ae.core.BOException: ExceptionRisk Analysis failed
       at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:199)
       at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1167)
       at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:381)
       at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:118)
       at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  Caused by: com.virsa.ae.service.ServiceException: ExceptionRisk Analysis failed
       at com.virsa.ae.service.sap.RiskAnalysisWS53DAO.determineRisks(RiskAnalysisWS53DAO.java:591)
       at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:119)
       at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
       ... 24 more
  Thanks,
  nayana

• Owner Approval in Distribution List Management using smtp server

   can it be possible that we can use owner approval in Distribution list management in FIM 2010 Portal???
  Customer not using Exchange in their environment we have use another solution for ower approval.
  It would be really apriciated if some can help on this.
  Thanks- Ankit Gupta

  On Tue, 6 May 2014 15:53:07 +0000, ankitgupta25 wrote:
   can it be possible that we can use owner approval in Distribution list management in FIM 2010 Portal???
  You have already started a thread about this issue. Please do not create
  multiple threads on the same subject, thanks.
  Paul Adare - FIM CM MVP
  "The PROPER way to handle HTML postings is to cancel the article, then hire
  a hitman to kill the poster, his wife and kids, and fuck his dog and smash
  his computer into little bits. Anything more is just extremism." -- Paul
  Tomblin