CUP question -GRC 5.3

Similar Messages

• Connect CUP (in GRC 10.0) with ABAP CUA

  Hi ,
  Has anyone a short guide how to connect the CUP in GRC 10.0 with an ABAP CUA?
  We would like to use the CUP to trigger the CUA for the deployment of the CUP assigned authorisations.
  Thank you in advance!
  Br,
  Frank

  Hi Frank,
  There is one for SAP GRC 5.3 that you can access with the below link:
  http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/80ee8c81-7812-2a10-ce91-e1be55f43491
  The GRC AC10 documentation is not available.
  May be this can be an input for the BPX team to create one
  Regards,
  Raghu

• Load approvers, solicitors & workflows to the CUP (SAP GRC AC 5.3)

  Hello,
  I want to know if there is a way to load the approvers, solicitors & workflows to the CUP (SAP GRC AC 5.3) massively.
  Best Regards.
  Pablo Mortera.

  Most of the configuration screens in CUP have an export button and an associated excel/text upload template. Use this template to mass create/update configuration data.
  Regards,
  Alpesh

• Configuring ERM workflow in CUP issue (GRC AC 5.3)

  Hi once again fellow SAP Security Folk,
  Using GRC AC CUP 5.3 SP 13 I am trying to configure ERM workflow for the following scenario :
  Every role change made via ERM requires approval from relevant Business Process (BP) area.  If the role change contains an SOD conflict of Medium or higher then approval is required from a 2nd central approver (basically regardless of the business process area). 
  I have not been able to configure ERM workflow within CUP to be able to do this u2013 I have only been able to configure it for dual approval, i.e. every change must have approval from both BP approver and Central approver before request can progress.  I did this by assigning the Central approver to all Business Processes as an additional approver. This means that the conditions for the scenario above are met but the drawback is that all other requests also require approval from Central approver even though they donu2019t need to, generating additional workload.
  Can anyone advise if this is possible and how to do it ?
  Further info:-
  I have setup in CUP an ERM Initiator, an ERM Custom Approver Determinator (CAD), an ERM Stage.
  I have setup in ERM I have defined Business Process Approval Criteria for each Business Process approver.
  I tried creating a 2nd ERM stage using a separate 2nd ERM CAD but this meant all changes required 2nd approval before request can continue.
  I tried modifying the 1st Stage to Approval type All Approvers but this meant all changes required approval from all possible BP Approvers (instead of any one) before request can continue.
  I tried creating a Detour/Fork but could only see within the Workflow Type selection criteria non ERM workflow types.
  Thanks
  Steve

  You can either type in the configuration, like the what option you selected for approver (CAD or role or...etc), or other way is to capture the change log which shows what was the configuration for that stage....
  (Configuration -< Change Log -> Search Change log)
  Cheers !!
  Zaheer

• CUPS - Question about associating users to lines on phones

  Hello all,
  We are in the process of migrating to an Exchange e-mail environment and at the same time trying to get everything ready for a CUPC deployment. The CUPS server was set up some many months ago, but still has not been put into production so we are finding things that have been missed and need to be cleaned up before deploying to end users.
  The main issue I am facing right now is that not all users were associated to line appearances on their phones. I would have to say maybe 35% of them are set up properly and the other 65% are not associated at all. I am looking for a way to export all the line appearances that do not have users associated to them, but so far I have had no luck. The closest I have gotten is going to Bulk Administration>Users>Line Appearance>Export Line Appearance, but this only shows users that are associated, which is not what I need.
  Does anyone know of a way to get this in bulk format? Or if there are multiple exports I can compare with to get what I am looking for?
  Also side question: Does anyone know what the Owner User ID on the phone itself is needed for. All I find is that it is for CDR records.
  Any help is much appreciated!

  The bulk update of line appearances are  looking for the following headers at a minimum.
  User ID,Device,Directory Number,Partition
  The way i would do it is, use Bulk Admin>Phones>Export Phones>Specific Details of all the phones for which the line appearances needs to be updated and add the User ID field and import it back in. Once you export it out, you will have to do some kind of modification of the data to get it in the right format.
  The Owner User ID field is used for Mobility option, this field is used when there is a mobility softkey enabled and this User ID is what controls whose Mobility is turned off and on.

