Multiple mitigation controls assignment through CUP

Similar Messages

• Multiple mitigating controls assigned to one risk

  Hello experts. We are using GRC compliance calibrator 5.3. We are just starting to implement mitigating controls. The problem we have is we have multiple mitigating controls per risk. Some risks have one control and some have two or three. When we run our risk analysis the resulting report only shows the first mitigating control it finds.
  Just wondering if anyone else has this situation. I wanted to check here before I created a message with SAP.
  Thanks
  Dave

  Dave,
     I think this is how the functionality is. You will have to open a CSS message with SAP.
  Regards,
  Alpesh

• Mitigation controls assignation to users in RAR

  Hi,
  While assigning mitigation control to the users (RAR>Mitigation> Mitigated Users-->Add), it is only possible to assign 1 user at a time...Would it be possible to assign more than 1 user through multiple selection
  Thanks
  Abhijeet

  Abhijeet,
  From that path, you cannot assign multiple users at once however, if authorised, you can upload mitigation controls and within the upload files, you can upload users assigned to them.
  Simon

• AE: Multiple Mitigation controls per risk

  Hi,
  I am currently setting up mitigation controls in CC and am wondering if it is possible to have 2 mitigation controls for a risk?
  It does not look possible, because when assigning access in AE and mitigating the risks,  it is only possible to choose 1 mitigation control per risk. Has anybody managed to set up AE so that you can assign more tan 1 mitigation control per risk?
  Thanks

  Hi Ankur,
  we have multiple activties to be conducted as part of the mitigation control. We wanted to create a seperate control reference for each as they have different monitors. However this does not look possible so we have grouped the activties to one mitigation control.
  Regards,
  Gary

• Maintain Validity Date for Mitigation Control Assignment to Users Virsa 5.2

  We have over 1,000 SoD's all mitigated.  The val;idity date for these mitigation controls needs to be updated.  Does anyone know a way to perform a range of updates so it is not necessary to update each user assigned to a Mitigation Control.

  The only way to do that currently would be to download the table information, edit in Excel and re-upload the table.
  Not for the faint of heart, but doable.
  Frank.

• CUP - Mitigation Controls in a Detour Workflow

  Hello everybody,
  I have a problem with a detour workflow in CUP.
  I choose the detour condition: "SoD violation".
  So in theory, if there is no conflicts the workflow don't take the detour path.
  We supposed that the user request has an SoD conflict.
  In the stage(s) before the detour, if we assign a mitigation control that mitigate the risk, the detour is still taken.
  I think the workflow swich systematically to the detour if the request had a conflict, even if the risks were deleted by an Mitigation Controls assignment.
  Does anyone have a solution to avoid the detour path if we mitigate the risks?
  Thank you in advance!!

  Ben,
     This is how CUP works. There is no configuration which allows you to ignore SOD violaton even if there is mitigation. You will have to live with this for now.
  Regards,
  Alpesh

• CUP-5.3-SP13-Mitigation Controls by rol/users

  Hi all!
  Since RAR consider mitigations contros both by rol and users, If I have the role ZROL1 mitigated for the ID risk P001* then, would be able CUP to consider this mitigation control even when CUP is managing users?
  I mean, if ZROL1 has a mitigation control, would appear at the request the ID risk whenever I add this role to a user?
  Many thanks in advance! any help would be welcomed.
  Margarita.

  Hi Margarita,
  If you want it will consider the role level mitigation controls. So in the request risk violation will not be shown.
  For this u need check the option, consider mitigation control in CUP. Configuration-> Risk anlsysis.
  Also in RAR following things needs to be done.
  RAR Configuration->Risk analysis-> Defaults values.
  Exclude mitigated Risk as yes.
  RAR Configuration-> Risk Analysis ->Additional options
  Include Role/Profile Mitigating Controls in User Analysis  as yes.
  If above values are defined as No. than Risk Voilation will be shown in the request.
  Kind Regards,
  Srinivasan

• Risks has been removed but Mitigating Control still stays with the users?

  Hi all,
      I have a situation where after a risk has been removed from the users by removing the violating roles, however the Mitigating Control still remains tagged to the same user. Is there any efficient way of removing Mitigating Controls from users where the risks no longer exists?

