cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Pss in grc 10

Former Member

on ‎07-26-2016 8:24 PM

0 Kudos

Hello  expwrts,

We are in grc 10.1 and configuring 80 systems to our grc production. Which includes PROD,QA,UAT,DEV.  We use Prod only for cup and the remaing systems are for pss.

When we added the connector integration scenarios,in PROV we added the conectirs. ALL systens are displayed in cup connector.

Our REQUIREMENT is to show only prod connectors in cup and remaining all including prod for PSS

I removed the connwctors from Prov.. but pss is not working. So how to grt this scenario

Please suggest.

Regards

Ravi

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member185447
Active Contributor
‎07-28-2016 2:04 AM
0 Kudos

Hello Ravi,

This can be restricted using the authorization object GRAC_SYS as Manjunath Mentioned.

1.       Check if you maintained ASSIGN in activity

2.      Check if you maintained the valid Connector Ids

Try to look into this notes which will give you some idea on how to proceed further


1829115 - How to enable systems to appear in the Select Systems screen for Password Self Service



Regards,

Rakesh Ram M

Show replies
Show replies
Former Member
‎07-28-2016 8:00 PM
0 Kudos

Hi Rakesh,

thanks for your reply.

I tried with SAP_SYS object id and maintianed teh prod connectors. While creating the request it displayed only those prod systems which is fine. But when i try to use the PSS functionality, then instead of  80 systems it is showing only those production systems maintained in PSS.

Please suggest

Regards,

Ravi.

former_member193066
Active Contributor
‎07-26-2016 11:37 PM
0 Kudos

Hello,

Please restrict at object level not config level.

modify your role

connector have to be maintained in PROV scenario

Regards,

Prasant

Show replies
Show replies
Former Member
‎07-27-2016 4:01 AM
0 Kudos

hi prasanth

Thanks for the reply.

So we have to restrict gracconn or gracreq??please suggest the exact object.

Regards

Ravi.

Message was edited by: ravi kumar

plaban_sahoo6
Contributor
‎07-27-2016 4:42 AM
0 Kudos

Hi,

Could you execute AUTH sync job for all connectors for PSS.

Regards

plaban

Former Member
‎07-27-2016 5:06 AM
0 Kudos

Hi plaban,

Earlier we maintained in AUth , PROV..

But while creating access request the connectors are displayed in dropdown. So i removed from PROV. Still the systems are existing in AUTH and Sync is Successful.

Now trying to restrict at object level as suggested by prasanth. So checking what  is the exact object to restrict. Eeven if we dnt maintained in prov .. stil repository sync is succesful. But we dnt ran AUTH SYNC because we need these 80 systems only for PSS.

Please suggest how to get the scenario.

Regards,

Ravi

Former Member
‎07-27-2016 5:35 AM
0 Kudos

Hi Ravi,

You dont have to make any changes in the integration scenarios.

GRAC_SYS should be the authorization object to control the visibility of systems. You can make a copy of SAP_GRAC_ACCESS_REQUESTOR role and restrict the object as per your requirement.

Wrt PSS you need to enable the connector for PSS in SPRO -> Maintain Connector Settings as a first step.

Refer the below link for PSS configuration

http://scn.sap.com/docs/DOC-58058

Regards,

Manju

Former Member
‎07-27-2016 5:48 AM
0 Kudos

Hi Manju,

Thanks for your inputs.

I already gime through the document. Now as per your suggestion i will maintain grac_sys object and maintain our prod systems 10 in dat object. So that in cup we will see only 10 systems where as in pss we can see all 80 systems right

Regards

Ravi

plaban_sahoo6
Contributor
‎07-27-2016 8:42 AM
0 Kudos

Hi,

you would have maintained PSS config(Questions and answers). in IMG and performed AUTH Sync job, for PSS to work.

Regards

plaban

Former Member
‎07-27-2016 12:56 PM
0 Kudos

Hi plaban,

If we perfirm auth sync i dnt thnk it will work untill we perform the repository sync.

Pss is wrkng fine for the prod systems but the point is all the 80 systems were displayed in cup access request which is confusing to the users.

Trying with the GRAC_SYS object suggested by manju and prasanth. But it is restricting systems in risk anakysis also.. but stikl need to check where it restricts the users.

If any other ibject needs to maintain olease suggest.  We will maintain the production systems in that object, so that iN accessrequest only production systems will display and in pss it displays all the 80 connectors.

Please suggest

Regards

Ravi

former_member193066
Active Contributor
‎07-27-2016 1:42 PM
0 Kudos

did you try using restricting at environment level in GRAC_SYS

keep PRD.

Monsores
Active Participant
‎07-27-2016 2:54 PM
0 Kudos

Hi Ravi.

Try restricting this in GRAC_ROLEP/GRAC_SYSID.

Regards,

Marcelo Monsores

Former Member
‎07-28-2016 7:52 PM
0 Kudos

H Manjunath,

i tried by restricting the GRAC_SYS. In access request this is working perfectly. but when i reset the password, at that time only system maintained in GRAC_SYS is displaying. but not all 80 connectors.

We are creating and resetting though end user logon..

Please suggest.

regards,

ravi.

Former Member
‎07-28-2016 7:56 PM
0 Kudos

Hi Prasanth,

thanks for your reply. i have restricted in environment objrct by PRD.. SO what systems are maintained in PRD are displaying in Access request. But when i use PSS only PRD systems are displayed. but not all the 80 connectors.

Please suggest

Regards,

Ravi.

Ask a Question