Error in Auto Provisioning ( Access Enforcer )

Similar Messages

• Error in Creating Request - Access Enforcer

  Hi,
  When using copy request option to create a request similar to another user and creating  10 user IDs simillar to other ID, Iam getting error" error in creating request".
  When I look at log report it is giving Ora-XXXXXX error Unable to save the request.
  How to fix this issue?
  Thank you,
  Vijay

  Hi,
  This looks more like an Oracle problem; did you check everything's ok regarding tablespaces, redo-log, available space for tables,indexes, etc.
  Karim

• SP12: CUP: Error for requesttype "change" at auto-provisioning

  Hello,
  We have an error while auto-provisioning a change-request in CUP.
  The request stages can be approved correctly but after the last stage, the request is rerouted to administrator because of escape-route settings. (auto provisioning failures)
  So the audit trail reports an error at auto-provisioning, BUT in the backend-system the user was changed correctly.
  If we now want to approve the request on admin-stage, the error appears again. So we have a closed loop reaction.
  Any ideas?
  Does anybody have the same issue?
  Our client have the same problem with SP12 on the prod.system but in the dev.system (also SP12) we can create the request well.
  Thanks,
  Alexa

  2010-10-15 13:45:54,456 [SAPEngine_Application_Thread[impl:3]_32] DEBUG  ProvisioningBO.java@1794:getProvisioningStatusDTO() : OUT of the method
  2010-10-15 13:45:54,458 [SAPEngine_Application_Thread[impl:3]_32] DEBUG  ProvisioningBO.java@1827:getProvisioningStatusDTO() : OUT of the method
  2010-10-15 13:45:54,458 [SAPEngine_Application_Thread[impl:3]_32] DEBUG com.virsa.ae.accessrequests.bo.ProvisioningBO : autoProvision() :   : listMessagesForSysType,list size=1
  2010-10-15 13:45:54,459 [SAPEngine_Application_Thread[impl:3]_32] DEBUG com.virsa.ae.accessrequests.bo.ProvisioningBO : autoProvision() :   : listMessagesForSysType #0# element:com.virsa.ae.configuration.po.ApplicationLogPO@31cf3f2[userId=GRC_20,emailId=<null>,reqNo=716,system=LS_DI6_300,recDate=10/15/2010,changedBy=AKOLB,logAction=USER CREATE,newValue=GRC_20,description=<null>,error=true,singleMessage=false]
  2010-10-15 13:45:54,461 [SAPEngine_Application_Thread[impl:3]_32] DEBUG  ProvisioningBO.java@248:autoProvision() :  Preparing Provision to SAP ... DONE
  2010-10-15 13:45:54,463 [SAPEngine_Application_Thread[impl:3]_32] DEBUG  ProvisioningBO.java@277:autoProvision() : OUT of the method
  2010-10-15 13:45:54,465 [SAPEngine_Application_Thread[impl:3]_32] WARN   RequestBO.java@5924:autoProvisioningForApprove() : Exception occured during auto provisioning , error messages : [com.virsa.ae.configuration.po.ApplicationLogPO@31cf3f2[userId=GRC_20,emailId=<null>,reqNo=716,system=LS_DI6_300,recDate=10/15/2010,changedBy=AKOLB,logAction=USER CREATE,newValue=GRC_20,description=<null>,error=true,singleMessage=false]]
  2010-10-15 13:45:54,469 [SAPEngine_Application_Thread[impl:3]_32] ERROR  RequestBO.java@6665:approveRequest() : AutoProvisioning Exception, checking if the escape route is enabled
  2010-10-15 13:45:54,478 [SAPEngine_Application_Thread[impl:3]_32] ERROR  RequestBO.java@6681:approveRequest() : AutoProvisioning Exception, escape route is enabled, going for the escape route
  2010-10-15 13:45:54,490 [SAPEngine_Application_Thread[impl:3]_32] DEBUG com.virsa.ae.accessrequests.bo.RequestBO : rerouteRequest() : AKOLB : INTO the method with toPathName : , poRequestDetails : com.virsa.ae.accessrequests.po.RequestDetailsPO@70e31b05[requestForOthers=false,userLookupEnabled=false,userIDFieldEnabled=false,userFirstNameFieldEnabled=false,userLastNameFieldEnabled=false,approverLookupEnabled=false,locationFieldEnabled=false,departmentFieldEnabled=false,emailFieldEnabled=false,telephoneFieldEnabled=false,companyFieldEnabled=false,employeeTypeFieldEnabled=false,managerTelephoneFieldEnabled=false,managerEmailFieldEnabled=false,managerNameFieldEnabled=false,requestorTelephoneFieldEnabled=false,requestorEmailFieldEnabled=false,requestorNameFieldEnabled=false,addRole=false,approveReject=,approveRejects=approveRejects,accessChanged=false,fileAttached=false,reqDataApplProvDTOs={com.virsa.ae.dao.dto.RequestDataApplicationProvisionDTO@46b5291a[reqNo=716,application=LS_DI6_300,provisionAction=ASSIGN_ROLES,userId=GRC_20,roleId=2,isProvisioned=true,isNew=false,LMD=<null>],com.virsa.ae.dao.dto.RequestDataApplicationProvisionDTO@1f9d8e3a[reqNo=716,application=LS_DI6_300,provisionAction=ASSIGN_ROLES,userId=GRC_20,roleId=3,isProvisioned=true,isNew=false,LMD=<null>],com.virsa.ae.dao.dto.RequestDataApplicationProvisionDTO@20e4920d[reqNo=716,application=LS_DI6_300,provisionAction=ASSIGN_ROLES,userId=GRC_20,roleId=4,isProvisioned=true,isNew=false,LMD=<null>]},accntValidationmsgs=[],connectionFailedSystems=,userExistSystems=,userNotExistSystems=,comm_method_type=,cstmFldName=,usersPOList=[com.virsa.ae.accessrequests.po.RequestUserPO

