on 2013 Apr 30 3:56 PM
Hello SAP-Experts,
i have some issues with the Password Self-Service (PSS).
I'm on GRC 10.0 SP12.
I have 2 Plugin/backens systems: the GRC box my himself and another ERP6.0, were GRCPINW SP12 is installed.
My issue:
I have registered the Security Questions.
In step 1 I answer the questions -> in step 2 I select a backend system.
When I submit the PSS action, the error " Password reset failed: no valid Email-id maintained for user id" appears and nothing happens.
Thanks in advance for your help
Edgar
I found that the user has to have an email address in your main User Source. Once this is populated I then had to run the transaction GRAC_REP_OBJ_SYNC / program GRAC_REPOSITORY_OBJECT_SYNC to pull through the updated details and this fixed the issue.
A useful tip was using the End User Login feature if you log on with the user in question and click My Profile you could see the email address defined and found this a quicker option if you didn't know what tables to go trawling through.
Thanks
Nathan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Edgar
Go to SPRO > SAP Reference IMG > Governance, Risk and Compliance > Access Control > Maintain Data Sources Configuration and make sure you have Connectors setup for each of the Data Sources. I would then run the GRAC_REPOSITORY_OBJECT_SYNC program again for the Connector you are using as your User Source and then attempt it again.
GRACUSER is the right table to get the user's email if it's being populated correctly. Setting up this should fix it.
Thanks
Nathan
Hi Nathan,
you were 100% right.
defining the main user cource in SPRO > SAP Reference IMG > Governance, Risk and Compliance > Access Control > Maintain Data Sources Configuration + GRAC_REPOSITORY_OBJECT_SYNC fixed this issue!!!!
This customizing step seems to missed in the configuration guides!
Thank you 🙂
Dear Edgar,
I am facing the same problem and did couple of things as suggested but could not get the result. What I did is below:
1. maintained LDAP as: User Search/Detail/Authentication Data Sources
2. Changed User Detail Data Sources to GRC System and synched fully. I could see the email id maintained in SU01 for all the users. But still got the same error.
When I tried to synch from LDAP, I got below error:
I assigned below objects with full value to my ID and again tried to sync, but still got the same error.
Can you suggest further?
Regards,
Faisal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Colleen,
In LDAP transaction code, I can search the user for which I am trying to reset the password. Connection is active in here and believe, it is working fine. Please suggest otherwise.
I an unable to understand what is that stopping synching from LDAP connector. Secondly, do I need to sync from LDAP connector for this email ids to be recognized?
I also tried to change the User Data source to GRC system (kept User Data Source as LDAP) where I got the email id maintained in SU01. But still did not work.
Do you think this combination of Data Sources is not working?
Regard,
Faisal
Hi Faisal
The only things I can think to rule out are:
Possibly check Marketplace to see if any related notes?
Regards
Colleen
Hi Colleen,
Thanks for your reply.
I see a problem while syncing from LDAP (I opened another thread). The user synchronization is getting completed successfully but it is not pulling any users.
Regards,
Faisal
additional info:
Although the Sync-Jobs don't bring any errors in SLG1, none role from the bachend systems are displayed e.g. in the access request workflow or Role Maintenance...
So maybe the Sync-Jobs could be a reason... but on the other hand there are no errors in SLG1...?!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI Edgard
Does your WF-BATCH user have an email?
Also, check out the GRACUSER table for the user to see if there is an entry for email address for that user. The user synch will populate GRACUSER and GRACUSERCONN
if the user is not in GRACUSER table with a valid email you need to run the synch again.
Hi Colleen,
yes, the WF-BATCH user have an email and the Firefifhter Email Notifications work fine.
thats why i can not understand why the PSS doesnt work and bring the error "Password reset failed: no valid Email-id maintained for user id"?!
I checked the GRACUSER table and every user in this table has an email in fileds EMAIL and EMAIL SH. Only in field USER HR EMAIL is no entry, but i dont wanna use HR anyway.
any other suggesstions?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.