• Error creating request when using CUP in GRC 5.3

  Hello guru's
  when user is trying to create request in CUP , he is facing an error message at top indicating Error Creating Request ,
  The error message is " * Exception in getting the results from the web service : Service call exception; nested exception is:  java.lang.Exception: Incorrect content-type found 'text/html' * "
  can anyone help me how to trace the problem.
  thanks and regards,
  keerthi

  HI all
  I am also gettting same error like this..We created CUP Requests one hour before ..But we are not able to create CUP Requests now.. I got below error message in system log.
  Risk analysis failed: Exception in getting the results from the web service : Service call exception; nested exception is: com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized. The requested URL was:"http://c700u121.com:50000/SAPGRC_CCRiskAnalysis_V01/Config1?wsdl&style=document"
  2012-03-08 13:05:25,558 [SAPEngine_Application_Threadimpl:3]_23 ERROR com.virsa.ae.core.BOException: Exception in getting the results from the web service : Service call exception; nested exception is:
  com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized. The requested URL was:"http://c700u121.com:50000/SAPGRC_CCRiskAnalysis_V01/Config1?wsdl&style=document"
  com.virsa.ae.core.BOException: Exception in getting the results from the web service : Service call exception; nested exception is:
  com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized. The requested URL was:"http://c700u121.com:50000/SAPGRC_CCRiskAnalysis_V01/Config1?wsdl&style=document"
  at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:199)
  at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:80)
  at com.virsa.ae.accessrequests.bo.RequestBO.saveRiskAnalysis(RequestBO.java:4087)
  at com.virsa.ae.accessrequests.bo.RequestBO.saveNewRequest(RequestBO.java:408)
  at com.virsa.ae.accessrequests.actions.CreateRequestAction.createRequest(CreateRequestAction.java:381)

• CUP question - Possible to restrict available roles based on the requester?

  Helo all,
  One of our customers wants to put restrictions on the access requester in the CUP module: meaning that some requesters should only be able to request roles assigned to functional area u2018Procurementu2019, while other requesters should only be able to request roles that are assigned to all functional areau2019s except for u2018Procurementu2019.
  Do you know if this is possible or do you see an alternative solution?
  Thanks in advance,

  There is no real way to restrict people from doing that, but you could use the buisness process in role attributes to ensure if the select the correct buisness process only roles listed under a particular buisness process are listed when being searched.
  You could make the buisness process field mandatory on the main screen and than that gets carried over when searching for roles, obviuosly that can always be changed by the user.
  regards,
  Chinmaya

• CUPS question

  I'm trying to get my Brother 5070N working via CUPS.  Even though I downloaded the PPD and put it in /usr/share/cups/model it doesn't show up for me to select.  I've also tried using the install option via the gnome-cups-manager but it either tells me that it's already installed (if the PPD I select is in the above folder) or that it's missing an adobe header file (if I move the ppd to root and select it from there.)
  What's the secret?  I notice that there are a lot more files in ppd.gz format in /usr/share/cups/model/C/  Do I have to compress the ppd or something?
  PS: I also have taken the PPD directly from my install CD but have the same problem.  I've checked permissions and ownership and they are ok.

  No, I hadn't restarted CUPS (I wish I could blame that on lack of coffee but truthfully this didn't even occur to me). After doing that the PPD shows up as expected.  Many thanks!

• Role created in ERM is not appearing in CUP request for assignment-GRC 10.0

  Hi,
  We are on GRC 10.0 - SP5
  We have created a role in ERM and it was succesfully created in backend system. However when we tried to assign the same role using CUP request - the role is not appearing.
  1) Do we need to upload roles for CUP  in GRC 10.0 (similar to 5.3) to populate. Will the role doesnot automatically appears in GRC database for CUP as it is created through ERM?
  2) If the roles are imported in ERM with role owner information, does the same reflects for CUP also for role owner approver assignments?
  Thanks and Best Regards,
  Srihari.K

  Hi Sri,
  Is the role status set to "production" ??
  Cheers,
  Diego.