• Handling Auto-provisioning failure Manually?

  Hi all,
  WE are going with auto-provisioning for ECC and EP systems.
  I am looking for some suggestions,incase auto-provisioning failed due to some reason.
  I tweaked the connector settings in Portal that will throw some error. Then I configured the escape route for 'Auto Provisioning Failure'. The request goes thro' the escape route to the GRC Admin to fix the auto-provisioning issue. But this is delaying our access provisioning process. I am looking for ways to approve and close the request in case of errors.
  Is there a way to let the user provision manually and document the reasons in the comments and close the request?
  I should just approve and close the request without triggering auto-provision incase of errors.
  Can this be done?
  Thanks in advance..
  Kee

  Hi Siri,
  There are two modes in CUP for provisioning manual and auto however it is not possible for  approvers to switch between these two. This configuration is applicable only all the requests.
  If you have auto provisioning off then in all the request approvers will get "Create User or Assign Role" buttons by which they have to do the manual provisioning.
  The error in auto provisioning is not a usual thing which happen in production environment  and when this happen this should be corrected immediately. If this take some time you can create system level  auto provisioning setting where you can disable the auto provisioning for one system which is causing issue in your environment and provisioning in other system will be working automatically.
  Thanks

• Deleting Workflows in Access Enforcer

  Hi,
       I am trying to delete 'Paths' in AE and receive the below error.
  <b> Error deleting Workflow Path. There are about 20 requests tied to this path.</b>
  This is in the sandbox and the processing of requests does not really matter.
  The 20 requests were for New Account creation, because of errors in Auto Provisioning the requests were not processed through the entire path, and were set to CANCEL status via the administartion function.
  Despite setting to CANCEL I am unable to delete the path. Do we have a procedure/step to be able to delete a path in AE?
  Thanks

