GRC-AC CUP 5.3 SP11 UAR Admin Review
Hi All,
We are on GRC-AC v5.3 SP11 and we are implementing UARs. My question is on the Admin Review functionality. The only "pushbutton" options are "Change" and "Cancel Request(s)". However, we have noticed in our testing that the only ones that get moved from the "Admin Review" to the actual UAR Reviewer WF stage (via the UAR Review Update Workflow background job) are the ones that have been actually changed. Is this your experience? Is there a way to Mass Approve them as ready for the UAR Reviewer WF without touching every single one?
Thanks for your help!
-john
Hi John,
Current version of AC 5.3 doesn't have the option to Mass Approve UAR requests.
The closest you have is, if there is same "Reviewer" & "Coordinator" for each request in a page, then you can select all of them and update them.
"Mass Approval" of UAR requests needs to be an enhancement.
Please follow the note below to request this enhancement.
Note 1083615 - GRC Access Control Enhancement Process
Best Regards,
Sirish Gullapalli.
Similar Messages
-
Dear team,
I am facing issues with one of my LDAP connections. Users beloning to one particular LDAP are not able to login to the self-provisioning link on CUP. The system log returns 'nulpointer' exception, which generally comes on incorrect logon credentials.
I have checked the user in the connector. It exists and is working well.
The only point is this LDAP is my 6th. How do I make this working?Assuming User Data Source is pointing to LDAP;
Please check the Connector User[Configuration Tab-> Available Connectors->select the LDAP Connector] between the LDAP and GRC AC CUP is locked .Unlock It and save .
Then check is TEST CONNECTION is successful.
Regards
Ajit. -
Hello Team,
SAP GRC AC CUP 5.3 , SP15
While clicking on the Change log history under configuration tab and NewAccount Request type from end user form getting below mention error
Application error occurred during the request procession.
Details: com.sap.engine.services.servlets_jsp.server.exceptions.WebIOException:
Error compiling [/scrLeftNav.linkChangeLogConfig.do] of alias [AE] of J2EE application [sap.com/grc~aeear].
Please help me to know the issue.
Thanks,
JagatHi JagatBir,
As suggested by Frank, initial data files are required to be uploaded each time we apply a new patch.There was some issue in SP15 initial files, so a new set of files are available on SMP, check if it can help. I found that only ERM file was updated, so might not be of any use for CUP issue.
Additinally check if below application is running -
sap.com/grc~aeear
Go to visual administrator> Server> Services > Deploy>web services container--> sap.com/grc~aeear
If it is stoped, start it. If it is running, you may try giving a restart.
Let us know how it goes.
Regards,
Sabita -
GRC and CUP and Mobiliity question
Hello GRC friends:
In an environment where GRC and CUP are configured and working, the question came to me,
can the requests for the Firefighter ID be sent to a mobile device?
The person responsible for the request approval must now sign on thier PC.
Are there any known impediments to sending these to say an iPAD to be approved?
Thank you in advance for your assistance.
Regards,
Joe Gonzales
856 912 1136HI Josep!
There are some applications for mobile devices that you'll be able to find here: http://ecohub.sap.com/store/mobility
This particular application is for GRC approval:http://ecohub.sap.com/store/mobility/catalog/#!solution:SAPGRCAccessApprover
I don't know the cost and if it's available in your country neither....
Cheers,
Diego. -
CUP v5.3 SP11.1 - CUP Request button "Existing Roles/Groups"
Hi!
Re: CUP v5.3 SP11.1 - CUP Request button "Existing Roles/Groups"
Can anyone explain why some of our CUP users will see this CUP button in the CUP Request and others will not? Are they missing a UME "ACTION"?
The button works fine, but it only shows up for some users and not others.
Thanks for your help!
-johnHello ,
For Approvers , the button "Existing Roles /Groups" will be visible only when the following "stage" level setting is set
Change Request Content = Yes
Add Role =Yes .
