ERM - Role Not Generated

Similar Messages

• Warning - Role not generated on default connector

  Warning - "Role not generated on default connector" when creating a composite role with derived roles:
  Hi All,
  I get the above error message post addition of roles in the define roles phase of the Role methodology process.
  I have referred through the below note which is valid for Business roles and is for GRC 10 SP12 whereas we are on GRC 10 SP16. I couldn't find a similar note for the Composite role.
  1794860 - Warning message not correct when generated roles added in BR
  Any inputs/notes would be helpful to address this issue to closure.
  Regards,
  Arun

  Hello Arun,
  In SPRO config. there is a setting "Maintain mapping for Actions and Connector Groups".
  Maintain this setting for all the connectors in the landscape and also define one connector as default for all the four recommended actions something like this.
  Regards,
  Deepak M

• ERM: "Role not saved" ?

  Hi All, I've recently imported roles to ERM (SP11) and I've generated the role on the backend successfully. However, if I try to then change the role I'm unable to save the changes for the imported role. Instead a red error message is issued: "X Role not saved."
  This problem appears to only occur on imported roles, but not on new roles created in ERM. Has anyone experienced this problem?  Thanks.
  -Dylan

  Hello Satyabrat,
  Thank for posting the OSS Note. I followed the instructions but still have a problem relating to those specific roles. In the meantime, I've tested the same procedure against another set of uploaded roles from another system, and these roles seem to work well. I'll delete all my roles and reload them once again (we are not yet productive, but nearly there).
  I've also noticed that SP12 is a major SP with many changes, we'll also implement SP12 and the latest RTAs before I re-download and import the roles.
  Best Regards,
  Dylan

• Profiles for Roles showing as not generated

  My newly created roles show that their profile versions are not generated although the authorizations tab in PFCG is green and the authorization profile status states that it is generated.  No errors were encountered when the role was generated.  Older role profiles are OK.
  Any thoughts or suggestions would be greatly appreciated!  Thank you in advance!
  Rose Schirmacher

  My results were the same if generated in Display Authorization Data instead of Change Authorization Data.
  Thoughts?

• ERM error: Field ROLE not a member of INPUT

  Hi Experts,
  After upgrade to 11.2 I'm having this error.
  It appears at the Define Authorization stage after I chose transactions and clicking continue.
  The connectors and JCos are working.
  Please assist.
  Thx,
  Vit V
  edit: All XMLs reloaded and system restarted.
  2010-04-20 11:59:05,575 [SAPEngine_Application_Thread[impl:3]_39] DEBUG Current Module: |RE| Conversation: |cnvRole| Screen: |scrSearchTransaction|
  2010-04-20 11:59:05,575 [SAPEngine_Application_Thread[impl:3]_39] DEBUG  Module#RE#Conversation#cnvRole#Screen#scrManageAuthorization#Action#continueTCodeSearch#
  2010-04-20 11:59:05,575 [SAPEngine_Application_Thread[impl:3]_39] DEBUG Changing Screen: FROM: scrSearchTransaction TO scrManageAuthorization
  2010-04-20 11:59:05,575 [SAPEngine_Application_Thread[impl:3]_39] DEBUG com.virsa.framework.Context : clearScreenRep :   : 6 entries cleared from screen repositiory
  2010-04-20 11:59:05,575 [SAPEngine_Application_Thread[impl:3]_39] DEBUG Handler found:class com.virsa.re.role.actions.AuthAuthorizationDataAction
  2010-04-20 11:59:05,575 [SAPEngine_Application_Thread[impl:3]_39] DEBUG SAPConnectorDAO.java@365:com.virsa.comp.connectors.dao.jdbc.SAPConnectorDAO.findByConnectorName()connectorId: 5; lngId: 1
  2010-04-20 11:59:05,590 [SAPEngine_Application_Thread[impl:3]_39] DEBUG SAPConnectorDAO.java@365:com.virsa.comp.connectors.dao.jdbc.SAPConnectorDAO.findByConnectorName()connectorId: 5; lngId: 1
  2010-04-20 11:59:05,590 [SAPEngine_Application_Thread[impl:3]_39] DEBUG com.virsa.service.sap.SAPConnectorHelper : getClientFromSLD :   : INTO the method SapConnectorDTO :com.virsa.service.sap.dto.SapConnectorDTO@3e0a2020[conClass=,system=COD200,appId=COD200,host=consit-sap,systemNo=00,client=200,userId=codcom,SystemLang=EN,sysId=cod,messageServerGrp=default,messageServerHost=consit-sap,password=xxxxx,type=ECC600,userName=,description=COD200,isSLD=true,isActive=true,isHRSystem=false]
  2010-04-20 11:59:05,590 [SAPEngine_Application_Thread[impl:3]_39] ERROR Field ROLE not a member of INPUT
  java.lang.Throwable: Field ROLE not a member of INPUT
       at com.sap.mw.jco.JCO$MetaData.indexOf(JCO.java:9534)
       at com.sap.mw.jco.JCO$Record.setValue(JCO.java:14923)
  Edited by: Vit Vesely on Apr 20, 2010 12:10 PM

