No Approvers visible on Access Requests

Similar Messages

• User Management Setup: Registration Process not visible in Access request f

  Hi,
  We are trying to setup a autorisation flow for our responsibilities by using User Management.
  For this I added some roles to the MISC Role category.
  Then I created a registration process for these roles.
  After that I would expect to see the acces request in the Additional acces request page. Unfortunately I don't.
  When I run the view object behind the page, I notice that column umx_reg_services_vl.reg_funtion_id is empty for the roles I added. The seeded authorization that was allready present has a value for this column, and is presented in the screen.
  I am wondering how to add a value into this reg_function_id column. I cannot seem to find the functionality in the User management pages.
  We are on 12.1.2
  Can someone help me out?
  Kind regards,
  Wilro

  Hi,
  You will need to have required permission (atleast read permission) for displaying this content. Access denied is showing at com.sap.portal.system/security/sap.com/NetWeaver.Portal/high_safety/com.sap.portal.heartbeats/components/PortalHeartbeat
  Go to System Admin -> Permissions -> Portal permissions. Expand security zone folder -> sap.com and the subsequent folders in the above path (sap.com/NetWeaver.Portal/..) . Right click the last folder in that path as mentioned above and provide read permissions to the delegated content admin role.
  Regards,
  Harini S

• GRC 10.0 Access Request Creation- Data Source of User Details

  Hi Experts,
  I was doing GRC 10.0 Configuration and found a query which I am not able to resolve.
  While creation of any kind of Access Request in GRC through NWBC> Acces Management Tab>Access Request>Access Request Creation.
  In the user details section, I can see the HR records( like Pernr, position, manager) have been visible to some extent.
  My question is where from these details came in GRC. What configuration we should maintain to achieve these HR records?
  Hope to get a quick response as this is one of the requirement of the implementation which I am doing with my customer.
  Thanks,
  Atanu

  Alessandro,
  Thanks for your response. It helped me to know certain things.
  But when I am navigating to SPRO > GRC > Access Control > Maintain Data Sources Configuration > [User Detail Data Source], it is configured with a ECC system in target connector and User data type is maintained as "SU01".
  Now my question is where from in my case the GRC is pulling the HR records (PA20) like PERNR, POSITION,PERSONEL AREA etc? SU01 does not provide these information. My ECC box is integrated with HR module, so is it taking the data from HR directly?
  Thanks in advance!
  Atanu

• GRC 10.0 Access request Management Audit

  Hello All,
  Can Anyone let me know what  Auditors Check When they Audit GRC 10.0 Access request Management (excluding Configuration).
  Thanks
  Mohammed Wasim

  Hi,
  ARM supports key ITGC controls for user access management, so probably audit would also cover:
  - review of updated processes & controls
  - check (based on sample) if all requests were properly approved
  - review of correctness of approvers assignment
  - verification if what was requested was provisioned
  - timely removal of terminated access
  - review of SoD controls embedded in process
  - periodic review of user access
  and maybe some more controls. In most cases it will be sample based testing so auditors may ask for a sample of requests to trace them to back-end systems and opposite sample of changes in users privileges to verify if proper requests were prepared for those changes...
  Sometimes they could perform more tests on configuration and process, but this is up to particular auditor.
  Best regards, Andrzej

• Access request form fields changing if request is self or other

  Hi SAP experts,
  When open a new Access Request all the fields from the EUP work as expected with designated mandatory fields and visible fields (attachment "AC other") but for some reason when I change the "Request For:" dropdown to some other value (in this example "Self") all the fields become visible and Mandatory disappears (attachment "AC Self") what can I do to correct this behavior?
  Note: If I assign the default value as "Self" and then change the field to "Other" I get the same results (all visible fields) so is something that happens when changing "Request For:" dropdown.