Regards
-Ranjiv -
Deleting roles from GRC AC CUP
Hi
We had GRC 5.3 installed with SP05. We have archived all our existing requests and are trying to delete some of the roles from CUP. However when trying to delete the role it is giving a message "Cannot delete because this is referenced by request". Is there something else which i need to take care of? Will application of latest support packs help in this situation?
Appreciate your help regarding the same.
Thank you.
Anjan PandeyHi Anajan,
I feel some requests are still exist in GRC CUP for that particler role. Please follow the below steps and try to delete the Role again.
Go to CUP configuration tab > click on Request option under the workflow> choose deleting requests > next> then its asks to delete all requests and then choose Submit option.
once you click on submit button, you will get the message all existing requests are deleted with Job id.
finally go to the Roles and delete the required roles form the GRC CUP.
Regards,
Arjuna. -
How to delete stale request from GRC AC CUP
Hi,
I have defined certain workflow which are no more required and should be removed from the wrokflow to avoid any confusion. I am not able to delete the workflow defined since they are tagged to some of the requests which are not approved and are currently available to be approved. How can I delete these old workflow which in not required in future without impacting the configuration setting from GRC CUP.
Thanks,
AbhimanuHi Abhimanu,
You may close open requests by configuring stale requests. Take the following steps from configuration.
Navigate to Request --> Stale reqeuests
from action dropdown select enable and no of days field enter no of days any request should wait before it should go to closed status.
Schedule a background job to review all open req. against the Stale Requests setting. Any req. meets the criteria will be automatically closed.
Hope this should help to close those.
Regards,
Asok -
Unable to connect Enterprise portal with GRC AC CUP
Hi Guru's ,
We are configuring Portal with CUP so that we can provision portal roles. We have installed RTA in EP ( both producer and consumer) and have set up the connector portals We have setup the parameters of the connectors as below. Not sure why when I am trying to import role this is not working. Can you please help.
ASSIGN_ROLES:OC
saprole
ASSIGN_GROUPS:OC
sapgroup
CHANGE_USER:OC
sapuser
CREATE_USER:OC
sapuser
CREATE_USER:password
password
DELETE_USER:OC
sapuser
LOCK_USER:OC
sapuser
LOCK_USER:islocked
true
LOCK_USER:type
CHANGE_USER
ROLESEARCH_URI
http://server:port/UserroleSearchForAEService_5_3/Config1?wsdl&style=document
ROLESEARCH_URI_PASSWORD
password defined for Portal user (for retrieving roles)
ROLESEARCH_URI_USERNAME
Portal user id (for retrieving roles)
ROLE_DATA_SOURCE
ROLE.UME_ROLE_PERSISTENCE.un :
SCHEMA_ID
SAPprincipals
UNLOCK_USER:OC
sapuser
UNLOCK_USER:islocked
false
USER_DATA_SOURCE
Choose data source as configured in Portal UME:
USER.PRIVATE_DATASOURCE.un:
USER.R3_DATASOURCE.
USER. CORP_LDAP.Hi GS GRC team,
Check the below link from RIG that explains you the detailed steps to configure CUP with EP:
[RIG Document on configuring GRC CUP with EP|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/502a14db-6261-2c10-22b5-95117ab0e5ed?quicklink=index&overridelayout=true]
Regards,
Raghu -
GRC AC CUP 5.3 -don't have all pre configured configuration settings
Hi All,
we installed all the GRC AC 5.3 components. In the CUP component we see all the WF types (in the miscellaneous screen) but we do not have all their WF definitions (meaning initiator, stages, paths...) - we have those definitions only for the ERM WF.
Any ideas why is that and can we solve this ?
Thanks
YuditHi Yudit,
You need to create all of them in CUP according to your company scenarios.
These are default workflow types through which your workflow will work, but you need to create workflows.
Even for ERM, you need to create workflows.
