GRC AC V10 - Escalation
Hi experts,
any idea whats wrong with my configuration about the escalation?
I configurate a escalation in the SPM-Process to the escalation-manager, but no Email and no Escalation-Work-Item are available.
Is there any job to run? Who is the escalation manager in the SPM-workflow? This agent is API-standard design.
Thanks,
Alexa
Hi Alexa,
Please have the global escalation set at process settings in MSMP. See note 1720012 - Request getting escalated at every stage, escalation settings.
Also, In Task Settings, the check box should be updated as "routing enabled".
Please refer SAP Note 1603140 to know about escalations:
Regards,
Akhil Chopra
Similar Messages
-
GRC AC v10 SPM WF - Workflow Item not showing up in WF Inbox
GRC AC v10 - SP12
The outlook email notification for the Workflow Item goes out, but there is nothing in the NWBC Inbox for the WF Item. Subsitution is setup correctly.
Any ideas?
-johnHi John
this is probably be a silly question but what substitution did you set up for ZFF_CTL_01? I assume the item is in that user's inbox. Which user is meant to be receiving?
I also noticed this KB article (1589130) which mentions the delegated person needs GRAC_REQ authorisation. Have you checked if security access issue?
There was also mention that the delegated approver does not appear in the MSMP instance runtime (your screen shot suggests same situation unless you have not set up the delegation). SP14 delivers the fix or refer to 1915928 - UAM: Delegated Approver is not visible in the Instance status
Possibly have a look at both of them to see if they resolve your issue.
Regards
Colleen -
Hi together,
I didn't find any config guide or input for the configuration of UserAccessReview UAR.
Can anybody mention the most import steps and jobs?
The RKT info is not that detailed.
Thanks,
AlexaHi Alexa,
I am not sure how much I'll be able to help you without a proper documentation.I'll try my best.
Go to SPRO->GRC0->Access Control->Maintain Configuration settings. Please maintain these values as required.
Parm Group ParmID Parm value Description
UAR Review 2004 011 Request Type for UAR
UAR Review 2005 004 Default Priority
UAR Review 2006 MANAGER Who are the reviewers?
UAR Review 2007 YES Admin. review required before sending tasks to reviewers
SOD Review 2016 010 Request Type for SoD
SOD Review 2018 RISK OWNER Who are the reviewers?
SOD Review 2023 YES Is actual removal of role allowed
Then go to Go to SPRO->GRC0->Access Control->Workflow for Access Control-> Maintain MSMP workflow. Customize the Processid SAP_GRAC_USER_ACCESS_REVIEW. Maintain all the required details. Save and activate it. Now you are ready for review.
For issues follow the SAP Notes: Note 1620495 - GRC 10.0 UAR - Submission failure of request & 1620493 - GRC 10.0 UAR Background Job stuck
Don't forget to implement the note 1622281 after your configuration. Get back if you have any issues further.
All the very best
Regards,
Guru -
GRC AC v10 NWBC: Configure LaunchPad for Menus
I would like to add a new menu Launchpad, but am having trouble getting it to appear in NWBC.
I followed the instructions at: http://scn.sap.com/community/grc/blog/2014/01/31/configure-launchpad-for-menus
However, it still does not appear.
Any help would be appreciated.
thanks,
-johnDear John,
did you authorize the end user for the application? If the user is missing authorization the work center is not applicable in the screen. Hence the user cannot see it.
Regards,
Alessandro -
GRC AC V10 - one approval step for manager and role owner
Hello Community,
I have one, perhaps easy, question. Where is it possible to maintain the solution of one approval step for manager and roleowner, if both are unique.
E.g.:
simple approval workflow: manager stage afterwards roleowner stage afterwards auto-provisioning
So if the request is routed to the manager and the manager is also the roleowner of the requested authorization role (same UserID). The user has to approve one and the same request twice.
Is it possible in V.10 to change the config that the user has only to approve the request once? And then to decide on which relevant stage settings are valid for this process.
