cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Access Requests are going to ZESCAPE path after system upgrade.

former_member1189878
Discoverer

on ‎2022 Nov 25 9:31 AM

0 Kudos
262

After my GRC system is upgraded to SPS16 my cup requests are going to ZESCAPE path with below error, though the roles are getting assigned to the users.

"You are not authorized to assign user group to roles"

The System type user has already been assigned to S_USER_GRP : CLASS = * and ACTVT = * in the GRC system.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member1189878
Discoverer
‎2022 Nov 29 7:10 AM
0 Kudos

Hi Marcelo,

Thanks for your response!

I checked PRGN_CUST table and value for this CHECK_S_USER_SAS is set to NO.

Also, I gave SAP_ALL and SAP_NEW to RFC user in dev GRC system but ended up with same error.

Are there any other ways to tackle this issue as many CUP requests are getting dumped into ZESCAPE path.

Regards,

Chethan.

Show replies
Show replies
Monsores
Active Participant
‎2022 Dec 08 11:20 PM
0 Kudos

Hi Nagachethan.

Please make sure that you have also upgraded your GRC plugin (GRCPINW) on your target systems together with your main GRC system upgrade (GRCFND_A)

Are you facing this same issue when performing provisioning against any of your target systems?

Another thing that you can try is to enable MSMP debugging (tcode GRFNMW_DEBUG) and check the logs of your access requests (tcode GRFNMW_DBGMONITOR_WD) to see if there is any error reported there.

Regards,

Marcelo

Monsores
Active Participant
‎2022 Nov 29 1:03 AM
0 Kudos

Hi Nagachethan.

Check PRGN_CUST to confirm if maybe your S_USER_SAS checking has been enabled.

Additionally, if this issue is happening also on your Dev or Sandbox system I'd temporarily assign SAP_ALL to your RFC user to quickly be sure that it is an auth issue.

Once (if) you are sure that it is an auth issue you can remove SAP_ALL and do an auth trace for your RFC user to check what is missing.

Regards,

Marcelo Monsores

Show replies
Show replies
Ask a Question