CUP - button to reject request inhibited Version 5.3 SP14

Hi,
after it was applied in the SP14 GRC button to reject the request was only inhibited in step functional allowing you to reject functions. Does anyone know why and how to adjust the error?
thanks.

Hello,
we have the same problem with SP14 (SP12 is ok) - after clicking on Reject button the option "Reject Request" is disabled and the option "Reject Roles" is enabled. When approver chooses "Reject Roles" the request is completed and FF account provisioned!
I had to change approving settings for that stage:
Approval Level: "System and Role" -> "Request"
Rejection Level: "System and Role" -> "Request"
Now when there is a request with two FF accounts (and two different approvers) one can approve his FF but when the next approver rejects the request nothing is provisioned.
But better is nothing than provisioning rejected FF account!
Pavel

Similar Messages

  • CUP Automatic reject request

    Hello,
    inspired by the great blog from Frank Bannert (/people/frank.bannert/blog/2009/06/19/configure-bobj-ac-53-cup-that-workflows-only-appear-if-violations-detected) to have a workflow (triggered from IdM) that only appears if SoD-violation is detected, I want to go further:
    Can anyone tell me how to create a workflow step in CUP that automatically rejects the request?
    The idea is to have a request from IdM for a person to get a role. This request now comes to CUP. With the basic construction mentioned in the blog above, there is a obligatory SoD check. If there is no violation, the request is granted in CUP automatically and sent back to IdM. If there is a violation, I now want the request to be rejected in CUP automatically (instead of a manual step with user interaction).
    Is this possible - and how?
    Thanks in advance
    Matthias Arlt

    Hi Matthias,
    maybe I need to correct this - it is technically possible, but you need to make the distinction whether a request had SoD risks on IdM. The risk analysis service will tell you if there were risks, you can have  a "no stage" path to come back without user intervention.
    What is it that you want to mass upload - initial user/role assignments, or ongoing requests?
    You can also do a simulation in RAR before the upload, or a risk analysis immediately after that. If it's a one time thing, it probably doesn't qualify for a special implementation.
    Can you tell us in a bit more detail what it is you want to do? There surely is a solution, it's just not easy to find from the information so far.
    Frank.

  • CUP - field mapping from request to SU01 for Accnt No worked only once

    CUP - field mapping from request to SU01 worked only once. I configured the Field Mapping for Account Number with Account Id. First request worked fine in DEV systems, 2nd and 3rd requests failed. Same thing happened in QA systems. Not sure whether the difference in SP on GRC and ECC is causing this. Any help is greatly appreciated.
    We are currentky on GRC 5.3 ABAP stack SP 14.0  
    and
    ECC - SAPK-53315INVIRSANH VIRSANH 530_700: Support Package 0015
    Any help is greatly appreciated.
    Thanks,
    Vish

    Hi Diego,
    Yes, we are on VIRSANH SP15  also VIRSAHR SP13 for SAP_HR . My connector type is SAP HR System, Version ECC 6.0.
    We are on GRC 5.3  Support Pack 14.0 . Our GRC 5.3 installation is running on ABAP stack.
    It is very strange that in QA client, SU01 got updated atleast 3 times with new account number , user group. Tried 4th time, did not work. In DEV client, it worked only once.
    Thanks,
    Vish

  • [SOLVED]cups web interface bad request error

    Installed cups, libcups and all the other pckages mentioned in CUPS archwiki page and also insatlled cups-pdf. Avahi-daemon is enabled and so does cupsd but on accessing web interface at archlinux:631 it give "Bad Request" message. Basically all I need is a virtual pdf printer like cups-pdf and my hp offficejet 5610 printer connected. any help is much appreciated.
    Last edited by rsplenum (2013-02-04 20:10:28)