Please refer to Config Guide for AC 5.3, goto -
https://websmp102.sap-ag.de/~form/sapnet?_SHORTKEY=01100035870000718172&
In left hand side, click - SAP GRC Access Control - SAP GRC Access Control 5.3 - Configuration Guide - SAP GRC Access Control 5.3
Hope it helps.
Thanks & Regards,
Sabita -
Workflow inititator GRC u2013 CUP
I need to cancel initiator from workflow of GRC CUP. When i try to delete initiator it says" Error deleting initiator. There are workflow paths associated with this initiator".When i try to deactiviate the path and try to cancel that path of workflow it says "Error deleting workflow path. There are approximately 10 requests associated with this path".Also i cannot cancel the closed request.Is there anyway to delete it.
Mouhed -
If you are just trying to delete the initiator, then you can do this by changing the related path to be a 'Detour' and then removing the initiator. That should take away the dependency that is preventing you from deleting the initiator.
You cannot delete a workflow path that has requests associated with it. However, you should be able to deactivate the path as long as there are no actively open requests associated with it. If you are running into issues there with closed requests, you could use the 'Archive' functionality to take them out of the active queue. That should take away the dependency on the workflow path and allow you to deactivate it.
- Rob -
CUP 5.3 SP6: UAR Config not visible
Hi there,
I have gone through the AC 5.3 Config guide and AC 5.3 UAR guide but I cannot
procede as I do not have the possibility to select function Configuration > User Review
in our 5.3 CUP application. This function is simply not available in the Config tab list!
Additionally I have reloaded the xml files from VIRAE and VIRRE and entered the correct URLs for UAR and SOD-Review in Configuration > Miscellaneous.
Anyhow I guess that our versions AC-RAR 5.3_06.0 and AC-CUP 5.3_06.0 need to be upgraded at least to SP 6 Patch 1 or better SP 7 or 8 to have this function available even the patch notes do not comment on the issue I have described.
Did anyone experience this issue in the past?
Regards,
MarkusMarkus,
Did you have any version of CUP/AE before? It seems you may have upgraded your CUP from earlier version but have not modified the UME roles to include the action for UAR config. You can check the AEAdmin roles and see if it contains 'ViewSODReviewHistoryReportAction', 'ViewUserReviewStatusReportAction' and 'ViewUARReviewHistoryReportAction'. If it does not then add the action and you will be able to see. If it does then there can be some other issue and you might want to upgrade to latest SP (SP8 Patch1) or talk to SAP about it.
Regards,
Alpesh -
CUP 5.3 (SP11) Risk Owner Approval in CUP workflow
Hello Experts,
I have a question...
When you create a risk in RAR, is there any way you can send an approval request automatically to a Risk Owner already set in RAR?
Unfortunately, there is no such option for risk in the CUP custom approver determinator.
We want to set risk owners different from business process owners,* and risk owners are the ones responsible for risk approval.
*We don't want to set the "business process" as an approver determinator.
I would appreciate your advice.
HMWhen you create a risk in RAR, is there any way you can send an approval request *automatically* to a Risk Owner already set in RAR?
- CUP (Page 19/33)?
Unfortunately, there is no such option for risk in the CUP custom approver determinator.
There is - Request Type - Attribute
Please have a look at the following document to create RISK (RAR) approval workflows in CUP (Page 19/33 - CAD):
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/e03cd86c-3aa7-2a10-1aa6-e845902f555d?quicklink=index&overridelayout=true
Thanks
Himadama -
GRC AC CUP 5.3 SP06: Single Sign-On
Has anyone gotten single sign-on with Compliant User Provisioning to work? I've got my java stack authenticating kerberos tickets through SPNEGO with LDAP as the user data source. It works fine on every other application (RAR, SPM, ERM) except for CUP, which requires users to login. Is there anyway to force single sign-on inside of CUP or will my users always be required to type in their passwords for requesting and approving access?
Daniela,
Thank you, that's exactly what I was looking for, but I'm currently getting an error stating the following:
Application error occurred during request processing.