  Hi Joseph, thanks for the info. My problem comes in when the user request to have the violating role removed via CUP and it so happens that the Mitigating Control assigned for the old risk still has 6 more months of validity left. It seem like there is no mechanism to auto remove this MC when the role has been removed after the request in CUP have been approved and auto-provision.
  My problem is that there might be many more of such users with redundant MC assigned to them in RAR. I can't find a way to search for such redundant MCs for cleanup. There is a possibility that when the same roles are assigned back to the users via request in CUP, these redundant MC if applicable will cause the Risk Analysis via CUP to not flag out any SoD issue.

• Query on Mitigation Control

  Hi all,
  We have configured Mitigation Controls and mitigated some of the users. We have the following queries in this regard:
  a) When we run the SoD anlaysis for that particular user we could able to see only half description of the Mitigation Control.
  Is there any limitation for the space or the parameters for the Mitigation Control Description.We are unable to see the entire description of the Mitigation Control (If the mitigation control is more than 7-8 lines) in the Detailed Report screen as well. Even after downloading into a spreadsheet also we are getting only the part of the mitigation control and not the entire description of the mitigation control
  b) A risk ID can be addressed by 2 or 3 mitigation controls. In this scenario,we have assigned 2-3 mitigation controls to one Mitigated user for mitigation. When we run SoD analysis we could able to see only the latest mitigation control assigned to the user in the report format (say out of 3 assigned only the 3rd one assigned is being shown).
  But when we did a search for Mitigation controls with  the Risk ID & User ID combination then it is throwing all the 3 mitigation controls. But the same is not shown in SoD violations reports
  Is there anything to do with the parameters set up or at the configuration side to resolve this.
  Please provide the procedure also in case of any changes to be made at configuration level.
  Thanks and Best Regards,
  Sri

  Hi Vit,
  Thanks for your reply. We crosschecked and you are correct that the space limitation is only for 132 characters in this table.
  Is there a way to get the mitigation control whole description or do we need to stick to this limitation itself.
  Also, when we did a search for Mitigation Control it gives only Mit.ID, Mit Control Desc, BU and Management approver. Whether there are any tables (from SAP Backend) or reports where we can get the Risk Ids including the above addressed by the mitigation controls.
  Thanks and Best Regards,
  Sri

• Implementing Mitigation Control IDs

  Hi,
  We are planning to implement mitigation control ids in GRC. Currently we are only having 1 mitigation control id and all the users are mitigated into this id.
  Now, the plan is to include the mitigation control advise/comments by the SOD approvers into the GRC and thus by introducing multiple mitigation control id we could achieve this.
  In our system users are mapped as per the Business Unit and we have around 25-30 business units. so each BU is have a seprate mitigation control approval (SOD Approver).
  We have around 150 Risk IDs.
  We are not able to understand how to design mitigation control IDs in such case? Is it a best practice to create mitigation control ID for each Risk ID in the system (May be we can group similar Risk IDs)? Your help is appreciated.
  Thanks,
  Umesh

  Hi Umesh,
  No, for 1 Mitigation COntrol there are serveral Monitors and users who are mitigated are added to only 1 mitigation control id.
  Which means you have multiple people monitoring every risk in your system. Does all of the monitors belong to the same functional group?? If yes, what happens if there is a risk in other functional groups? How they can identify and monitor it??
  If no, why a FI functional group monitor, needs to monitor the risk related to other groups?
  Can you pls explain more on primary and secondary functions?
  If the risk is related to one functional area only, the respective functional area will own it. If it is a cross functional risk, then it will be owned by both the functional area managers, which is often referred as primary and secondary functions.
    and what are the disadvantage of creating 1 mitigation control id for each risk (may be grouping some risks) considering the fact that we have 25 business units.
  It is just like giving 1 coke with 100 straws while you still have a stock in your refrigerator
  Regards,
  Raghu