  Hi Jonathan,
  Can you check webdynpro component : GRAC_UIBB_ACCESS_REQUEST once because i think there might be code written to hide fields in onselect( ) action of request type.
  PFB the snapshot for reference.
  If not, pls check WDDOINIT( ) method of view V_SELECT_USER as shown below
  PS : Compare your code with the attached file code.
  If still the issue exists, Pls refer to this note : 1670922.
  Hope this helps you.
  Thanks
  KH

• Blank Screen while opening Access Request.

  One of our role approvers is getting blank screen while opening an Access Request to approve and also getting blank screen doing search for the access request. See attached. Please advise. Thank you.
  v/r,
  Mitesh

  Hello Mitesh,
  if the issue with only specific approver then check authorization
  if the issue with all approvers then check below Note
  1890137 - Blank screen or only header information comes on the Access Request screen
  Regards
  Baithi

• Access request number pending with which approver in backend?

  Hi All,
  Is there a way to see particular Access request numbers are pending with which approver in BACKEND grc system?
  Thanks for any inputs

  Dear Sush,
  as Suvonkar mentioned you can use Search Request screen to find pending approval requests. If you press Instance Status button you can see approvers for each path/stage.
  Instance Status:
  Also it is possible to see in the Audit Log.
  Regards,
  Alessandro

• Approving the access request gives error in Sharepoint Foundation 2013 / Email notification codepage problem

  Hello
  On our SharePoint Foundation 2013 server approving Access Requests fails with "request approval failed" after pressing the approve button. The user is site administrator, site collection administrator and site owner.
  In the ulsviewer we see the following error:
  System.NotSupportedException: No data is available for encoding 1033.     at System.Text.Encoding.GetEncodingRare(Int32 codepage)     at System.Text.Encoding.GetEncoding(Int32 codepage)     at Microsoft.SharePoint.Email.SPMailMessageHelper.GetSocialNotificationMailMessage(SPWeb
  web, String senderAddress, String senderName, Boolean useSenderAddressAsFromAddress, String recipientAddress, CultureInfo recipientCulture, String subject, String sidebarHtml, String descriptionHtml, String customMessageHtml, List`1 embeddedAttachments)    
  at Microsoft.SharePoint.SPSharingEmailHelper.SendAccessRequestsEmail(SPCachedItemEventProperties eventProperties, SPUser sender, String message, SPUser recipient, String recipientEmailAddress, String strSubject, String body)     at Microsoft.SharePoint.SPSharingEmailHelper.SendRequestorNotification(SPCachedItemEventProperties
  eventProperties, String objRequestedTitle, SPUser reqByUser, SPUser reqForUser, String message, Boolean isMessageUpdate, Int32 status)     at Microsoft.SharePoint.SPAccessRequestsOperationHandler.HandleStatusChangingToApprove(SPCachedItemEventProperties
  properties, Int32 reqByUserId, Int32 reqForUserId, Int32 newStatus, SPUserCollection users, SPGroupCollection groups, IEnumerable`1 roleDefs)     at Microsoft.SharePoint.SPAccessRequestsOperationHandler.HandleRequestStatusChanging(SPCachedItemEventProperties
  properties, SPUserCollection users, SPGroupCollection groups, IEnumerable`1 roleDefs)     at Microsoft.SharePoint.SPAccessRequestsOperationHandler.ItemUpdating(SPCachedItemEventProperties properties, SPUserCollection users, SPGroupCollection
  groups, IEnumerable`1 roleDefs)     at Microsoft.SharePoint.SPAccessRequests.UpdateItem(Int32 newStatus, SPUser reqFor, String convStr, String permType, Int32 permissionLevel, Boolean extendInvitation, String anonLinkType, SPList accReqList,
  SPListItem item, SPUserCollection users, SPGroupCollection groups, IEnumerable`1 roleDefs)     at Microsoft.SharePoint.SPAccessRequests.ChangeRequestStatusCore(Int32 newStatus, SPUser reqFor, String convStr, String permType, Int32 newPermissionLevel,
  Boolean extendInvitation, String anonLinkType, SPList accReqList, SPListItem request)     at Microsoft.SharePoint.SPAccessRequests.ChangeRequestStatus(Int32 itemId, Int32 newStatus, SPUser reqForUser, String convStr, String permType, Int32
  permissionLevel, Boolean extendInvitation, String anonLinkType, SPWeb web)     at Microsoft.SharePoint.SPAccessRequests.ChangeRequestStatus(Int32 itemId, Int32 newStatus, String convStr, String permType, Int32 permissionLevel)    
  at Microsoft.SharePoint.ServerStub.SPAccessRequestsServerStub.ChangeRequestStatus_MethodProxy(XmlNodeList xmlargs, ProxyContext proxyContext)     at Microsoft.SharePoint.ServerStub.SPAccessRequestsServerStub.InvokeStaticMethod(String methodName,
  XmlNodeList xmlargs, ProxyContext proxyContext, Boolean& isVoid)     at Microsoft.SharePoint.Client.ServerStub.InvokeStaticMethodWithMonitoredScope(String methodName, XmlNodeList args, ProxyContext proxyContext, Boolean& isVoid)    
  at Microsoft.SharePoint.Client.ClientMethodsProcessor.InvokeStaticMethod(String typeId, String methodName, XmlNodeList xmlargs, Boolean& isVoid)     at Microsoft.SharePoint.Client.ClientMethodsProcessor.ProcessStaticMethod(XmlElement
  xe)     at Microsoft.SharePoint.Client.ClientMethodsProcessor.ProcessOne(XmlElement xe)     at Microsoft.SharePoint.Client.ClientMethodsProcessor.ProcessStatements(XmlNode xe)     at Microsoft.SharePoint.Client.ClientMethodsProcessor.Process() 449c7b9c-6cec-f09a-9792-3d76c4d7e351
  The server is running on an English Windows 2012 Server and also the English version of SharePoint Foundation 2013 with the June 2013 CU.
  We see exactly the same error when add users to a group with the option "Send an email invitation" enabled.
  Any ideas what could cause this problems?
  Regards,
  Reinhard