Thanks,
AlexaHi Alexa,
We have had a similar questions raised in a project. In an ideal world, a single "Sign-off approval" would be a great functionality where the same user has to approve the same consecutive stages, but the reason for different stages would entail that the responsibilities entailed per stage differ, e.g. Line Manager would just check the over request, and the role owner etc may be reviewing the elegibility of a specifc role etc.
If it is likely to be the same person reviewing the 2 consecutive stages, maybe a single stage workflow would be sufficient to cover this scenario.
I think the logic you are trying to configure in the workflow is possible but will require alot of work with knowing how to create a clever custom workflow with BRF+ or the actual WF stuff in SAP itself. -
GRC AC v10: User Request Field (User Group for Authorisation Check)
Good Day,
I am wondering if anyone has had any success in pulling across the User Group in the User Access Request Form. In EUP Default View settings, this is set as visible and editable. Yet, I am not seeing the field in the AR form. I would expect to see this field in the User Details tab. That being said, I am also curious about the User System Details tab. I would think the User Group will come across in one of these two tabs. Appreciate any insight... ~TrieraHi,
The user group of the selected user would be populated in 'User System Details' tab . This field is not there is user details tab as each system can have different user group and we can have multiple systems in the request .
Please check if the user selected in the request has a usergroup assigned in the detail datasource system.
Best Regards,
Aman -
GRC AC V10 - Mitigation Control Approval Workflow
Hi guys,
can me explain somebody the difference between the processID SAP_GRAC_CONTROL_ASGN und SAP_GRAC_CONTROL_MAINT?
And as well can somebody provide me the initiator rule ID for both so that we can have a detailed look into the brfplus rule.
We only want to mitigate controls via an controlowner approval and not a process for the creation of new controls.
That means an asisgnment approval workflow for mitigation controls.
Thanks a lot.Hello Alexa,
Did you ever employ SAP_GRAC_CONTROL_ASGN ? Were you able to identify the included agents ?
I am interested in identifying approvers for mitigating controls who can be included in the workflow but are not risk owners. Would you have any suggestions for this type of agent ?
Any information would be appreciated.
Thanks,
Jamie -
Hi Experts!
My client has a "stand-alone" ARA impementation and want to have notifications when certain SAP TCodes (ARA Actions) are assigned to userIDs. I cannot find this functionality. Am I just blind?
I have implemented and tested the "Critical Actions" & "Critical Roles/Profiles" functionality. But, they want notification at tcode assignment. Any ideas?
Thanks in advance.
-johnDear John,
there is no such standard functionality. You can check the possibility of monitoring for critical actions so that a notificaiton is sent out when someone executes a critical tcode. But be aware that the notification is sent out after execution and not while assigning tcodes.
Also as you have already mentioned the critical action functionality for access requests. But as you aren't using ARM you cannot check assignments in the workflow. So therefore alternatively you can use the SOD review workflow so that you define the critical actions and send out a workflow when a risk appears.
Let me know if you have further questions.
Regards,
Alessandro -
GRC AC V10 - GRAC_SERVICE agent
Hi experts,
it exists two standard agent rule (GRAC_SECURITY und GRAC_POINT_CONTACT). But where can I define the several users for each agent?
The rule IDs (numbers, only names) aren't available so that we can have a look into the brfplus details.
Thanks for your help,
AlexaHi,
Both of them are Function module based rules and following function modules are used
GRAC_MSMP_POINT_CONTACT_AGENT
GRAC_MSMP_SECURITY_LEAD_AGENT
The list of Security lead and POC is fetched from 'Access Owners' application .
Best Regards,
Aman -
GRC AC 10 on SAP NW 7.3
Hi,
Need your valuable input regarding GRC Access control V 10. I dont have much of knowledge about GRC, but unfortunately I need to collect some information about GRC AC V 10 on SAP NW 7.3.
From my search I think SAP has not released the GRC Access control V10 for SAP NW 7.3 and as per note 1532805 I think its not released yet. Is my understandign right or if any one has installed please give you valuable input.
