Hi All,
We are currently on GRC SP13. I could see lot of community members also working on same SP. There are lot of issues in GRC SP13. I am just updating the issues with relevant SAP notes here just to make it easy for the guys who come across the issues just like mine :smile:
There are still lot of issues which we are working on and will update this blog regularly based on our issues and fixes.
Access Request (ARQ)
Password Self Service (PSS) - Issues
In Password Self Service (PSS) when the user clicks on
“Register Security Questions”. Users can add questions using either Admin defined or User defined option.
As shown below “User Defined Questions” has spelling mistake where “DEFINED” is spelled as “DEFINDED” and this can be fixed using SAP note
1907848 - UAM: Incorrect text for User Defined Questions
1600374 - CUP: Admin and user questions option not configuration
EUP Issues
Below SAP notes are implemented for issues regarding EUP.
1897794 - UAM: Request for value not coming from EUP in model user
1842378 - Default roles are getting added though they don’t exist in BE
Role Mapping Issues
Below SAP notes are implemented for issues regarding role mapping.
1900076 - UAM: Role mapping not working based on parameter 2015
2014524 - Common mapped role deleted on removing one of parent
Provisioning Settings Issues
Below SAP notes are implemented for issues regarding provisioning settings.
1966404 - UAM: System level provisioning settings not considered correctly
Role and Function Approval Workflows
During Role and Function approvals, below SAP notes are implemented for resolving comments pop up issue.
2044309 - During role and function approval, Comments popup is opening in case of approval and rejection without checking the configuration
1906672: Removed Function apprear in Risk Approval Request
Risk Approval Workflow - Issues
In case of risk approval workflows, Title was not coming in header while opening the risk for approval as shown below.
Fix the issue using SAP note
1921318 - Risk Approval Screen - Title is not coming in header
2049421 - Forward with Return for Risk Approval WF issue
Mitigation Control Maintenance Workflow - Issues
In case of mitigation control workflows,no message is shown to the approver if one approver forwards the request to another approver.
Fix the issue using SAP note
2050047 MIC Upon Forward no successful message
Business Roles - Issues
Before discussing about business roles issues, please go through below SAP note on business roles which explains all Pros and Cons of business roles
1981001 - Recommendations: Using business role provisiong in access request
Business roles are not supported in GRC with “RETAIN” provisioning action. But in SP13 users are able to submit access requests with business roles having “RETAIN” provisioning action.
To fix this please implement the SAP note 1982339 - UAM: End user is able to submit request for business role with retain provisioning action
In case of Business roles having common technical roles, role de-provisioning is not happening correctly.
To fix this please implement the SAP note
1930923 - UAM:-Business role removal is not working correctly in Access Request
1922082 UAM: Rejected business roles are getting provisioned
1951749 UAM: Business role not provisioned correctly in language other than English
Role Import - Issues
Role Import in GRC SP13 is not showing all roles in the preview and as well as not importing all roles based on role range.
To fix this issue please implement the SAP note 1897975 - Role import does not show roles in the preview
Firefighter Login - Issues
When FF user is logging in with the assigned FF ID system is throwing dumps.
To fix this issue please implement the SAP note 1800347 - Short Dump on FF Login
Risk Analysis - Access Request - Issues
1938722 - Risk analysis icon incorrect in access request
Default Roles - Access Request - Issues
2056035 - UAM: Role descrip not displayed for default Roles
1842378 - Default roles are getting added though they dont
2061875 - UAM: Role description for default roles not displa
Mitigation Control – Issues
Create Mitigation control and assign Risk and Approver/ Monitor to that control.
Click on Save/Submit button.
Error comes: "Saving Note Failed"
To fix this issue please implement SAP note 1890058 - "Saving note failed" error comes while saving Mitigation Control
Create Mitigation control and assign Risk and Approver/ Monitor to that control. The AC Reports are not displayed in the "Reports" tab of a mitigation control
Error message Action is inconsistent with system is displayed when you add a new AC report to a mitigation control and save/submit.