  Hi Reinhard ,
  According to your error message, it says that no data is available after  encoding the social notification mail message. It  should be caused by the E-Mail encoding setting.
  For troubleshooting your issue, please check the character set of your E-Mail Settings:
  Verify that the user account that is performing this procedure is a member of the Farm Administrators group.
  On the Central Administration Home page, click System Settings.
  On the System Settings page, in the E-Mail and Text Messages(SMS) section, click Configure outgoing e-mail settings.
  On the Outgoing E-Mail Settings page, make sure
  Character set setting is  65001(Unicode UTF-8).
  Best Regards,
  Eric
  Eric Tao
  TechNet Community Support

• User Management - How to submit Additional Access Request on behalf of employee

  User Management - how can we configure "Access Requests" so that Managers can submit Additional Access Requests, or Initial Access Requests on behalf of employee?
  Have looked at "Manage Proxies" but this seems to allow access to everything - not ideal
  Please assist with knowledge and/or experience
  Many Thanks
  Me

  Additional Access Request Registration Process is complete
  Giving access to User Management to users is not an option.
  What I would like is the scenario below - is this achievable?
  When employee goes to iProcurement > Preferences > Access Requests > Request Access | they can submit an access request on behalf of themselves.
  Would like an option where a manager, navigates to same UI as above, has option to choose a subordinate, and request additional access on their behalf
  The table UMX_REG_REQUESTS has columns REQUESTED_FOR_USER_ID & REQUESTED_BY_USER_ID - so it seems they don't have to be same person (manager can submit request on behalf of an employee)
  Can this be achieved through UI for "Access Requests"?

