GRC-AC CUP 5.3 SP11 UAR Admin Review

Similar Messages

• GRC AC CUP LDAP configuration

  Dear team,
  I am facing issues with one of my LDAP connections. Users beloning to one particular LDAP are not able to login to the self-provisioning link on CUP. The system log returns 'nulpointer' exception, which generally comes on incorrect  logon credentials.
  I have checked the user in the connector. It exists and is working well.
  The only point is this LDAP is my 6th. How do I make this working?

  Assuming  User Data Source is pointing to LDAP;
  Please  check the  Connector User[Configuration Tab-> Available Connectors->select the LDAP Connector]  between the LDAP and GRC AC CUP is locked .Unlock It and save .
  Then check is TEST CONNECTION is successful.
  Regards
  Ajit.

• GRC AC CUP 5.3

  Hello Team,
  SAP GRC AC CUP 5.3 , SP15
  While clicking on the Change log history under configuration tab and  NewAccount Request type from end user form getting below mention error
  Application error occurred during the request procession.
  Details:   com.sap.engine.services.servlets_jsp.server.exceptions.WebIOException:
  Error compiling [/scrLeftNav.linkChangeLogConfig.do] of alias [AE] of J2EE application [sap.com/grc~aeear].
  Please help me to know the issue.
  Thanks,
  Jagat

  Hi JagatBir,
  As suggested by Frank, initial data files are required to be uploaded each time we apply a new patch.There was some issue in SP15 initial files, so a new set of files are available on SMP, check if it can help. I found that only ERM file was updated, so might not be of any use for CUP issue.
  Additinally check if below application is running -
  sap.com/grc~aeear
  Go to visual administrator> Server> Services > Deploy>web services container--> sap.com/grc~aeear
  If it is stoped, start it. If it is running, you may try giving a restart.
  Let us know how it goes.
  Regards,
  Sabita

• GRC and CUP and Mobiliity question

  Hello GRC friends:
  In an environment where GRC and CUP are configured and working, the question came to me,
  can the requests for the Firefighter ID be sent to a mobile device?
  The person responsible for the request approval must now sign on thier PC.
  Are there any known impediments to sending these to say an iPAD to be approved?
  Thank you in advance for your assistance.
  Regards,
  Joe Gonzales
  856 912 1136

  HI Josep!
  There are some applications for mobile devices that you'll be able to find here: http://ecohub.sap.com/store/mobility
  This particular application is for GRC approval:http://ecohub.sap.com/store/mobility/catalog/#!solution:SAPGRCAccessApprover
  I don't know the cost and if it's available in your country neither....
  Cheers,
  Diego.

• CUP v5.3 SP11.1 - CUP Request button "Existing Roles/Groups"

  Hi!
  Re: CUP v5.3 SP11.1 - CUP Request button "Existing Roles/Groups"
  Can anyone explain why some of our CUP users will see this CUP button in the CUP Request and others will not? Are they missing a UME "ACTION"?
  The button works fine, but it only shows up for some users and not others.
  Thanks for your help!
  -john

  Hello ,
  For Approvers , the button "Existing Roles /Groups" will be visible only when the following "stage" level setting is set
  Change Request Content = Yes
  Add Role =Yes .
  Regards
  -Ranjiv

• Deleting roles from GRC AC CUP

  Hi
  We had GRC 5.3 installed with SP05. We have archived all our existing requests and are trying to delete some of the roles from CUP. However when trying to delete the role it is giving a message "Cannot delete because this is referenced by request". Is there something else which i need to take care of? Will application of latest support packs help in this situation?
  Appreciate your help regarding the same.
  Thank you.
  Anjan Pandey

  Hi Anajan,
  I feel some requests are still exist in GRC CUP for that particler role. Please follow the below steps and try to delete the Role  again.
  Go to  CUP configuration tab  > click on Request option under the workflow> choose deleting requests > next> then its asks to delete all requests and then choose Submit option.
  once you click on submit button, you will get the message all existing requests are deleted with Job id.
  finally go to the Roles and delete the required roles form the GRC CUP.
  Regards,
  Arjuna.

• How to delete stale request from GRC AC CUP

  Hi,
  I have defined certain workflow which are no more required and should be removed from the wrokflow to avoid any confusion. I am not able to delete the workflow defined since they are tagged to some of the requests which are not approved and are currently available to be approved. How can I delete these old workflow which in not required in future without impacting the configuration setting from GRC CUP.
  Thanks,
  Abhimanu

  Hi Abhimanu,
       You may close open requests by configuring stale requests. Take the following steps from configuration.
  Navigate to Request --> Stale reqeuests
  from action dropdown select enable and no of days field enter no of days any request should wait before it should go to closed status.
  Schedule a background job to review  all open req. against the Stale Requests setting. Any req. meets the criteria will be automatically closed.
  Hope this should help to close those.
  Regards,
  Asok