Also I am trying to serach PAM for GRC AC V10 but unfortunately I cant find any. Any link to the same will be of great relief.
Is there any document related for sizing GRC AC V10? I can find document for 5.3 only.
Any help in this will be of great help to me.
Thanks in advance.We have been communicated that GRC 10.0 was not tested on NW 7.3 We were strongly suggested to use recommended NW 7.02
-
GRC 10 - Job Sync Legacy System large files
When I run the job GRAC_REPOSITORY_OBJECT_SYNC sync with the files from the legacy system, the file "USER_PERMISSION.txt" is about the size of 231 MB, and this happening to this job sincornismo canceled, the error "TSV_TNEW_PAGE_ALLOC_FAILED", the basis verified the memory allocated.
We check the SAP note "1593704 - legacy file upload issue for large files" is already applied in SP05.
Server: SAP GRC AC v10:
[Config My System|http://www.2shared.com/file/rhXVfRcX/My_system.html]
Could you help me with some information to have solved the problem.
grateful
InacioHello Inacio,
I know that this is a very old post, but have you managed to solve this issue?
I've found this note, that is included in SP10
Note 1741277 - Repository Role sync ends with TSV_TNEW_PAGE_ALLOC_FAILED
Have you changed memory parameters in order to solve it?
Thanks!
Diego. -
Role Certification search and notification
Hello,
I have configured role certification functionality in GRC-AC v10.0 SP13, and everything works fine.
When the role owner does the certification, by clicking on the certify button and writing some certification text, this text is saved in the Comments History field in the role. It's fine, but I have two questions:
1) Is there a way to search those certification texts easily, like a list of several roles?
2) When the role owner certifies the role, is there a way to configure some notification to anyone?
Thanks in advance for any help.
Regards,
Gabriel AquinoDear Gabriel,
reagarding your questions to role certification. I don't think that you can search for comments in the web client. Basically comments are stored in long text and hence searching is not that easy. Probably it is possible to search directly in the tables (e.g. you can create a report to search). If you are interested I can search the tables.
Basically role certification is calculated based on the period and the last certification date. After the defined days an email reminder is automatically sent to the role owner. The reminder template can be customized in SPRO. Further notifications are not possible with standard functionality. I suggest to raise an idea on the idea space: https://ideas.sap.com/SAPAccessControl
Best regards,
Alessandro -
Good day,
OK, it seems that I am missing something with GRC 10. We are upgrading from CC4.0 to GRC 10. I believe I have everything configured through SPRO correctly. I can run a risk analysis on end users and I get results. I am now at the point where I put the mitigations into the system but I have seem to run into a snag. When I go to master data > Mitigation, I start to fill in the information but when I try to add a AC Owner I get "No Results Found".
I have tried adding a Owner to a risk and then going back, I have also added a user under "Access Management" tab with "Access Control Owners". I have reviewed almost every node in SPRO and I can not seem to find where I am missing something.
I am sure it is simple since I can not find any documentation on this almost anywhere. We are currently running GRC v10 SP5. We are only planning to use the RAR (5.3 term) portion of AC not the other part (Example: Risk Terminator). Please let me know if there is a simple solution to get a user populated in the AC Owner tab.
Kind Regards,
PaulSome of the GRC Roles ..
SAP_GRAC_ACCESS_APPROVER Role for Access Request Approver
SAP_GRAC_ACCESS_REQUESTER Role for End user
SAP_GRAC_ACCESS_REQUEST_ADMIN Role for Access Request Administrator
SAP_GRAC_ALERTS Generate, clear and delete SOD Alerts
SAP_GRAC_ALL Super Admin for AC
SAP_GRAC_BASE Base Role for all Access Control Users.
SAP_GRAC_CONTROL_APPROVER Create AC MIT control, approve, assign, alert and perform Risk analysis
SAP_GRAC_CONTROL_MONITOR Ability to assign MIT control to Risk and perform risk analysis
SAP_GRAC_CONTROL_OWNER Create AC MIT control.
SAP_GRAC_DISPLAY_ALL Display Access To All AC Objects.
