on 12-23-2015 1:20 PM
Dear All,
We are facing an issue with ARA component of the GRC 10.1 SP11.
While Running an User Level Analysis for set of users. Report shows expired and locked users in ARA report.
We have already set the configuration parameter 1028 (Include Expired users) and 1029 (Include Inactive Users) as "No".
Please refer the attached screenshot for the reference.
Regards,
Hardik Patel
Dear All,
Request you to implement following notes in respective system:
Notes in GRC System:
1) 2268125 - Deleted and expired user get synched even though customizing
2) 2273193 - Expired users are not getting updated in GRACUSERCONN
3) 2280550 - Expired and inactive(locked) users not getting updated in ta
Note in Plugin System:
1) 2282947 - User Level Access Risk Analysis includes inactive users - pl
Post implementation of notes, Run Repository Synchronization Job for Users in Full Synch Mode.
Then Check the GRACUSERCONN table for indicator values. It should update the indicator with proper values.
Regards,
Hardik Patel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the information Hardik. It seems that these notes only partially fixes the problem, or I may be wrong.
I have applied the notes as mentioned and executed the sync jobs and the table GRACUSERCONN is now updating the EXPIRED field correctly (if a user validity date has been changed in the plugin system)
However, the INACTIVE field is only updating if a user is locked due to incorrect logons. If the user is locked by the administrator, the INACTIVE field is still blank in the table. In my opinion, if a user is locked, whether is Admin/Global or incorrect logons, it should reflect as INACTIVE.
Please advise.
Hi Hardik,
did you get any solution for this issue? We are on the same patch level and have the exact same issue.
I have raised a message with SAP too , still to get any reply.
Regards
Gaurav Duggal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Hardik,
Seems to be users data is not synchronized correctly.
Check in table GRACUSERCONN for expired and locked users status
INACTIVE status should be 'X' for expired and locked users.
Regards
Baithi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the feedback. I have checked and note 2168872 cannot be implemented in our system and I have already applied the notes as per 2253834 because we had a problem where the user type did not update correctly to the GRACUSERCONN table after the sync jobs. The notes resolved the issue with the user type, but the Inactive & Expired fields are still not updating.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.