  Hi all,
  after speaking with SAP support, the following SQL statements should be executed to delete "test" data from AE:
  DELETE FROM  VIRSA_AE_RQD_APLAP
  DELETE FROM  VIRSA_AE_RQD_APL
  DELETE FROM  VIRSA_AE_RQD_CSFLD
  DELETE FROM  VIRSA_AE_RQD_FWD
  DELETE FROM  VIRSA_AE_RQD_UPFL
  DELETE FROM  VIRSA_AE_RQD_MTGTN
  DELETE FROM  VIRSA_AE_RQD_PDPRL
  DELETE FROM  VIRSA_AE_RQD_POCAP
  DELETE FROM  VIRSA_AE_RQD_RLCF
  DELETE FROM  VIRSA_AE_RQD_RLAPV
  DELETE FROM  VIRSA_AE_RQD_RLPRL
  DELETE FROM  VIRSA_AE_RQD_SODCF
  DELETE FROM  VIRSA_AE_RQD_USERS
  DELETE FROM  VIRSA_AE_RQD_WFCLD
  DELETE FROM  VIRSA_AE_RQD_WFTRN
  DELETE FROM  VIRSA_AE_RQ_HST
  DELETE FROM  VIRSA_AE_DATA
  DELETE FROM  VIRSA_AE_CSTMDATA
  DELETE FROM  VIRSA_AE_INT_TRIG
  DELETE FROM  VIRSA_AE_REQ_DTL
  DELETE FROM  VIRSA_AE_RQD_ATCH
  DELETE FROM  VIRSA_AE_RQD_ORGRL
  DELETE FROM  VIRSA_AE_RQD_RLCF
  DELETE FROM  VIRSA_AE_RQD_WPCLD
  DELETE FROM  VIRSA_AE_RQD_WPFWD
  DELETE FROM  VIRSA_AE_RQD_WPHST
  DELETE FROM  VIRSA_AE_RQD_WPTRN
  DELETE FROM  VIRSA_AE_RQD_WFHST
  DELETE FROM  VIRSA_AE_REQD_HDR
  This will delete all requests from AE and you will be able to edit workflow configuration again.
  Cheers,
  Alexi

• EBusiness Suite User "Auto-provisioning" with Object Form

  eBusiness Suite User RO has two forms, 1 Object Form and 1 Process Form
  I want to configure access policies to auto-provision EBS RO to OIM users (particularly Staff/Full-time users).
  On the Resource Object configuration, I checked Auto-Save. This enables my Object Form to be automatically saved during auto-provisioning. I have pre-populate adapters attached to my Object form, such that during auto-provisioning the fields are pre-populated based from a user's profile in OIM.
  However, my problem is, my pre-populate adapters always get xelsysadm attributes and not the user's (whom the request is being created for).
  You may ask why I needed the Object Form?? I could have just discard my object form from the Resource Object, and directly populate values in the Process Form.
  However, I have a business requirement, that eBusiness Suite User can also be self-requested for certain users (contractor, contingent) which are not part of the auto-provisioning/access policy. This is why I still needed my Object Form.
  Is there a way that auto-provisioning and self-requests works both ways under one Resource Object?

  Well that's something crucial with OIM request model. AFAIK in such cases the information for requester is populated and since invocation of access policy is through sysadmin so the information of XELSYSADM is populated.
  Rather what I would suggest is that attach these pre-populate adapters to the process form and skip flow of the data from Object->Process form. So your request model remains intact and the information you want to pre-populate is also done. Hope this should work and is viable for you.
  Thanks
  Sunny

• Access Enforcer 5.2 - auto-provisioning error

  Hi all,
  i have come across strange quirk in AE 5.2 that is causing my client some issues.  During UAT, a scenario was tested for a new user request with two roles with different role managers.  The results i obtained were as follows:
  1.  Role manager 1 rejects 1st role then role manager 2 approves 2nd role (in that order).  Expected result is that the user is created and the 2nd role is provisioned in the system.  Actual result was that user was created and 2nd role was provisioned in system.  PASS
  2.  Role manager 1 approves 1st role and then role manager 2 rejects 2nd role (in that order).  Expected result is that the user is created and the 1st role is provisioned in the system.  Actual result was that the request was closed and no auto provisioning was done.  FAIL
  For some reason, AE is only picking up the last approval/rejection when deciding whether to auto-provision or not.  So when the last role manager rejects their role that was requested, AE closes the entire request and does not provision other roles in the request even though they were already approved.  If the last role manager approves their role that was requested, AE will provision access according to the roles that were previously approved/rejected.
  This does not occur for multiple roles that have the same role manager, as they are able to reject some roles and approve others without any problems with the provisioning.  Config is set up so that the role manager stage approvals are at the role level, and approval type is "all approvers".  We have also configured auto-provisioning type as "Auto provision at end of request" and provision effective immediately as "Yes".
  Any ideas what is going on?
  Thanks,
  Alexi