• Unable to connect Enterprise portal with GRC AC CUP

  Hi Guru's ,
  We are configuring Portal with CUP so that we can provision portal roles. We have installed RTA in EP ( both producer and consumer) and have set up the connector portals We have setup the parameters of the connectors as below. Not sure why when I am trying to import role this is not working. Can you please help.
  ASSIGN_ROLES:OC
  saprole
  ASSIGN_GROUPS:OC
  sapgroup
  CHANGE_USER:OC
  sapuser
  CREATE_USER:OC
  sapuser
  CREATE_USER:password
  password
  DELETE_USER:OC
  sapuser
  LOCK_USER:OC
  sapuser
  LOCK_USER:islocked
  true
  LOCK_USER:type
  CHANGE_USER
  ROLESEARCH_URI
  http://server:port/UserroleSearchForAEService_5_3/Config1?wsdl&style=document
  ROLESEARCH_URI_PASSWORD
  password defined for Portal user (for retrieving roles)
  ROLESEARCH_URI_USERNAME
  Portal user id (for retrieving roles)
  ROLE_DATA_SOURCE
  ROLE.UME_ROLE_PERSISTENCE.un :
  SCHEMA_ID
  SAPprincipals
  UNLOCK_USER:OC
  sapuser
  UNLOCK_USER:islocked
  false
  USER_DATA_SOURCE
  Choose data source as configured in Portal UME:
  USER.PRIVATE_DATASOURCE.un:
  USER.R3_DATASOURCE.
  USER. CORP_LDAP.

  Hi GS GRC team,
  Check the below link from RIG that explains you the detailed steps to configure CUP with EP:
  [RIG Document on configuring GRC CUP with EP|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/502a14db-6261-2c10-22b5-95117ab0e5ed?quicklink=index&overridelayout=true]
  Regards,
  Raghu

• GRC AC CUP 5.3 -don't have all pre configured configuration settings

  Hi All,
  we installed all the GRC AC 5.3 components. In the CUP component we see all the WF types (in the miscellaneous screen) but we do not have all their WF definitions (meaning initiator, stages, paths...) - we have those definitions only for the ERM WF.
  Any ideas why is that and can we solve this ?
  Thanks
  Yudit

  Hi Yudit,
  You need to create all of them in CUP according to your company scenarios.
  These are default workflow types through which your workflow will work, but you need to create workflows.
  Even for ERM, you need to create workflows.
  Please refer to Config Guide for AC 5.3, goto -
  https://websmp102.sap-ag.de/~form/sapnet?_SHORTKEY=01100035870000718172&
  In left hand side, click - SAP GRC Access Control - SAP GRC Access Control 5.3 - Configuration Guide - SAP GRC Access Control 5.3
  Hope it helps.
  Thanks & Regards,
  Sabita

• Workflow inititator GRC u2013 CUP

  I need to cancel initiator from workflow of GRC CUP. When i try to delete initiator it says" Error deleting initiator. There are workflow paths associated with this initiator".When i try to deactiviate the path and try to cancel that path of workflow it says  "Error deleting workflow path. There are approximately 10 requests associated with this path".Also i cannot cancel the closed request.Is there anyway to delete it.

  Mouhed -
  If you are just trying to delete the initiator, then you can do this by changing the related path to be a 'Detour' and then removing the initiator.  That should take away the dependency that is preventing you from deleting the initiator.
  You cannot delete a workflow path that has requests associated with it.  However, you should be able to deactivate the path as long as there are no actively open requests associated with it.  If you are running into issues there with closed requests, you could use the 'Archive' functionality to take them out of the active queue.  That should take away the dependency on the workflow path and allow you to deactivate it.
  - Rob

• CUP 5.3 SP6: UAR Config not visible

  Hi there,
  I have gone through the AC 5.3 Config guide and AC 5.3 UAR guide but I cannot
  procede as I do not have the possibility to select function Configuration > User Review
  in our 5.3 CUP application. This function is simply not available in the Config tab list!
  Additionally I have reloaded the xml files from VIRAE and VIRRE and entered the correct URLs for UAR and SOD-Review in Configuration > Miscellaneous.
  Anyhow I guess that our versions AC-RAR 5.3_06.0 and AC-CUP 5.3_06.0 need to be upgraded at least to SP 6 Patch 1 or better SP 7 or 8 to have this function available even the patch notes do not comment on the issue I have described.
  Did anyone experience this issue in the past?
  Regards,
  Markus

  Markus,
      Did you have any version of CUP/AE before? It seems you may have upgraded your CUP from earlier version but have not modified the UME roles to include the action for UAR config. You can check the AEAdmin roles and see if it contains 'ViewSODReviewHistoryReportAction', 'ViewUserReviewStatusReportAction' and 'ViewUARReviewHistoryReportAction'. If it does not then add the action and you will be able to see. If it does then there can be some other issue and you might want to upgrade to latest SP (SP8 Patch1) or talk to SAP about it.
  Regards,
  Alpesh