    As stated, my home laptop could still access localhost:631 with my ipv6 host line commented out in /etc/hosts. I just updated another post with what I think the problem is, which is a ListenStream=631 line in /usr/lib/systemd/system/cups.socket which did not exist in the 1.7.0 version of cups. The 1.7.1 version was pushed out sometime last month, which might explain these posts only coming up now (there's at least three I've found). Read more via my post in the other thread.
    I know this is solved, but wanted to leave breadcrumbs in related threads in case the solution here doesn't work for those who stumble on this.
    Last edited by jwhendy (2014-02-09 20:15:08)

  • Mitigation still required even for Rejecting Request

    Hello All,
    Risk owner is trying to reject request (Approval status = Reject) but still it says to mitigate risk.
    Also tried to change approval status = Reject and re run risk analysis again in Risk violation table and submit the request. Here it shows no risk(Green) found but upon clicking submit request it says to Mitigate risk.
    We have maintained below under  "Display Task Settings".
    Approve Despite Risk = No
    Approval Level - System and Role
    Rejection Level - System and Role
    I don't feel we need to mitigate risk for rejection?. Please advise.
    Regards,
    Abhi

    Hi Abhi,
    Since you have Approve Despite Risk = No and I also assume that you have already removed "Request Mitigation Policy" from the path SPRO -> IMG -> GRC -> AC -> Maintain AC applications and BRF+ mapping
    Actually how the above settings work is if you have any unmitigated risk (HIGH or MEDIUM or LOW) then approver will not be able to approve the request.
    In your scenario when you change the role approval status to REJECT, even then you are clicking on SUBMIT button which is still considered as APPROVED but rejected the role. I assume there is something wrong in this behavior.
    Does your request contain only one role or multiple roles? Which roles are causing violations? Are you rejecting the role causing violations? As you said after changing the approval status and running risk analysis still your request has violations, there is something wrong in the behavior.
    Please share some screenshots for better understanding.
    Regards,
    Madhu.

  • URGENT: How to delete the request in version management

    Hi,
    Please let me know how to delete a request in version management whcih is not released yet.
    I have released a request to quality server for an object. After that I was asked to make some changes to that object as there are some defects.
    So, i have created a new request and proceeded with the changes. Under that request I have made some changes and activated. but the result is worthless. So, I want to get the result of the object which i have released. i.e. i want to get back only the released request changes.

    Hi,
    yeah............goto version management......first ull hav ur new request......
    below that ull have ur previous request right.............
    check the check box of ur previous request.............
    and click retrine button.......all changes made in ur latest request ll be retrived back to its previous version.........
    come back activete it.............in ur program ull not find ur new useless changes........release it...........
    Cheers,
    jose.........

  • HOW TO CONFIGURE MANAGER or APPROVER USER IN ACCESS REQUEST MANAGEMENT TO APPROVE OR REJECT REQUEST

    hi sap gurus,
    i configured grc 10 system successfully. I created one user: GR_AR_APP001 and assign following roles:
    SAP_GRAC_ACCESS_APPROVER
    SAP_GRAC_ACCESS_REQUEST_ADMIN
    SAP_GRC_FN_BASE
    SAP_GRC_FN_NUSINESS_USER
    and I maintained GR_AR_APP001 in access control owners as "POINT OF CONTACT", "SECURITY LEAD" and "WORKFLOW ADMINISTRATOR"
    but when i am creating access request for new user and defining MANAGER under user details tab as GR_AR_APP001.
    the user GR_AR_APP001 is not receiving any request for APPROVE or REJECT in his WORK INBOX.
    can u please guide me how to configure APPROVER or MANAGER to approve or reject request.
    I will be very much thankful if you guide me successfully.