  Hi all,
  i've tried to resolve this issue by changing the configuration, however this has not resolved it.  I've attached the audit log of two requests for the same roles, only difference is the order of the role approvals.  In request 226, the first role manager approved their role and the second role manager rejected their role and AE did not auto-provision the approved role (the whole request appears to be rejected). 
  Request 226 Submitted by Alexi Tsafos(k01232) on 07/30/2008 15:44 
     YBC:ROLE_921-QAS Role Added
     YBC:ROLE_922-QAS Role Added
     ZU:COMMON-QAS Default Role Added By system
     Request submitted for approval by Alexi Tsafos(K01232) on 07/30/2008 15:44 
    Approved By Alexi Tsafos(K01232) Path ERP_NEW and Stage LINE_MANAGER on 07/30/2008 15:44 
     ZU:COMMON-QAS Role Approved
     YBC:ROLE_921-QAS Role Approved
     YBC:ROLE_922-QAS Role Approved
     Request submitted for role level approval by Carmen Richardson(K01231) on 07/30/2008 15:45 
    Approved By Carmen Richardson(K01231) Path ERP_NEW and Stage ROLE_MANAGER on 07/30/2008 15:45 
     YBC:ROLE_922-QAS Role Approved
     Request submitted for role level rejection by Alexi Tsafos(K01232) on 07/30/2008 15:45 
    Rejected By Alexi Tsafos(K01232) Path ERP_NEW and Stage ROLE_MANAGER on 07/30/2008 15:45 
     YBC:ROLE_921-QAS Role Rejected
     Request Closed By Alexi Tsafos(K01232) on 07/30/2008 15:45 
     Auto provisioned for request on 07/30/2008 15:45 
  In request 227, the first role manager rejected their role and the second role manager approved their role and AE auto-provisioned the approved role. 
  Request 227 Submitted by Alexi Tsafos(k01232) on 07/30/2008 15:50 
     YBC:ROLE_921-QAS Role Added
     YBC:ROLE_922-QAS Role Added
     ZU:COMMON-QAS Default Role Added By system
     Request submitted for approval by Alexi Tsafos(K01232) on 07/30/2008 15:50 
    Approved By Alexi Tsafos(K01232) Path ERP_NEW and Stage LINE_MANAGER on 07/30/2008 15:50 
     ZU:COMMON-QAS Role Approved
     YBC:ROLE_921-QAS Role Approved
     YBC:ROLE_922-QAS Role Approved
     Request submitted for role level rejection by Carmen Richardson(K01231) on 07/30/2008 15:50 
    Rejected By Carmen Richardson(K01231) Path ERP_NEW and Stage ROLE_MANAGER on 07/30/2008 15:50 
     YBC:ROLE_922-QAS Role Rejected
     Request submitted for role level approval by Alexi Tsafos(K01232) on 07/30/2008 15:50 
    Approved By Alexi Tsafos(K01232) Path ERP_NEW and Stage ROLE_MANAGER on 07/30/2008 15:50 
     YBC:ROLE_921-QAS Role Approved
    Auto provisioned for request on 07/30/2008 15:50 
     New User: AETEST20 created on 07/30/2008 15:50 in System(s): QAS.
     Role: ZU:COMMON assigned to user: AETEST20 in System(s): QAS.
     Role: YBC:ROLE_921 assigned to user: AETEST20 in System(s): QAS.
     Request Closed By Alexi Tsafos(K01232) on 07/30/2008 15:50 
  As described in an earlier post, the stage config is set for "role" level approval by "any approver".  I've also tried "role" level approval by "All approvers" and have the same problem. 
  Any ideas?
  Thanks,
  Alexi

• CUP Auto Provisioning Error 260: User Comparison

  I am in the process of configuring the CUP 5.3 module within our ECC and SRM environments.  I believe the path and associated stages are established properly.  I have tested the auto provisioning functionality within both SRM and ECC.  As it relates to SRM, the auto provisioning functionality works without a hitch.  However, when I attempt to auto provision a user into our ECC environment, I receive the following error:
  Auto provisioned for request on 04/07/2010 13:41 
     New User: T00522 created on 04/07/2010 13:42 in System(s): DR4-300.
     User attributes changed for User : T00522 in System(s) :DR4-300.
     Role Provisioning failed for System(s) : DR4-300. Error Message : 260:User master comparison incomplete; see long text
  Speaking with out security team, the only time they have seen this issue was when they attempted to map a user, using PFCG, to a role.  However, I informed them that CUP uses SU01.  They have not experienced such an issue using SU01 and clicking on the user comparison button. 
  Interesting point:  The user record is created and roles assigned to user but have a red light indicator by the role within SU01.  However, when the next day rolls around the role has been changed to a Green light, profile assigned and everything is looking good.  Unfortunately, CUP can't seem to register this and when the Role Owner attempts to approve the role / user request again.  The same error occurs and until I can get around this error, the workflow is not closed out nor is the requester notifiied.
  Questions:
  (1)  How can I fix this issue, I assume it will require a security change to be made within the ECC environment?
  (2)  If this issue can't be fixed, can I get around this issue with a detour or other CUP error processing step?