• CUP 5.3 (SP11) Risk Owner Approval in CUP workflow

  Hello Experts,
  I have a question...
  When you create a risk in RAR, is there any way you can send an approval request automatically to a Risk Owner already set in RAR?
  Unfortunately, there is no such option for risk in the CUP custom approver determinator.
  We want to set risk owners different from business process owners,* and risk owners are the ones responsible for risk approval.
  *We don't want to set the "business process" as an approver determinator.
  I would appreciate your advice.
  HM

  When you create a risk in RAR, is there any way you can send an approval request *automatically* to a Risk Owner already set in RAR?
    - CUP (Page 19/33)?
  Unfortunately, there is no such option for risk in the CUP custom approver determinator.
  There is - Request Type - Attribute
  Please have a look at the following document to create RISK (RAR) approval workflows in CUP (Page 19/33 - CAD):
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/e03cd86c-3aa7-2a10-1aa6-e845902f555d?quicklink=index&overridelayout=true
  Thanks
  Himadama

• GRC AC CUP 5.3 SP06: Single Sign-On

  Has anyone gotten single sign-on with Compliant User Provisioning to work?  I've got my java stack authenticating kerberos tickets through SPNEGO with LDAP as the user data source.  It works fine on every other application (RAR, SPM, ERM) except for CUP, which requires users to login.  Is there anyway to force single sign-on inside of CUP or will my users always be required to type in their passwords for requesting and approving access?

  Daniela,
  Thank you, that's exactly what I was looking for, but I'm currently getting an error stating the following:
  Application error occurred during request processing.
    Details:   com.sap.engine.services.servlets_jsp.server.exceptions.WebIllegalArgumentException: Cannot redirect to "null" location.
  My redirection URL looks like this:
  http://<server>:<port>/RedirectApp/?redirecturl=http://<server>:<port>/AE/index.jsp
  Does that look right?  What support pack were you able to get this working on?

• GRC 10 CUP Email-Notification: Insert Picture

  Hello All,
  I want to include a picture (e.g. a company logo) to the notification emails in CUP. This function is need especially for the system-mails to the requestor and the approver-stages.
  Is there a possibility to do that?
  Thanks and regards,
  Daniel

  As detailed in the How to Customize Notification Templates forAC 10.0 Workflow:
  In the 10.0 release, you cannot include graphical elements for corporate branding in the provided notification templates. Customization is limited to textual messages and hyperlinks
  Julien

• CUP 5.3 SP11.1 - Role Reaffirm - Java Overflow error

  Hi!
  We are currently using the CUP Role Reaffirm.  An user is trying to access the role reaffirm screen, he received an error message:
  Java.lang.StackOverflowError:Null   Exception: (00145EC6363A0065000005F100174014000490DB915AF7A1).
  The application log shows: 3]_20##0#0#Error#1#/Applications/AccessEnforcer#Plain### Ignoring Exception - U
  ser : 10102021  not found to get full name #.
  Does anyone know what this error message is?
  Thank you.
  Lynn

  Hi Alpesh,
  Yes, 10102021 is a valid user id.
  Here is the CUP system log:
  2010-09-22 12:51:04,289 [SAPEngine_Application_Thread[impl:3]_8] ERROR Requested navigation control not found
  com.virsa.ae.commons.utils.framework.ControlNotFoundException: Action not found - loadRequestorLoginPage
       at com.virsa.ae.commons.utils.framework.ScreenDefn.getActionDefn(ScreenDefn.java:141)
       at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:157)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(AccessController.java:219)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
  2010-09-22 13:05:57,833 [SAPEngine_Application_Thread[impl:3]_7] ERROR java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
  java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
       at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.execRiskAnalysis(RiskAnalysisEJB53DAO.java:305)
       at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:277)
       at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:419)
       at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.determineRisks(RiskAnalysisEJB53DAO.java:527)
       at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:103)
       at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
       at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1108)
       at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:335)
       at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:112)
       at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(AccessController.java:219)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
  2010-09-22 13:05:57,835 [SAPEngine_Application_Thread[impl:3]_7] ERROR Exception during EJB call, Ignoring and trying Webservice Call
  com.virsa.ae.service.ServiceException: Exception in getting the results from the EJB service : com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
       at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:295)
       at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:419)
       at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.determineRisks(RiskAnalysisEJB53DAO.java:527)
       at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:103)
       at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
       at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1108)
       at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:335)
       at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:112)
       at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(AccessController.java:219)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
  Caused by:
  java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
       at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.execRiskAnalysis(RiskAnalysisEJB53DAO.java:305)
       at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:277)
       ... 28 more
  Thank you.
  Lynn