  Hi guys,
  The problem is finally resolved.
  1. Implement SNOTE 1441463
  2. Implement SNOTE 1443612
  3. Register key for object /VIRSA/RE_OBJ_INFO
  4. In SE03 >> Administration >> Set System Change Option. Change /VIRSA/ to modifiable
  5. In Se11 open data type /VIRSA/RE_OBJ_INFO in change mode with the key from p. 3
  6. Edit structure according to Note 1452772. Save and activate.
  7. Implement SNOTE 1452772
  8. Restart grc~reear (or the server)
  ...or wait for VIRSANH patch 12
  Hopefully it will work for you aswell.
  Kind Regards,
  Vit

• Xml is not generating the selected column

  Hi experts,
  I have selected the 3 column in my slect statement with 3 bind variable . But when I save my datamodel and generate the xml , My xml is not showing the selected three column...please find the blow query.
  Select BAL_ATT.TRANSACTIONAL_AMOUNT_WD0,
  BAL_ATT.FUNCTIONAL_AMOUNT_WD0 ,
  SIGNOFF.CODE_COMBINATION_ID,
  RT.ROLE_NAME
  from
  MLC_BAL_ATTRIBUTE_T BAL_ATT /* A_MLC_BAL_ATTRIBUTE */ ,
  MLC_USER_T US/* A_MLC_USERS */ ,
  MLC_BAL_SEGMENT_T BAL_SEG/* A_MLC_BAL_SEGMENT */ ,
  MLC_SIGNOFF_T SIGNOFF /* A_MLC_SIGNOFF */ ,
  MLC_LEDGER_ROLE_HIERARCHY_T RHT,
  MLC_ROLE_T RT , MLC_LEDGER_T Leg,
  MLC_LEDGER_COMPONENT_T LC
  where ( SIGNOFF.CODE_COMBINATION_ID = BAL_ATT.CODE_COMBINATION_ID
  and SIGNOFF.CODE_COMBINATION_ID = BAL_SEG.CODE_COMBINATION_ID
  and SIGNOFF.MONTH_END_DATE = BAL_ATT.MONTH_END_DATE
  and RHT.LEDGER_ID= SIGNOFF.LEDGER_ID
  and RHT.LEDGER_COMPONENT_ID=SIGNOFF.LEDGER_COMPONENT_ID
  and RT.ROLE_ID=RHT.ROLE_ID
  and LC.LEDGER_ID=SIGNOFF.LEDGER_ID
  and LC.LEDGER_ID=LEG.LEDGER_ID
  and (US.USER_ID =SIGNOFF .ROLE4_USER_ID or
  US.USER_ID =SIGNOFF .ROLE3_USER_ID
  or US.USER_ID =SIGNOFF .ROLE1_USER_ID
  or US.USER_ID =SIGNOFF .ROLE2_USER_ID
  or US.USER_ID =SIGNOFF .ROLE5_USER_ID)
  and LEG.LEDGER_NAME IN (:LEG)
  and RT.ROLE_NAME IN(:ROLE)
  and LC.LEDGER_COMPONENT_NAME IN(:LEG_COMP)
  and (SIGNOFF.ROLE1_STATUS is null or SIGNOFF.ROLE2_STATUS is null or SIGNOFF.ROLE3_STATUS is null or SIGNOFF.ROLE4_STATUS is null or SIGNOFF.ROLE5_STATUS is null))
  Let me know If I need to do some configuration.
  I need to generate the xml and then need to import it my rtf template...