• HOW TO CONFIGURE MANAGER or APPROVER USER IN ACCESS REQUEST MANAGEMENT TO APPROVE OR REJECT REQUEST

  hi sap gurus,
  i configured grc 10 system successfully. I created one user: GR_AR_APP001 and assign following roles:
  SAP_GRAC_ACCESS_APPROVER
  SAP_GRAC_ACCESS_REQUEST_ADMIN
  SAP_GRC_FN_BASE
  SAP_GRC_FN_NUSINESS_USER
  and I maintained GR_AR_APP001 in access control owners as "POINT OF CONTACT", "SECURITY LEAD" and "WORKFLOW ADMINISTRATOR"
  but when i am creating access request for new user and defining MANAGER under user details tab as GR_AR_APP001.
  the user GR_AR_APP001 is not receiving any request for APPROVE or REJECT in his WORK INBOX.
  can u please guide me how to configure APPROVER or MANAGER to approve or reject request.
  I will be very much thankful if you guide me successfully.

  Hi Colleen,
  thanks a lot for your time.
  PIC1: I created one user: GR_AR_APP001
  and assigned all the GRC ROLES.
  PIC2: I assigned owner type to GR_AR_APP001 user : POINT OF CONTACT, SECURITY LEAD and WORKFLOW ADMINISTRATOR in NWBC ACCESS CONTROL OWNERS
  PIC3: I created one EUP 980 (copied from default EUP)
  PIC4: I maintained default manager as GR_AR_APP001 user in 980 EUP
  PIC5: I selected SAP_GRAC_ACCESS_REQUEST process id
  PIC6: I created one agent id as ZGRAC_MANAGER11 in which I added approver user id: GR_AR_APP001
  PIC7: I saved agent id
  PIC8: I added agent id as ZGRAC_MANAGER11 in stage5 in manager stage.
  PIC9: I saved
  PIC10: I maintained EUP 980 (in which I configured manager as GR_AR_APP001 user) in stage 5 task settings
  PIC11: Maintain Route Mapping, I clicked on next
  PIC12 and PIC13: I saved and activated.
  After this process I created one request for new account and selected the manager as GR_AR_APP001 and one request is created with request no 9000000030.
  now I logged into system by user GR_AR_APP001 and checked, there is no request under his work inbox.
  please guide me at least one procedure, how to receive request in approver work inbox so that I can learn other procedures to configure approver as per our organization requirement.
  thanks for your support Colleen.

• SharePoint 2013 - Site Settings - Users and permissions - "Access Request and invitations" link missing

  I am site collection administrator and have configured the outgoing email in Central administration but "Access Request and invitations" link  is missing, pl advice any additional configurations for this link to show up
  I was though able to configure access requests by going to Site Settings->Users and permission and on the ribbon selected "Access Request Settings"
  What is the difference in either of the approaches?
  Thanks
  Abhishek

  Hi there,
  I noticed this post, and didnt really find an appropriate solution to your issue. I noticed the same issue when dealing with Access Requests. First of all to make sure that the Request feature is enabled, you need to access 
  Site Settings -> Site Permissions -> Access Request Settings -> Make sure the
  'Allow access requests' option is enabled.
  The Allow access screen just allows you to enable the feature and also to specify a email address that notifications are sent to. Whereas the 'Access Requests and Invitations' section provides a screen to manage Access Requests and request history.
  I noticed then that the Access Requests and Invitations link under 'User and Permissions' didnt actually appear until someone actually requests to join the site. It seems that this is needed to display the screen. Once actioned once, the option stays there.
  Hope it helps

• How to delete i.e. clear the pending access requests list from Access request page in SharePoint 2013

  Hi Team,
  I am site collection admin of a SP13 site. The issue is we have added some of the users manually after we got requests from them for site access. But this has left those users as pending on Access requests page. We don't want that list to stack up.
  I can not decline those requests as those users will be notified with declined mail. I searched for clearing the list of those pending requests but did't find any guidelines for this. 
  Is there any way I can do this. Any help is appreciated thanks in advance  

  You might consider using PowerShell to remove unwanted items from the "Access Requests" list of the web site.  This list holds all of the access requests including pending, declined and approved.  The following example demonstrates removing
  the first item from the list.  Please note, I'm not aware whether or not there are any negative side effects to removing items from this list so doing so would be at your own risk.
  $web = get-spweb https://yoursharepointsite
  $list = $web.lists["Access Requests"]
  $list.items[0].delete()

