on 05-26-2015 7:50 PM
Hello All,
My Provisioning log is showing duplicate entries. For example, Access Request #116 provisioned 1 role to the user, but I see 3 line items that are all the same in the provisioning log. Any ideas why this is happening or how to correct it?
Thanks in advance!
-Ken
Hi Ken,
after further analysis I was able to re-solve - at least - my issue with the duplicated records.
we found a SAP bug in the coding of the provisioning engine, which was implemented with SAP Note 2140254. Maybe this is the cause of your similar problem.
The request line-item which get duplicated with the following statement in class CL_GRAC_PROVISIONING_ENGINE in method PROVISION
....
...
*****************************************************************************************************************
**For CUA -COMPOSITE ROLE the itemtype is CUA
*****************************************************************************************************************
data:lt_reqline_item_temp TYPE GRAC_T_API_REQLINEITEM,
ls_reqline_item_temp TYPE GRAC_S_API_REQLINEITEM.
lt_reqline_item_temp[] = ls_access_request-reqlineitm[].
LOOP AT lt_reqline_item_temp into ls_reqline_item_temp.
IF ls_reqline_item_temp-prov_item_type = grac0_role_type-CUA.
ls_reqline_item_temp-prov_item_type = grac0_role_profile_type-role.
ENDIF.
1
APPEND ls_reqline_item_temp TO ls_access_request-reqlineitm.
CLEAR:ls_reqline_item_temp.
ENDLOOP.
During processing and without using CUA the line items of the requests get simply duplicated.
(>>> Append statement)
Consequently the provisioning action is performed 2 times, as shown in the SLG1 log.
With Change/create request this doesn't has much impact, but for delete requests you get a provisioning failure as the "second" processing of the line item to delete the user will tell you that the user does not exist anymore, which is correct as the user was already deleted with the first line item....
regards
Johannes
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ken,
is this issue solved meanwhile ?
We are on GRC10.1 SP10 and it seems like a similar problem:
When deleting an user ID, (request type "DELETE ACCOUNT") the workflow is processed two times.
I can see this occurrence in the provisioning log and also with SLG1 log.
This user gets deleted properly, but then - for some reason- the workflow is processed again and the user - in that case - can not be deleted anymore.
Therefore I receive a error message from the plugin system ("User does not exist") and the workflow remains with status "pending".
I tried also with Request type "CHANGE ACCOUNT": also here the workflow is processed 2 times, but due to the fact that changing a user 2 times does not trigger an error message the workflow will get closed.
But also here I can see 2 provisioning log entries...
I was wondering if this could be a BRF+ related configuration error, because in SAP Portal there is no OSS dealing with this issue so far..
But maybe this is really a bug, which should be raised via OSS.
Any feedback on this topic highly appreciated..
regards
Johannes
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Ken,
can you please share screenshots from the audit log and the provisioning log for req #116. Also share SP level.
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Below is the screenshot of the request details and the provisioning log. Notice that some roles have 2 line item entries in the provisioning log, some have 3, some have 4, 5... etc. We have 2 approval stages in this particular workflow. We are also only provisioning to 1 system, which is ECC Production.
We are on GRC 10.0 SP13.
Thanks!
Hi Ken,
i have not faced this scenario. But, is your workflow sent to all approvers, so that each approves, and therefore the log
Regards
Plaban
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.