  Hi RavindraKshirsagar,
  We have a problem like you faced. Our requirement is that, we need to generate dynamically the PERSON element in our javabean.
  <xs:element name='SERVICE_REQUESTER'>
            <xs:complexType>
                 <xs:sequence>
                      <xs:element ref='ORGANIZATION' />
                      <xs:element ref='PERSON' maxOccurs='unbounded' />
                 </xs:sequence>
            </xs:complexType>
       </xs:element>For this maxOccurs, as JAXB is not generating any Setter Method. As we need to get data dynamically from external application. If you could help us in handling this case dynamically, it will be well and good.
  Please send us the script / code asap.

• Profile not generated

  Hi all,
  In transaction PFCG,I have copied a SAP standard role (SAP_BC_USR_CUA_SETUP_CLIENT) to Z_SAP_BC_USR_CUA_SETUP_CLIENT. But in the authorization tab, when I am trying to generate the profiles..it says profiles not generated and it also created a profile name. I have copied one SAP standard role similarly..it worked fine. Can any one please advise.
  Thanks in advance,
  Ram.

  I am sorry. Here is the link which I have gone through and solved my problem.
  http://help.sap.com/saphelp_nw04/helpdata/en/52/67151e439b11d1896f0000e8322d00/content.htm
  Thanks.

• Rejected email notification are not generated in CUP 5.3

  Dear Experts,
       The rejected emails are not getting delivered to the user in a particular scenario. Below is my scenario where the email is not generated
  1) The request has two roles with two role owners / BDOs
  2) The rejected email delivered if the manager rejects the request
  3) the rejected email is not delivered if one of the bdo rejects the request first and then the other BDO approves the request later.
  4) The rejected email is delivered to the user if one of the BDO approves first but the other BDO rejects only after the first BDO approved the request.
  Our conclusion is that the rejected email will be delivered only the last BDO rejects the request but we want the email delivered at any level.
  We are looking for some solution for the step 3 in the above mentioned steps. Any help or solution is appreciated.

  Varma,
     You have two approvers in the same stage (BDO) whereas manager stage has only one approver. Whenever manager approvers/rejects there is noone else changing the approval and it goes to next stage. In the next stage (BDO), anyone approver can change the approval before it gets routed to the next stage. Can you check the rejection level setting in the BDO stage configuration? If you set the rejection level to request instead of role, this should reject and close the request and CUP will send the email notification.
  Regards,
  Alpesh

• ERM - Role Data Authorization

  Hello everyone
  Does ERM add authorization objects checked by transactions inserted  during role creation? Whenever I create a role with ERM it is generated in backend but with no authorization data. I presume It should include at least the S_TCODE object.
  Is this a task that should be done manually from ERM for each transaction added to a role?
  Thanks!
  Jaime

  Hi Jaime,
      ERM will offcourse add the authorization data when the transaction code is added to the role. For this to work, you need to make sure that you have run all the necessary background jobs (org value sync, activity value sync, tcode sync) successfully.
  Regards,
  Alpesh

• Composite role not showing in Access request screen. (BRM not used)

  Dear All
  I have created a composite role in backend system with 2 single roles.
  a. I have imported the single roles using the NWBC screen.
  b. run the auth sync job.
  c. imported the composite role as a techincal role using the NWBC import screen.
  the import procedure was successfully completed.
  But when i try to search for the role in Access request screen for a user - i can only see the single roles & not the composite roles?
  Pls advise
  Raju

  Hi Raju,
  In addition to Alessandro's valuable inputs, you need to be sure whether or not you were able to generate the composite roles (in NWBC).
  The final stage of the composite role has to be in complete status.
  Regards,
  Ameet

• Master - Derived roles -- some generated some ungenerated.