• Access Denied Error while accessing "Site Settings Access requests and invitations"

  Hi,
  I am getting Access Denied Error while accessing "Site Settings > Access requests and invitations" in SharePoint  2013 online. Currently I am the owner of the site and have "FULL CONTROL" access. I am able to access using
  site collection account. So, what permission I have to give my regular account to access this page?
  Thanks, Pal

  Hello,
  Have you recently changed the Owners group of the site collection or removed the user from the original owners group? 
  The reason I am asking is when the Access requests and invitations list are created, the permissions are given only to the default owners group at the time that the Access Request list was created.  If this "regular account" is not part of that owners
  group, the user will receive access denied.  Site Collection Admins always have permissions for the Access Request List.
  A workaround for the Access Denied issue is listed in the KB article http://support.microsoft.com/kb/2911390/en-us.  By giving the correct group or user the permissions to this list, the users will not receive
  the Access Denied issue anymore.  
  Preferably, in order to grant the user the full permissions ( you will see features like resending invitations may still fail after implementing the above workaround) there is one other workaround that may be required depending on what the original issue
  was.  Below are additional steps to restore full functionality.
  1)Access the /_layouts/15/permsetup.aspx of the site collection, make sure the default Owners Group
  is set correctly.  (There is a group selected)
  2) Add user to that Owners Group.  (Issue may be resolved at this step if the site collection Owners
  Group was never changed, if not continue to next step.)
  3) Implement workaround on http://support.microsoft.com/kb/2911390/en-us, by adding that owners
  group as Full control on Access Request list Permissions.
  Let me know how this works out for you.
  - Shpendi Jashari

• Error while trying to submit Access request to GRC from IDM

  Hello
  We have SAP IDM 7.2 SP8 installed and done all the prerequisite for connecting to GRC AC 10 as in configuration document.
  We are trying to submit request to GRC using Standard GRC provisioning framework task ( AC Validation) but pass: Submit AC Request fails with error: "Pass stopped by script"
  Is there anything wrong with the script which put RoleData details since its getting aborted ?
  I tried providing Role name directly in Role data attribute inside the action task and got following error:
  Error
  putNextEntry failed
  storingcn=IDMUSR0023,ou=useraccessrequest,o=grc
  Exception from Add operation:javax.naming.NamingException: [LDAP: error code
  82 - (GRC User Access Request:82:Script execution failed)]; remaining name
  'cn=IDMUSR0023,ou=useraccessrequest,o=grc'
  I checked VDS Logs and there was one error :
  Additional message = msgcode=4;msgdescription=Mandatory field ITEM NAME  is empty in line no 1 ;msgtype=ERROR
  From where exactly ITEM NAME field value will be fetched and pass to GRC for request creation ?
  Regards
  Deepak Gupta

  Thanks Christopher
  I got my issue fixed, There was issue with my GRC Initial load job which couldn't enrich repository privileges and hence the issue was coming since script wasn't able to find GRC ROLE ID and Application ID attribute from privileges.
  Regards
  Deepak Gupta

• Access request List issue after migration

  I have migrated site sharePoint 2013 from metalogix tool.
  Migration is from SharePoint 2013 to SharPoint 2013
  I am getting one strange error while approving "Permission request" send by the users.  I have matched columns of  Access Request list(Hidden) from original site to New site , columns are matching, and also I have checked every column
  on migrated site, ther are opening without error, so why I am getting this error , there are no logs for this.
  One thing is diffrent is that on migrated site I am not gettign any data from Permission column check below, however On original site I am gettign data for this Permission column , what can be an issus ?
  Please mark answer , if you think answer is helpful or correct.

  Hello WillAdams92,
  It seems you are experiencing permissions issues. You can repair permissions using Disk Utility, which comes with all Macs. The following article provides more information about the feature:
  About Disk Utility's Repair Disk Permissions feature - Apple Support
  Thank you for contributing to Apple Support Communities.
  Cheers,
  Bobby_D