• GRC AC 10 CUP : Provisioning of Approved roles (Line Item)

  Hello Gurus,
  We have configured CUP in GRC AC 10, and mapped a workflow for the same.
  Now when a user request for new roles e.g.) 3 roles
  Role 1 , Role 2 , Role 3 each roles has a different role owner.
  When the request goes to the role owner for approval and 1 of the 3 role owner rejects the request the whole request gets rejected.
  Is it possible to have functionality where roles which are approved will go ahead and get "Provisioned" and the whole request wont completely get rejected ??
  Looking forward for your inputs !!
  Thanks in advance.
  Regards,
  Victor

  Hello Victor,
  I guess you can work with the approval/ rejection level (stage 5 in the WF configuration).
  Have a look at here: http://forums.sdn.sap.com/thread.jspa?threadID=1637574
  Cheers,
  Diego.

• HR Trigger in GRC 10 with interface to change 0105 data

  Hi Friends,
  Has someone had experience of enabling HR trigger with core ECC system built on ECC6.0 and HR system built on seperate ECC5.0 system ?
  Also client has email ids of the employees maintained in 0105 field of HR database instead of user ids.
  Is it feasbile to extract the text before '@' from that email id and treat it as user id for remaining processing ?
  Please provide your views on the same.

  Hi Prashant,
  I have an experience with HR Triggers built on a separate system. The problems are:
  1. If you want to provisioning in the ECC server, you need to assign an ECC role to a position in HR server.
  2. If you want to provisioning in ECC and HR server, you need to:
  a) Assign an ECC role and HR role to HR position
  b) Put those system in GRC customization.
  When HR department made a modification, GRC generated a request with the two roles (corresponding to a position) in the two systems. I do not remember if in the request all 2 roles are shown for each system (even if does not exist in one system).
  For your second question, GRC capture ok the email stored in infotype 0105 subtype 0010 and the user ID is capture from infotype 0105 subtype 0001.
  Regards,

• GRC and CUP and Mobiliity question

  Hello GRC friends:
  In an environment where GRC and CUP are configured and working, the question came to me,
  can the requests for the Firefighter ID be sent to a mobile device?
  The person responsible for the request approval must now sign on thier PC.
  Are there any known impediments to sending these to say an iPAD to be approved?
  Thank you in advance for your assistance.
  Regards,
  Joe Gonzales
  856 912 1136

  HI Josep!
  There are some applications for mobile devices that you'll be able to find here: http://ecohub.sap.com/store/mobility
  This particular application is for GRC approval:http://ecohub.sap.com/store/mobility/catalog/#!solution:SAPGRCAccessApprover
  I don't know the cost and if it's available in your country neither....
  Cheers,
  Diego.

• GRC CUP Custom Approver Determinator Question

  I have a problem that when I add a new approver to one of my Custom approver determinators the change is only applied to new requests at that stage or rerouted requests. Has anyone seen this or know why?

  Hi,
  Lets say ABC is the approver and the requests that are approved in the previous level are with ABC approver queue. Since ABC approver is no more in the organization, you have changed the approver in the configuration and you require all the requests to be assigned automatically to the new approver.
  If this is what you are looking at, its not possible.
  You have to manually re-route the requests to the new approver.
  Regards,
  Raghu

• GRC AC 5.3 CUP to create users in AD?

  Hello Experts,
  Could anyone answer to the following questions?
  Can I script in CUP to update HR master  record email address (infotype: 0105) while request workflow in progress?
  What are the functionalities in CUP can be customized and scripted?
  Thanks in advance!
  Himadama

  Hi,
     As Zaheer mentioned, SAP doesn't allow custom coding or scripting in GRC AC 5.3. I also doubt that you will be able to provisiong user email address in HR record. Mostly, the provisioning happens in user master record (SU01). It would be better if you check it out with SAP.
  Alpesh

• GRC AC 10.0 - CUP User Authentication

  Hi All
  We have installed GRC AC 10.0 as a part of ramp up implementation. We will soon start with the configuration steps. For user interfacing we have 2 options (1) NWBC (2) Portal. Architecture of GRC AC 10.0 is based on webdynpro ABAP.
  Now we had a question wherein if we choose NWBC as a front end, then how do we integrate the LDAP for CUP user authentication.
  If we need to integrate LDAP as a authentication source for users in CUP, do we have the only option of going with Portal as a user interface.
  Please advise.
  Thank you.
  Anjan pandey

  > That feature in AC 10.0 is called End User Login and will have it's own URL to access via browser.
  Thanks Frank for your response. I did go through the RKT documents and seems that there is a link through which the end users will create request. we have also planned to setup a LDAP connectivity for user authentication.
  Thanks.
  Anjan Pandey