  Denoted below is the log that corresponds to the 260 comparison error.  Does anyone know what access I am missing within the UME.  I have tested this provisioning process, manually, and do not run into a Comparison error within the SU01 screens:
  2010-04-27 13:44:54,748 [SAPEngine_Application_Thread[impl:3]_31] ERROR com.virsa.ae.service.ServiceException: 260:User master comparison incomplete; see long text
  com.virsa.ae.service.ServiceException: 260:User master comparison incomplete; see long text
       at com.virsa.ae.service.sap.SAPProvisionDAO.executeRoleOperation(SAPProvisionDAO.java:1706)
       at com.virsa.ae.service.sap.SAPProvisionDAO.assignRoles(SAPProvisionDAO.java:1458)
       at com.virsa.ae.service.sap.ProvisionSAPUserDAO.provisionInNonCUA(ProvisionSAPUserDAO.java:1232)
       at com.virsa.ae.service.sap.ProvisionSAPUserDAO.provisionRole(ProvisionSAPUserDAO.java:932)
       at com.virsa.ae.service.sap.ProvisionSAPUserDAO.provisionUser(ProvisionSAPUserDAO.java:118)
       at com.virsa.ae.accessrequests.bo.ProvisioningBO.autoProvision(ProvisioningBO.java:216)
       at com.virsa.ae.accessrequests.bo.RequestBO.autoProvisioningForApprove(RequestBO.java:4572)
       at com.virsa.ae.accessrequests.bo.RequestBO.callAEExitService(RequestBO.java:5565)
       at com.virsa.ae.accessrequests.bo.RequestBO.callExitService(RequestBO.java:5339)
       at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:5191)
       at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:4984)
       at com.virsa.ae.accessrequests.actions.RequestViewAction.confirmRequestApproval(RequestViewAction.java:941)
       at com.virsa.ae.accessrequests.actions.RequestViewAction.execute(RequestViewAction.java:103)
       at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(AccessController.java:219)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  2010-04-27 13:44:54,927 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.accessrequests.bo.RequestAuditHelper : logMajorAction() :   : intHstId : 3068
  2010-04-27 13:44:54,972 [SAPEngine_Application_Thread[impl:3]_31] ERROR no dtos exist which are in the same state as the passing dto
  com.virsa.ae.core.ObjectNotFoundException: no dtos exist which are in the same state as the passing dto
       at com.virsa.ae.workflow.bo.WorkFlowBOHelper.getIfUnapprovedPathExists(WorkFlowBOHelper.java:2662)
       at com.virsa.ae.workflow.bo.WorkFlowBOHelper.handleWFForNewPathStage(WorkFlowBOHelper.java:2516)
       at com.virsa.ae.workflow.bo.WorkFlowRequestRerouteHelper.rerouteRequest(WorkFlowRequestRerouteHelper.java:68)
       at com.virsa.ae.workflow.bo.WorkFlowBO.rerouteRequest(WorkFlowBO.java:614)
       at com.virsa.ae.accessrequests.bo.RequestBO.rerouteRequestForAutoProvisioningFailure(RequestBO.java:6897)
       at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:5239)
       at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:4984)
       at com.virsa.ae.accessrequests.actions.RequestViewAction.confirmRequestApproval(RequestViewAction.java:941)
       at com.virsa.ae.accessrequests.actions.RequestViewAction.execute(RequestViewAction.java:103)
       at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(AccessController.java:219)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  2010-04-27 13:44:55,394 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.accessrequests.actions.RequestViewAction : confirmRequestApproval() :   : setting context to true, ending context
  2010-04-27 13:44:55,414 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.RequestDataForwardDAO : findTransactions() :   : sbQuery : SELECT REQNO, REQPATHID, STAGE_NAME, FWDED_BY, APRVRID, ITERATION, FORWARD_TYPE, STATUS FROM VIRSA_AE_RQD_WPFWD WHERE REQNO = ?
  2010-04-27 13:44:55,486 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.SAPConnectorDAO : findAllActiveSAPConnectors :   :  going to return no of records= 3
  2010-04-27 13:44:55,495 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.OracleAppsConnectorDAO : findAllActiveORACLEConnectors :   :  going to return ImmutableList(empty)
  2010-04-27 13:44:55,498 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.PACSConnectorDAO : findAllActivePACSConnectors :   :  going to return ImmutableList(empty)
  2010-04-27 13:44:55,502 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.WSConnectorDAO : findAllActive :   :  going to return ImmutableList(empty)
  2010-04-27 13:44:55,505 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.ApplicationDAO : findAllForContext :   :  going to return ImmutableList(empty)
  2010-04-27 13:44:55,532 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.RequestDataSODConflictDAO : findAllForContext(SqljContext ctx)  :   :  going to return ImmutableList(empty)
  2010-04-27 13:44:55,535 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.RequestDataSODConflictDAO : findAllForContext(SqljContext ctx)  :   :  going to return ImmutableList(empty)
  2010-04-27 13:44:55,540 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.RequestDataMitigationDAO : findAllForContext(SqljContext ctx)  :   :  going to return ImmutableList(empty)
  2010-04-27 13:44:55,579 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.accessrequests.actions.RequestViewAction : pageLoad() :   : INTO the method
  2010-04-27 13:44:55,580 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.accessrequests.actions.RequestViewAction : pageLoad() :   : request number : 154
  2010-04-27 13:45:14,055 [SAPEngine_Application_Thread[impl:3]_18] INFO  com.virsa.ae.dao.sqlj.RequestTypeDAO : findAll :   :  going to return no of records= 20