• GRC CUP 5.3 SP16.3 Mitigation Controls automation removal

  Does anyone know that if you create any user requests to remove roles from a user, that if any mitigation controls were assigned to the users for those roles, the mitigating control ids can also be automatically removed from RAR during auto provisioning of the request?
  Right now, GRC CUP, if configured properly, during auto provisioning, will assign the mitigation controls automatically to the userid in RAR to mitigate the risks when the request is processed if the new access will give any SOD violations.  But if you remove the roles from a user and he/she had any mitigation ids assigned in RAR, can the request also automatically remove the mitigated control id associated with it if the user will no longer have that risk?  I have not seen the request automatically remove the mitigated id from RAR when the role was removed from the user id during auto provisioning. But I'm not sure if this requires additional workflow configuration or not.
  Will greatly appreciate if any1 is aware of this issue and how to resolve it. Or is the only solution to manually remove it from RAR..but this can be tiresome..bc then you have to run the report every week or month in RAR to remove the excessive controls assigned if the users do not have the risks anymore..comparing reports from current to previous month, etc.
  Thanks,
  A.

  Hi Alley,
  It is not possible to automate the removal of mitigation controls through a workflow in CUP. The only solution is to review on a regular basis and remove them manually from RAR
  We also has the same issue and performing manual review at regular intervals of the user & role assigned mitigation controls
  Best Regards,
  Srihari.K

• Mitigation control errors out in CUP approval

  We are on GRC 5.3 SP8 and I am trying to create a mitigating control in RAR.  Once it goes for approval into CUP, it erroru2019s out when I try to approve it.  Here is the message:
  2010-05-25 10:57:43,367 [SAPEngine_Application_Thread[impl:3]_9] ERROR com.virsa.ae.commons.utils.StringEncrypter$EncryptionException: Invalid PKCS#5 padding length: 32
  com.virsa.ae.service.ServiceException: com.virsa.ae.commons.utils.StringEncrypter$EncryptionException: Invalid PKCS#5 padding length: 32
       at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.getCCDocument(RequestExitServiceHelper.java:315)
       at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.callCCExitService(RequestExitServiceHelper.java:263)
       at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.callExitServiceForApprovedRequest(RequestExitServiceHelper.java:51)
       at com.virsa.ae.accessrequests.bo.RequestBO.callExitService(RequestBO.java:5391)
       at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:5230)
       at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:5023)
       at com.virsa.ae.accessrequests.actions.RequestViewAction.confirmRequestApproval(RequestViewAction.java:946)
       at com.virsa.ae.accessrequests.actions.RequestViewAction.execute(RequestViewAction.java:103)
       at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(AccessController.java:219)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
  Caused by:
  com.virsa.ae.commons.utils.StringEncrypter$EncryptionException: Invalid PKCS#5 padding length: 32
       at com.virsa.ae.commons.utils.StringEncrypter.decrypt(StringEncrypter.java:200)
       at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.getCCDocument(RequestExitServiceHelper.java:305)
       ... 32 more
  Thanks,
  Peggy

  Hello Peggy,
    Did you recently upgraded your NW Java Support package? If yes, then kindly check the SAP Note "1417651 - Unable to retrieve connector & application configuration"
  The problem is coming due to change in NW encryption algorithm and impacted GRC as well. This is fixed in SP10 of GRC.
  Regards, Varun

• Creating Mitigation Control from CUP

  Hi Guys,
  Is this feature implemented in Access Control???? Or Stills as enhancement