SAP_GRAC_END_USER End User as a GRC Guest
SAP_GRAC_FUNCTION_APPROVER Approve Function for Workflow
SAP_GRAC_NWBC View Access Control Information Architecture.
SAP_GRAC_REPORTS Ability to run all AC reports.
SAP_GRAC_RISK_ANALYSIS Ability to Perform Risk Analysis
SAP_GRAC_RISK_OWNER Risk maintainence And Risk Analysis
SAP_GRAC_ROLE_MGMT_ADMIN Role Management Admin
SAP_GRAC_ROLE_MGMT_DESINGER Role Management Designer
SAP_GRAC_ROLE_MGMT_ROLE_OWNER Role Owner
SAP_GRAC_ROLE_MGMT_USER Role Management Business User
SAP_GRAC_SUPER_USER_MGMT_USER Super User Firefighter
SAP_GRAC_SUPER_USER_MGMT_ADMIN Super User Administrator Role
SAP_GRAC_SUPER_USER_MGMT_CNTLR Super User Controller Role
SAP_GRC_MSMP_WF_ADMIN_ALL MSMP Overall Administrator
SAP_GRC_MSMP_WF_CONFIG_ALL MSMP Overall Configurator
SAP_GRAC_RULE_SETUP Ability to define Access Rules
SAP_GRAC_SETUP Ability to setup Access Control
SAP_GRC_FN_BASE GRC - Base role to run applications
Hope it helps ..
Vikas -
How can I change the escalation manager at support in GRC 5.3?
Anyoone please let me answers for the above question.
Is it from the support link in Configuration tab in CUP?
Regards,
Pankajhi all,
I am facing the same issue of changing the escalation manager in GRC 5.3 . Helpful reviews needed urgently. Thanks in advance. -
WebServices in GRC v10.0
Hi all,
I have three questions to WebServices regarding SAP GRC v10.0:
1. Is it possible with v10 to check permissions via WebServices (SAPGRC_AC_IDM_*) only with the RAR component? In v5.3 it was only possible, if CUP was installed too.
2. Contain the WebService SAPGRC_AC_IDM_RISKANALYSIS in v10 a analysis of critical permissions? In v5.3 only SoDs and critical actions was checked.
3. What is the task of the parameter includeCrossSystemsAnalysis of the WebService VirsaCCRiskAnalysisService in v10? In v5.3 the value of this WebService has no impact to the SoD check (it SHOULD be:
includeCrossSystemsAnalysis == true ==> cross system SoD check
includeCrossSystemsAnalysis == false ==> single system SoD check
But doesn't matter what's the value of the parameter. There is always a cross system check. Has this changed in v10.0?
Regards
PeterHi Peter,
AFAIK the web services have not yet been published.
If you had the web service return violations without the requirement for CUP, what would you do with that information?
I hear that question a lot, I would really like to understand the ideas behind it.
To one of your other questions: cross system check is only possible for dedicated cross system risks. If there are no such risks defined, this will not yield any results no matter what the value of the parameter is.
Thanks,
Frank.
Maybe you are looking for
-
Is it possible to install oracle 11g 32 bit in windows 7 64 bit?
I just need some advice on installing oracle 11g 32 bit on windows 7 64 bit. If its possible to install oracle 11g 32 bit on 64 bit please let me know how. Thanks
-
Passing parameters from jsp to xslt
Hi all, I am trying to pass a variable string from a jsp to xslt . This is the code in the jsp which passes the variables . <c:set var="xsl"> <?xml version="1.0"?> <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:i
-
When I try to enter my Apple TV through iTunes, it closes iTunes
If I have iTunes open and try to select AppleTV to view it's contents, as soon as I select AppleTV, it kicks me out of iTunes
-
Whenever I edit a long webpage in design view, the edit causes a jump to the top of the page. It is extremely annoying to continually have to scroll down to the edit point each time an edit is made. Is there some solution to this?
-
Hello, What if we want to improve the quality of a photograph should always open camera raw? Is it more advisable? thanks