Details: com.sap.engine.services.servlets_jsp.server.exceptions.WebIllegalArgumentException: Cannot redirect to "null" location.
My redirection URL looks like this:
http://<server>:<port>/RedirectApp/?redirecturl=http://<server>:<port>/AE/index.jsp
Does that look right? What support pack were you able to get this working on? -
GRC 10 CUP Email-Notification: Insert Picture
Hello All,
I want to include a picture (e.g. a company logo) to the notification emails in CUP. This function is need especially for the system-mails to the requestor and the approver-stages.
Is there a possibility to do that?
Thanks and regards,
DanielAs detailed in the How to Customize Notification Templates forAC 10.0 Workflow:
In the 10.0 release, you cannot include graphical elements for corporate branding in the provided notification templates. Customization is limited to textual messages and hyperlinks
Julien -
CUP 5.3 SP11.1 - Role Reaffirm - Java Overflow error
Hi!
We are currently using the CUP Role Reaffirm. An user is trying to access the role reaffirm screen, he received an error message:
Java.lang.StackOverflowError:Null Exception: (00145EC6363A0065000005F100174014000490DB915AF7A1).
The application log shows: 3]_20##0#0#Error#1#/Applications/AccessEnforcer#Plain### Ignoring Exception - U
ser : 10102021 not found to get full name #.
Does anyone know what this error message is?
Thank you.
LynnHi Alpesh,
Yes, 10102021 is a valid user id.
Here is the CUP system log:
2010-09-22 12:51:04,289 [SAPEngine_Application_Thread[impl:3]_8] ERROR Requested navigation control not found
com.virsa.ae.commons.utils.framework.ControlNotFoundException: Action not found - loadRequestorLoginPage
at com.virsa.ae.commons.utils.framework.ScreenDefn.getActionDefn(ScreenDefn.java:141)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:157)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
2010-09-22 13:05:57,833 [SAPEngine_Application_Thread[impl:3]_7] ERROR java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.execRiskAnalysis(RiskAnalysisEJB53DAO.java:305)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:277)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:419)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.determineRisks(RiskAnalysisEJB53DAO.java:527)
at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:103)
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1108)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:335)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:112)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
2010-09-22 13:05:57,835 [SAPEngine_Application_Thread[impl:3]_7] ERROR Exception during EJB call, Ignoring and trying Webservice Call
com.virsa.ae.service.ServiceException: Exception in getting the results from the EJB service : com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:295)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:419)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.determineRisks(RiskAnalysisEJB53DAO.java:527)
at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:103)
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1108)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:335)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:112)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by:
java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.execRiskAnalysis(RiskAnalysisEJB53DAO.java:305)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:277)
... 28 more
Thank you.
Lynn
Maybe you are looking for
-
Using Like function to search fr results in a database!!
Hi i have created a database for several different clinics in the uk in oracle sql developer. i tried writing the coding for a query but when i run it an error keeps occurring. i want this query to be as a pop up box appears, asks the user to enter t
-
After unzipping the medrec_tutorial, i did,t find build directory
Hi All, I am trying to develop medrec application.I have downloaded the application from the following link http://edocs.bea.com/wls/docs81/medrec_tutorial.zip i did,t find build directory in it.Please send me the link containing all the content requ
-
Indesign CS6 hand tool gets stuck and can't use selection tool
In Indesign CS6 using Mountain Lion, the hand tool appears and I can't select or work with any other tool. All I can do is move the document around. After trying the space bar and other key commands I restarted and it worked for a while. Then it happ
-
Converting video files for AppleTV and Ipod
So I have an Appletv AND and 80 GB Ipod classic. I have some home videos that I would love to be able to play on both my apple tv and Ipod. I currently use ISync, but I have to create a separate file for the AppleTV and the IPOD as using the ipod fil
-
Hello! I habe synchronized my Podcasts from my iMac to my iPad and cannot find them on the iPad.. who can help? Thanks! Susan