  Hi Alpesh
  In order to your answer... Can you help me to identify what I doing wrong when I want to approve a mitigate control in CUP.
  Path 1 : Approve request
  Stage 1: Request
  Stage 2: Security
  Stage 3: Role Owner
  Detour Path:
  Type: CUP
  Stage: Role Owner
  Condition: SoD Review
  Detour Path: Path 2
  Path 2:
  Stage 1: Approval -- > CAD : Mitigation Monitor
  The request is send to the Mitigation Monitor but when we try to approve request show the next error:
  2010-03-30 14:10:26,390 [SAPEngine_Application_Thread[impl:3]_25] ERROR  Mitigation control TEST_5.1 could not be saved for user PRUEBAGRC_6
  com.virsa.ae.core.BOException: Exception from the service : Mitigation record doesn't exist
       at com.virsa.ae.accessrequests.bo.MitigationControlBO.insertMitigationControl(MitigationControlBO.java:207)
       at com.virsa.ae.accessrequests.bo.MitigationControlBO.saveMitigationControls(MitigationControlBO.java:321)
       at com.virsa.ae.accessrequests.bo.RequestBO.callAEExitService(RequestBO.java:6993)
       at com.virsa.ae.accessrequests.bo.RequestBO.callExitService(RequestBO.java:6748)
       at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:6600)
       at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:6393)
       at com.virsa.ae.accessrequests.actions.RequestViewAction.confirmRequestApproval(RequestViewAction.java:949)
       at com.virsa.ae.accessrequests.actions.RequestViewAction.execute(RequestViewAction.java:104)
       at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  Caused by: com.virsa.ae.service.ServiceException: Exception from the service : Mitigation record doesn't exist
       at com.virsa.ae.service.sap.MitigationControlWS52DAO.checkForSuccess(MitigationControlWS52DAO.java:832)
       at com.virsa.ae.service.sap.MitigationControlWS52DAO.executeUpdateUserMitigation(MitigationControlWS52DAO.java:287)
       at com.virsa.ae.service.sap.MitigationControlWS52DAO.insertUserMitigation(MitigationControlWS52DAO.java:309)
       at com.virsa.ae.accessrequests.bo.MitigationControlBO.insertMitigationControl(MitigationControlBO.java:195)
  Can you help me please?? All URI are OK.
  Thanks !!!!
  Edited by: Karen_sans on Mar 31, 2010 7:45 PM

• Error when trying to approve a mitigation control in CUP

  Hi,
  I have created a Mitigation Control in RAR and set-up the necessary workflow. The request ends up in CUP and the approver is able to see the request when he/she logs in, however the approver cannot approve or reject the request.
  The following error messages appear:
  - Approve: Error processing your request, Request no: 2 in stage : MITIGATION
  - Reject: Error rejecting request no: 2
  I have check the workflow many times now and I have also checked the mitigation URL's.
  Any idea what the problem can be?
  Thanks.

  Thank you for your response. No the approver is not part of the DL. I just added the approver to the workflow (CAD).
  Please find log details below:
  2010-03-18 16:09:32,729 [SAPEngine_Application_Thread[impl:3]_8] ERROR Service call exception; nested exception is:
       com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized. The requested URL was:"http://vgrdci.sap.client.co.za:51900/VirsaCCWFExitService5_2Service/Config1?style=document"
  java.rmi.RemoteException: Service call exception; nested exception is:
       com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized. The requested URL was:"http://vgrdci.sap.client.co.za:51900/VirsaCCWFExitService5_2Service/Config1?style=document"
       at com.virsa.ae.request.ws.cc.Config1BindingStub.execWFExitService(Config1BindingStub.java:87)
       at com.virsa.ae.request.ws.cc.Config1BindingStub.execWFExitService(Config1BindingStub.java:96)
       at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.callCCExitService(RequestExitServiceHelper.java:263)
       at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.callExitServiceForApprovedRequest(RequestExitServiceHelper.java:51)
       at com.virsa.ae.accessrequests.bo.RequestBO.callExitService(RequestBO.java:5335)
       at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:5174)
       at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:4967)
       at com.virsa.ae.accessrequests.actions.RequestViewAction.confirmRequestApproval(RequestViewAction.java:928)
       at com.virsa.ae.accessrequests.actions.RequestViewAction.execute(RequestViewAction.java:103)
       at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:425)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(AccessController.java:219)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
  Caused by:
  com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized. The requested URL was:"http://vgrdci.sap.client.co.za:51900/VirsaCCWFExitService5_2Service/Config1?style=document"
       at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.handleResponseMessage(MimeHttpBinding.java:998)
       at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1449)
       at com.virsa.ae.request.ws.cc.Config1BindingStub.execWFExitService(Config1BindingStub.java:80)
       ... 33 more

• Assignment of multiple credit control areas to single company code

  Hi Friends,
  Is it possible to assign multiple credit control areas to single company code?  If possible please explain
  me how it is possible. Any help will be highly appreciated.
  Thanks a lot in advance.

  Dear Ramesh,
  It is not possible to assign multiple credit control areas to the single company code but you can assign single credit control area to the multiple company codes.
  Relation bet ween company code and credit control area is
  Many  to One
  But not
  One  to Many
  I hope this will help you,
  Regards,
  Murali.