To fix this issue please implement SAP note 1902129 - Unable to save Mitigation control after adding AC Report
Mitigation control assignments which are already deleted are still showing up in GRC system.
To fix this issue please implement SAP note
1873361 - Performance issue with GRAC_REPOSITORY_OBJECT_SYNC
LDAP Issues
2025895 - UAM: Users not searched from HR/LDAP connectors if real-time search parameter 2050 is YES
1867742 UAM: Manager information is missing in request submission
Access Request - MultiUser Request - Issues
1864399 and 1886411 - Incorrect Template - Multiuser Request
User Access Review (UAR) - Issues
UAR Requests are being generated for expired users or locked users though excluded in the filter criteria. Also UAR requests contains indirectly assigned roles like Child roles of Composite roles.
To fix this issue implement below SAP notes
GRC System
1970118 - UAM: Expired and locked Users and indirect role assignment are also display in UAR request
1988134 - UAM: Dump on executing UAR job for user group and indirect assignments displayed in UAR request
1917837 - UAM : Connector based brf + rule is not working
1997960 - Unable to generate request for UAR/SOD.
2103409 - UAR: UAR approved request shows in work inbox util refresh.
1988128 - UAM: Missing line items with forward and return in UAR
Issue
UAR Requests are still showing up even after approval in work inbox until click on refresh button
2103409 - UAR: UAR approved request shows in work inbox until refresh.
User Defaults - Issues
2020712 - UAM: User group not provisioned after approval
Delegated Approver - Mail Issues
1589130 - GRC AC 10.0 - MSMP Notification Override BADi - En
1915928 - Delegated approver is not visible in instance status
1887512 - Incorrect approver list shown in instance status
Enterprise Portal Integration with GRC - Issues
1889792 - UAM: Portal sync results in time out/ Portal Object
Synchronization Jobs – Issues
We are facing an issue related to the roles assigned to the users in the target system. When roles have been removed from users in the backend. They are still visible with existing assignments overview in GRC system (even after sync).
This results in provisioning error when requesting a "retain role" request. Plug-In system then gives error message that the role is invalid (because it was not assigned anymore to the user).
Once the roles are removed in the target system, they should not appear again under the existing assignments in GRC.
If this kind of issue is happening then the Synch jobs are not working fine and there is some issue with these.
To fix this issue implement below SAP notes
Target (Plug-In) System
1970532 - Audit log gives wrong information about role removal, the validity of the role is not getting changed in the backend systems
GRC System
1934813 - UAM: Incorrect audit log message for role assignment and provisioning error for multiuser ...
Missing Notification Variables and Notifications Issues - GRC SP13
Notification variables like Request Reason, Comments, Approver First Name, Approver Last Name and Approver Full Name are missing.
To enable these variables please implement below SAP notes.
1971842 - Request reason notification variable is not available in Access Request workflow
1917639 - UAM: Adding Comments and approver name variables in Access Request approval mail
Symptom:
Symptom 1: Validity dates and user id are not shown in the submission notification for the system entry.
Symptom 2: In submission notification, some text available in English and not able to translate in any other language.
Symptom 3: Provisioning variable shown roles whose Allow Auto-provisioning value is No and which have not been provisioned to the user.
Symptom 4: Create an access request to assign roles to an existing user in CUA child system. The closing notification contains wrong message of user creation.
Symptom 5: Notification variable %submission% for EAM/FF access approval does not contain System level information and validity dates information like FF_XXX Superuser access added to the request for action assign.
To fix this issue implement below SAP notes
1907911 - UAM: Incorrect text in submission & provisioning variable
Email Notifications - Issues
SAP Note 2018395 - E-mail Notifications cannot use HTML
Unlock Account - Valid To Date Issue
2069094 - For Unlock Action type Valid To Date for user is coming from
Escalation Notifications - Role Owner Stage - Issues
2008881 - Approved request items are also escalated
2000779 - UAM: Escalation on roleowner stage not working