• Access Enforcer (error in creating a request)

  Hi All,
  when i am creating a new request in Access Enforcer . After filling alll the details and clicking the submit button it is showing  a error in creating request .Path not found.

  Hello,
  You must have to select at least one condition attribute while creating your initiator. It seems initiator condition not meeting the details you are filling in your request. So it is not able to trigger the workflow initiator.
  For simple scenario, if you are filling your company details in your request then change your initiator condition attribute to "Company".(Don't include more condition attributes for now). Once it works out then change initiator details back to your requirements.
  Please let me know if this will not resolve your issue.
  Thanks
  Himadama

• CUP Provisions user to SAP successfully but gives "Auto-Provisioning" error

  Hi All,
  I'm getting an "auto-provisioning" error in CUP when a "Change Account" workflow is approved. The strange thing is, CUP does successfully provision the change to the SAP backend. Yet, the "New Account" provisions successfully without the error.
  Here is an example of the audit trail log from Change Account:
  Request submitted for approval by Dylan Hack(HACKDY) on 06/28/2010 17:14 
  Approved By Dylan Hack(HACKDY) Path AE_AUTO_APPROV_ERROR and Stage AE_AUTOPROV_ERR on 06/28/2010 17:14 
     Approved FI_xxxxx-DEV role for Add action with validity dates 06/28/2010-12/31/9999
     Approved FI_xxxxx-DEV role for Add action with validity dates 06/28/2010-12/31/9999
     Approved FI_xxxxx-DEV role for Add action with validity dates 06/28/2010-12/31/9999
     Approved FI_xxxxx-DEV role for Add action with validity dates 06/28/2010-12/31/9999
  Auto provisioned for request on 06/28/2010 17:14 
     User Provisioning failed for System(s) : DEV. Error Message :
     Role: FI_xxxxx assigned to user: testngin in System(s): DEV.
     Role: FI_xxxxx assigned to user: testngin in System(s): DEV.
     Role: FI_xxxxx assigned to user: testngin in System(s): DEV.
     Role: FI_xxxxx assigned to user: testngin in System(s): DEV.
  Request submitted for reroute by system on 06/28/2010 17:14 due to auto provisioning failure 
     Rerouted in the Path : AE_AUTO_APPROV_ERROR and Stage : AE_AUTOPROV_ERR to Path : AE_AUTO_APPROV_ERROR and Stage : AE_AUTOPROV_ERR
  Note: the role names were replaced with "xxxxxxx."
  The system log gives an error, but it is very vague:
  2010-06-28 17:14:34,682 [SAPEngine_Application_Thread[impl:3]_33] ERROR com.virsa.ae.service.ServiceException
  com.virsa.ae.service.ServiceException
       at com.virsa.ae.service.sap.SAPProvisionDAO.intializeWithChangeUserInputParameters(SAPProvisionDAO.java:762)
       at com.virsa.ae.service.sap.SAPProvisionDAO.changeUser(SAPProvisionDAO.java:3457)
       at com.virsa.ae.service.sap.SAPProvisionDAO.changeUser(SAPProvisionDAO.java:3419)
  Any ideas or suggestions?
  Current software level AC5.3 SP12.
  -Dylan