    Hi Colleen,
    thanks a lot for your time.
    PIC1: I created one user: GR_AR_APP001
    and assigned all the GRC ROLES.
    PIC2: I assigned owner type to GR_AR_APP001 user : POINT OF CONTACT, SECURITY LEAD and WORKFLOW ADMINISTRATOR in NWBC ACCESS CONTROL OWNERS
    PIC3: I created one EUP 980 (copied from default EUP)
    PIC4: I maintained default manager as GR_AR_APP001 user in 980 EUP
    PIC5: I selected SAP_GRAC_ACCESS_REQUEST process id
    PIC6: I created one agent id as ZGRAC_MANAGER11 in which I added approver user id: GR_AR_APP001
    PIC7: I saved agent id
    PIC8: I added agent id as ZGRAC_MANAGER11 in stage5 in manager stage.
    PIC9: I saved
    PIC10: I maintained EUP 980 (in which I configured manager as GR_AR_APP001 user) in stage 5 task settings
    PIC11: Maintain Route Mapping, I clicked on next
    PIC12 and PIC13: I saved and activated.
    After this process I created one request for new account and selected the manager as GR_AR_APP001 and one request is created with request no 9000000030.
    now I logged into system by user GR_AR_APP001 and checked, there is no request under his work inbox.
    please guide me at least one procedure, how to receive request in approver work inbox so that I can learn other procedures to configure approver as per our organization requirement.
    thanks for your support Colleen.

  • In latest version of MF there`s missing button, which was in previous version: between buttons back/forward and the typing bar there used to be little flash, which showed few last pages I have just browsed. How can I restore it?

    In latest version of MF there`s missing button, which was in previous version: between buttons back/forward and the typing bar there used to be little flash, which showed few last pages I have just browsed. How can I restore it?

    If you mean the drop marker then you can still get the History of the Back and Forward buttons if any by either Left-Click and hold for a second or by Right-Clicking them.
    If you still want the drop mark there also then there is this Extension at https://addons.mozilla.org/en-US/firefox/addon/backforward-dropmarker/
    Also the abbreviation for Firefox is '''Fx'''

  • RH7 - Custom WebHelp Pro skin custom "Print" button does NOT display in version published to RH Server 8

    I customized a WebHelp Pro skin using the Omega skin as the basis. Everything works fine except the Print button, which I added using the same Action as shown in the BeautifulVista skin's Print button.
    Local Version (C: drive)
    When I generate my help project and view it locally from my C: drive after I accept the warning about viewing locally, I see the Print button.
    However, it does NOT work.  I've attached a graphic that shows the local version and the skin dialog where I set up the action for the Print button.
    RH Server 8 version
    When I view the same project after I publish it to the server, the Print button does NOT display.
    QUESTIONS ARE:
    How do I get the Print button to function properly (active printer dialog)?
    If it can't work until it is published that fine but then how do I get it display when I view from server?

    Hi there
    Have you tried editing your Window Definition?
    Click View > Pods > Project Setup
    Cheers... Rick
    Helpful and Handy Links
    RoboHelp Wish Form/Bug Reporting Form
    Begin learning RoboHelp HTML 7 or 8 within the day - $24.95!
    Adobe Certified RoboHelp HTML Training
    SorcerStone Blog
    RoboHelp eBooks

  • CUP 5.3 Canceled Request still sending Email

    Hi GRC Experts
    I have a canceled request in CUP that is still sending email to users. Is there a way that I can stop the request from sending more emails? Will Archiving resolve this?
    A swift reply will be appreciated.
    Thanks.
    D

    Sure, the GRC AC application is a Java based application and all the information is stored in JAVA schema in the database, usually the schema name is something like SAPSR3DB.
    Out of curiosity, is that user still getting emails from CUP for the canceled request ?
    Cheers !!
    Zaheer

  • KDC policy rejects request (12) - TGT BASED NOT ALLOWED

    Hi,
    I need to change the kerberos password for the user. Since I'm not able
    to find any open source project doing this, I'm looking forward how is hard to
    implement it.
    But I'm stuck on the first message, while getting the kadmin/admin ticket:
    KDC policy rejects request (12) - TGT BASED NOT ALLOWED
    obviously because it has Attributes: DISALLOW_TGT_BASED.
    How to get this ticket?
    If you know another way to implement a kind of kadmin interface
    (without calling C code) I'll be happy! ;-)