  All,
  We know how to solve this issue but we would like to know what causes it and how to prevent it in future development.  Example:  We have roles that have been created from one master role.  There are probably 80-90 derived roles from this one master role all with a small variation of company code and release code.  These roles have been implemented for over a year or more and nothing has been added to the master role to be pushed down.  The only change has been an derived roles added with new company code/release code.  When these roles are created the master roles gets generated and then pushed down through all the derived roles once the specific authorizations are added.  I development is shows that everything is in sync and is all green.  In quality and production it willl show that for each company code release code 01-06 are green, 07-10 are red and 11-15 are green.  Its always the same release codes for each company code that show are ungenerated. 
  This is just one example we have other roles that have been created and at GOLIVE (3 years ago) and the newly created derived roles is green where as certain older ones are not.  We thought it had to do with the generation of new roles but I just created a new company code from the example above and it is the same way.
  Is there a certain procedure that makes this happen, or is there a way to prevent this?  Also, with this in production and not being able to generate these roles in production is it hurting or will it affect anything within the roles transactions if there are authorizations in the role, and a profile assigned to the role for a generated authorization but the authorization stop light shows red will this affect anything?
  Any help or ideas are greatly appreciated.
  Thanks,
  -Daniel

  Daniel,
  we need to analyze from different angles like:
  1.Have u generated roles in DEV system ?? Hope no organisational values are missing in authorizations tab.
  you need to mass generate the profiles! (SUPC)
  2. When creating the transport the person might have forgot to  unchecked to transport the profiles as well.
  3.. some changes were made to the roles after the transport was created.
  Plz Refer to SAP Note 571276 and the following link:
  Re: Changes to Role
  4. If any system upgrades might have change the auth tab to red. (but in your case it with org levels)
  5. These type of mistakes happen if any new person have joined & without proper reading  company documentation, might  have the changed the roles.
  6 Finally, check whether company code & release code exist in QA & PRD.
  Thanks,
  Sri

• "save derived roles" and "generate derived  roles"

  Can anyone tell the difference between "save derived roles" and "generate derived  roles".

  Hi,
  Save Derived role will save the changes you made to the role(Eg: You might have added a new org value for company code)but this will not be reflect to the users and user masters remain the same unless you generate the role.
  Once the Role is generated user masters and profiles are updated.
  Rakesh

• Profile not generated after transport.

  Hi All,
  We are facing an issue in which I transported a role from DEV to PRODUCTION through Q.
  Our role is generated in DEV......but not in Q and Production.
  As per earlier posts in the forum,I checked table PRGN_CUST in the DEV and PROFILE_TRANSPORT value is  set to YES.
  Also,the role was added to the transport only after profile was generated
  Has anyone faced similar issues?
  Peeyush.

  Hi Piyeeush,
  Did you found a solution to your problem? I have the same issue!
  I've created a new role in Dev, created & generated the profile. Once role is transported in Quality, the profile is transported but with the status : Current version not generated.
  the strangest part is that i didn't realize that directly... in the meanwhile, the role was already in used in production by a test user who didn't encountered any problem while testing!
  basically, the role is now in production, used by one user who can execute all transaction listed in the role... but the profile isnt generated and the user comparison cannot be complete due to that.
  any explanations?
  maybe i should create a new topic tho

• Current version not generated!

  Hello Colleagues,
  I have a role in one system where I transported into another system.
  I selected the flag of "Also Transport Generated Profiles for Single Roles" when I transported the role.
  And when the import is done in the target system, I see that the Authortisation tab in PFCG for this
  role is Yellow and the status is 'Current version not generated'. So I'm forced to generate profile manuallt for this role.
  Can anyone tell what is the reason for the profiles not getting generated while importing?
  Thanks a lot in advance.
  Thanks and Regards, Pradeep

  Hello Pradeep,
  Please check SAP Note [571276|https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=571276].
  I am sure you are facing the problem due to one of the reasons mentioned here.
  Regards,
  Subbu

• Creating  Transformations -- Automatic Rules not Generating

  Hi All,
  I am Trying to create Transformations from Data source to DSO,
  Automatic Rules not Generating, I have more that 120 Objects in DSO but it is generating only 2 roles , I am manually creating remaining rules …
  For automatic rules generation what I have to do ???
  Regards,
  Shaik

  Hi Anil,
  Thanks for quick Response ,
  I am trying this , I am installing Transfer rules from BC, once Transfer rules  Activate, I think it will work,
  I need to know from u is this right way to do this????
  Regards
  Shaik