  Hello Varun,
  Thanks for the thought on this. We don't use User Defaults for Change Account, but do for New Account. You question prompted me to do more testing with very interesting results.
  Results
  New Account with User Defaults configured:
  User provisioned successfully, no Auto-Provision error, Defaults NOT provisioned.
  New Account without User Defaults configured:
  User provisioned successfully, no Auto-Provision error.
  Change Account with User Defaults configured:
  User provisioned successfully, no Auto-Provision error, Defaults NOT provisioned.
  Change Account without User Defaults configured:
  User provisioned successfully, Auto-Provision ERROR, Defaults NOT provisioned.
  In both New and Change Account, the configured User Defaults are NOT provisioned even though the user is provisioned. AC5.3 is on SP12, the RTA is VIRSANH SP12 and VIRSAHR SP10.
  For the Change Account, the user is always provisioned regardless of User Defaults; however, when no User Default is configured, the Auto-Provisioning error occurs. The User Defaults NOT provisioning is a real problem, the CUP error message, I can work around for now.
  What about on your side? Am I the only guy using SP12 here?

• Access Enforcer(error in approving the request) and import roles

  Dear all,
  error in approving the request at security stage(last)
  manager and role owner are successfully approved.
  and also importing roles into access enforcer was not successful.
  imortstatus : 0 roles imported of 28 records found.
  please find the system log:
  2008-09-05 13:01:34,625 [SAPEngine_Application_Thread[impl:3]_8] DEBUG com.virsa.ae.service.messaging.MessageFormatter : parseDesc :   : INTO the method : desc :Please specify a file to import.paramNames :paramsMap :{FIELD_NAME=#_!FIELD_NAME#_!}
  2008-09-05 13:01:34,625 [SAPEngine_Application_Thread[impl:3]_8] DEBUG com.virsa.ae.service.cache.AECacheUtil : getResourceBundle :   : INTO the method : en
  2008-09-05 13:01:34,625 [SAPEngine_Application_Thread[impl:3]_8] DEBUG com.virsa.ae.service.cache.AECacheUtil : getResourceBundle :   : INTO the method : en
  2008-09-05 13:01:34,625 [SAPEngine_Application_Thread[impl:3]_8] DEBUG com.virsa.ae.service.cache.AECacheUtil : getResourceBundle :   : INTO the method : en
  2008-09-05 13:01:34,625 [SAPEngine_Application_Thread[impl:3]_8] DEBUG com.virsa.ae.service.cache.AECacheUtil : getResourceBundle :   : INTO the method : en
  2008-09-05 13:01:34,625 [SAPEngine_Application_Thread[impl:3]_8] DEBUG com.virsa.ae.service.cache.AECacheUtil : getResourceBundle :   : INTO the method : en
  2008-09-05 13:02:28,234 [Thread-47] DEBUG

  In Addition to my previous response:
  I meant to include the following:
  Some of the fields that need to be properly defined with attributes are:
         System: must have the know SAP system defined here
         Role Approver (i presently are using most of the roles without having need for approval; I created a user called NOAPPRV in AE)
         Functional Area: need to have all the areas defined that roles will be assigned to
         Company: I only have one company so that's an easy one
  Some areas I presently do not use but found they must ne coded and coded properly:
         ResponsibilityID:   N/A  (coded as is)
         CommentsMandatory: NO (coded as is)
         Parent Role Owner:   NO
         Business Process: NA  (I believe I originally coded N/A and it did not like that)
         Sub Process: NA  (again N/A I believe error on me)
         Reaffirm Period: presently I am using 0 (zero)
         LastReaffirm: presently using 12/31/9999
  Hope this helps a bit
  I wanted to include an attachment with a sample of my Role Import spreadsheet but I'm not sure exactly how to do that; if I figure that out or someone can provide me the process I will include it
  Jerry Synoga
  Ryerson Inc.
  630-758-2021

• Auto Email generation in multiple language in Access Enforcer 5.2

  Hi All,
  We have configured workflow in Access Enforcer 5.2 for autoprovisioning of users in the system. Requestor gets an email in english with the userid and password once the user is provisioned in the system. Now the requirment is to send these emails in different language, which is specific to the user. Like a spanish user should receive the email in spanish language.
  Whether this has anything to do with language setting while user creation.
  Please suggest.
  Thanks & Regards,
  Pravin