    Ok so on investigation I can see that my 3am hackjob was worse than I thought :|
    I can see that above I have 2 different crypto maps where I thought I had combined them into one. I have now changed
    crypto map rtp 10 ipsec-isakmp
    set peer [source]
    set transform-set MY-SET
    set pfs group2
    match address 111
    to
    crypto map clientmap 10 ipsec-isakmp
    set peer [source]
    set transform-set MY-SET
    set pfs group2
    match address 111
    Still getting the same problem so I'll keep investigating but if anything sticks out let me know
    b

  • Updating and resubmitting a rejected request

    I have a self-requestable resource that needs approval by the requester's manager and then by the resource owner. The self-requestable resource has a form that the requester must fill out prior to submission. If the requestor's manager rejects/declines the request, it looks like the whole request is abandoned. i.e. no further action can be taken by the requestor and whole new request must be started. Am I right here?
    Is there a way to send a rejected request back to the requester so s/he can update the original request and resubmit?
    thanks

    You can regenerate it through other means, but those means will need to invoke the oim apis to generate a new request and populate that data.
    If you have some system that can accept an email and parse the information to perform the functions of connecting to oim and performing those actions, or a custom request process to populate those values, you will still need to either populate them with the apis, or manually.
    -Kevin

  • System requesting latest version of Adobe reader to view file - URL provided, followed the download process however still cant open document. Help?

    System requesting latest version of Adobe reader to view file - URL provided, followed the download process however still cant open document. Help?

    Hi becl43227859,
    Can you please provide the following info:
    1. What is the error message that you are getting?
    2. What was the URL that was provided?
    3. Are you getting this error for a specific document or for all of them?
    4. Can you try downloading Reader DC from Adobe Acrobat Reader DC Install for all versions and re-installing on you machine.
    Thanks.

  • Copy button on Submit request form

    Hi All
    Can we configure Copy button on Submit Request form to view names as per our requirement.
    If yes, How.
    Please share any doc id.
    Thank You for your help!
    -C

    by mistake, got marked as answered.

  • CUP: Auto role reject on submission

    When submitting a request with CUP for multiple roles in some cases I am seeing "<ROLENAME> Role Rejected by system because no approval process is defined" in the audit trail.  The role is given the "Remove" action of role and the request is submitted to the first stage of the initiator.
    These roles do have initiators tied to them so what would cause them to be automatically rejected?
    -J

    When submitting a request with CUP for multiple roles in some cases I am seeing "<ROLENAME> Role Rejected by system because no approval process is defined" in the audit trail.  The role is given the "Remove" action of role and the request is submitted to the first stage of the initiator.
    These roles do have initiators tied to them so what would cause them to be automatically rejected?
    -J

Maybe you are looking for

  • Error when testing a webservice

    hi, I am using Jdev 11 g errors and using the Web service tutorial. Some errors with embedded server (cannot locate policy file). The OS is windows 2003 server SP2 (2GB ram). Please help. [Starting OC4J using the following ports: HTTP=8988, RMI=23891

  • Red hat Linux support for Oracle

    Hi! Can some body tell me which version of Red Hat Linux is supported. I was told that Oracle supports only upto Red hat 7.1 for Oracle 8.1.7.3. thanks

  • Installing Print Drivers [Downloaded from Linksys]

    I purchased my PSUS4 from a buddy at work and he didn't have the disk, so I downloaded the 41MB file from Linksys. When I run the SetupWizard, it doesn't detect the device (have ethernet all wired up and the printer hooked up). However, when I try to

  • Mac mini adapter

    Just ordered a 2010 mac mini, just wondering about the HDMI to DVI that comes with the mini. It appears to be very short, I may have my monitor on a LCD stand with the mini underneath so it may be long enough. It it meant to be used like that or to a

  • IPhone 3g non stop rebooting itself. Please help!

    Hi, I have a iPhone 3g, and last night i replace the batter on it. After 12 hrs later the phone is non stop rebooting itself. Please help!