on 09-30-2014 3:04 PM
Hi Thr,
We have an issue when maintaining a parent role in GRC 10 SP10.
ISSUE --> Inactivated Auth objects getting deleted/activated in Parent role post creation&generation of derived & parent roles in BRM
Please update at the earliest as this is a critical issue in hand.
Regards,
Arun
Dear Arun,
please see the following note that might help to solve the issue:
http://service.sap.com/sap/support/notes/1903906
Let me know if you need further details.
Best regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Alessandro,
We have implemented the note as mentioned and issue still exists in production. It works in development though.
Please suggest on the same on the reason for issue & relevant fix.
FYI..
As you know, the note has 2 prerequisites within as below.
The 1st one is not applicable for our system & the 2nd one has been implemented.
Finally, the suggested note is also implemented and we still find the issue as mentioned above
Prerequisites | ||||||
|
Thanks
Arun
Hi Arun,
wondering a bit that it works in dev but not in prod? Did you transport all the changes to prod? So actually if it fixes the error in dev then it should also work in prod.
Can you check if you have any difference in customizing or any open transport to prod that might affect this case?
Regards,
Alessandro
Hi Alessandro,
Point 1 - All our GRC systems are connected to the ECC DEV system for brm role creation/change. Than the role changes are transported accordingly.
So, when creating a role in ECC DEV from GRC PRD it does not work. However, it works in ECC DEV from GRC DEV.
Point 2 - The notes suggested by you are implemented in the ECC DEV and are not transported as this system is for BRM role creation/change. One the creation or change is successful here, it will be transported to quality and then to production.
Point 3 - The configuration is same across the landscape.
Please update on this situation and fix accordingly.
Regards,
Arun
Hi All,
The below is the situation right now.
The inactivated auth objects in the parent role get deleted post generation of parent roles.
The derived roles stay in the Define Role phase and so could not be generated at all.
Notes implemented so far.
1903906, 2002343
Please update on the issue and relevant possible fix.
Thx
Arun
Hi Arun,
Did you confirm the button "Propagate to Derived Roles" in phase "Maintain Authorizations"?
"Define" phase lets you to manage the phase for the role.
You can check for the Mass roles update and set the phase as Completed psot making all the required changes.
Note#1903906 (to be implemented in satellite systems) is exacly for the issue which you are facing with the inactive authorization object deletion part.
Not sure,about your configurations and connectivity paths.
Point 1 - All our GRC systems are connected to the ECC DEV system for brm role creation/change. Than the role changes are transported accordingly.
So, when creating a role in ECC DEV from GRC PRD it does not work. However, it works in ECC DEV from GRC DEV.
Did you correctly perform the integration scenarios for ROLMG. It's clearly due to the integration scenarios.
Check once again for the configuration settings, integration framework
Regards,
Ameet
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.