  Hi Pravin,
      It has nothing to do with the language settings for the user. This configuration has to be done in closing section of Email reminders under workflow. As per my experience with AE 5.2/CUP 5.3, I don't think this is possible as of now. This could be a good functionality, so you can open an enhancement request with SAP.
  Regards,
  Alpesh

• Error in Risk Analyzer of Access Enforcer

  We are getting the below error in Risk analyzer of access enforcer in the GRC system that we have
  Risk analysis failed: Exception in getting the results from the web service : Service call exception; nested exception is: com.sap.engine.services.webservices.jaxrpc.exceptions.XmlUnmarshalException: XML Deserialization Error. Invalid parser state. This exception is caused when deserializing XML type [http://www.w3.org/2001/XMLSchema] and wrong XML node is found.
  The version of the system is AE 5.2 SP11 (Build-59112)
  could come one help on this?
  Regards
  Bharathwaj V

  Hi alpesh,
  Thanks for your answers.
  We were able to sort out the problem.The problem was with the load balancing at java level.
  We had 2 server nodes and only 1 server node was taking all the requests and so it was choked up.
  Bharathwaj V

• GRC CUP 5.3 Auto provisioning Error

  Hello All,
  This issue is occurring in development system of GRC and works as expected in Quality systems.
  Development system of CUP Jco's connected to the development ABAP stack and
  Quality Systems of Cup Jco's connected to the QA ABAP stack .
  All the parameters and the configuration are the same in Dev and QA.
  Now the problem we have is at the last approval stage in the workflow after the approver approves the request (Create/Change) It is erroring out in Auto Provisioning stage with the below message :
  Error provisioning your request. Request no: 75. Error occurred in the system(s) : n/a, error details :
  DEVL1120-TEST_A-USER CREATE-Password is not long enough (minimum length: 10 characters)
  DEVL2120-TEST_A-USER CREATE-Password is not long enough (minimum length: 10 characters)
  If the same approvers goes back into the request and re-approves the Autoprovisioning is completed and the request is closed. For every last approver the first time he tries to approve the message he gets the above errors in development and does not receive the same error in QA.
  The password parameters in the ABAP stack and the Portal Security config are same in DEV and QA. I am not sure if I am missing any information. Any suggestion/Help is appreciated.
  Angara

  Raghu Thanks for your response. Yes I checked all the login parameters in both QA & DEV and compared to those that were user defined Vs Default they were the same with no difference. yet the problem occured in Development system.
  I finally figured out the issue and the surprising part was the error that was issued during auto provisioning is very misleading.
  Our Security team had prototyped CUA and connected to the same development client CUP was connected and forgot to remove the child system from the CUA after their demo was complete.
  By utilizing Debug log mechanisim, it showed the error as BAPI that is used by CUP to create the user was failing due to CUA locking the client with no ability to create the users in child system directly , The error displayed had no connection to the password lenght.
  Thank you all my issue has been resolved and back in business.
  Best Regards,
  Angara Rao

• Risk Analysis Error - Access Enforcer

  Hi Experts,
  I am getting error while running risk analysis in Access Enforcer and the error is
  <b>Risk analysis failed: Exception in getting the results from the web service : Service call exception; nested exception is: java.lang.Exception: Incorrect content-type found 'text/html'
  </b>
  We are using seperate RFC IDs for Access Enforcer connector and Comlaince Calibrator connector.
  Please help me.
  Thanks&Regards,
  Vijay

  Reddy,
  The user must indeed be created in the UME as a Compliance Calibrator user.
  I don't know exactly which role he should be assigned, usually I indicate there my CC admin user-id and password.
  When you see it is working with that user-id, you can try to re-fine the roles.
  Some more info regarding what needs to be set in the URI in case the one I inducated in my previous answer is not working:
  "There are two selectable versions of Compliance Calibrator. If you select 5.0 Web Service, three additional fields appear (URI, UserName, and Password). For the URI field, you need to navigate to the SAP NetWeaver Web Application Server Home page > Web Services Navigator > CCRiskAnalysisService > WSDLs > Standard link of Document, where you will see a list of all web services in the server. Select the desired URI address. If you select Compliance Calibrator 4.0, there is no need to connect to a URI address."
  Karim