cancel
Showing results for 
Search instead for 
Did you mean: 

Inactivated Auth objects getting deleted/activated in Parent role post creation&generation of derived & parent roles in BRM

former_member272370
Participant
0 Kudos

Hi Thr,

We have an issue when maintaining a parent role in GRC 10 SP10.


ISSUE --> Inactivated Auth objects getting deleted/activated in Parent role post creation&generation of derived & parent roles in BRM


Please update at the earliest as this is a critical issue in hand.

Regards,

Arun

Accepted Solutions (0)

Answers (1)

Answers (1)

alessandr0
Active Contributor
0 Kudos

Dear Arun,

please see the following note that might help to solve the issue:

http://service.sap.com/sap/support/notes/1903906

Let me know if you need further details.

Best regards,

Alessandro

former_member272370
Participant
0 Kudos

Hi Alessandro,

We have implemented the note as mentioned and issue still exists in production. It works in development though.

Please suggest on the same on the reason for issue & relevant fix.

FYI..

As you know, the note has 2 prerequisites within as below.

The 1st one is not applicable for our system & the 2nd one has been implemented.

Finally, the suggested note is also implemented and we still find the issue as mentioned above

Prerequisites

Note

Correction

0001608739 Roles generated with incorrect field values for S_TRANSLAT

0120061532 9800  0001357454

0001785026 Derived roles are not getting generated in backend system

0120031469 9800  0001180301

Thanks

Arun

alessandr0
Active Contributor
0 Kudos

Hi Arun,

wondering a bit that it works in dev but not in prod? Did you transport all the changes to prod? So actually if it fixes the error in dev then it should also work in prod.

Can you check if you have any difference in customizing or any open transport to prod that might affect this case?


Regards,

Alessandro

former_member272370
Participant
0 Kudos

Hi Alessandro,

Point 1 - All our GRC systems are connected to the ECC DEV system for brm role creation/change. Than the role changes are transported accordingly.

So, when creating a role in ECC DEV from GRC PRD it does not work. However, it works in ECC DEV from GRC DEV.

Point 2 - The notes suggested by you are implemented in the ECC DEV and are not transported as this system is for BRM role creation/change. One the creation or change is successful here, it will be transported to quality and then to production.

Point 3 - The configuration is same across the landscape.

Please update on this situation and fix accordingly.

Regards,

Arun

alessandr0
Active Contributor
0 Kudos

Arun,

how do you transport roles? Via the ECC or via role generation in BRM?


Regards,

Alessandro

former_member272370
Participant
0 Kudos

Its through ECC dev to quality to production.

Regards,

Arun

alessandr0
Active Contributor
0 Kudos

Hi Arun,

Sorry I have to ask you again. The note 1903906 is for plugin GRCPINW which is also installed in the GRC systems. Did you implement this note in GRC DEV, QUALITY and PROD?

Personally I think this note should really fix the issue.

Regards,

Alessandro

former_member272370
Participant
0 Kudos

Hi Alessandro,

I thought it has to be implemented in back end environment. because the same is mentioned in the note 1903906.

Do you suggest to implement in GRC systems too ? Please update on the same.

Regards,

Arun

former_member272370
Participant
0 Kudos

Hi All,

The below is the situation right now.

The inactivated auth objects in the parent role get deleted post generation of parent roles.

The derived roles stay in the Define Role phase and so could not be generated at all.

Notes implemented so far.

1903906, 2002343

Please update on the issue and relevant possible fix.

Thx

Arun

Former Member
0 Kudos

Hi Arun,

Did you confirm the button "Propagate to Derived Roles" in phase "Maintain Authorizations"?

"Define" phase lets you to manage the phase for the role.

You can check for the Mass roles update and set the phase as Completed psot making all the required changes.

Note#1903906 (to be implemented in satellite systems) is exacly for the issue which you are facing with the inactive authorization object deletion part.

Not sure,about your configurations and connectivity paths.


Point 1 - All our GRC systems are connected to the ECC DEV system for brm role creation/change. Than the role changes are transported accordingly.

So, when creating a role in ECC DEV from GRC PRD it does not work. However, it works in ECC DEV from GRC DEV.

Did you correctly perform the integration scenarios for ROLMG. It's clearly due to the integration scenarios.

Check once again for the configuration settings, integration framework

Regards,

Ameet