Skip to Content

GRC 10.0 Provisioning Log - Duplicate records


Hello All,

My Provisioning log is showing duplicate entries. For example, Access Request #116 provisioned 1 role to the user, but I see 3 line items that are all the same in the provisioning log. Any ideas why this is happening or how to correct it?

Thanks in advance!

-Ken

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

4 Answers

  • author's profile photo Former Member
    Former Member
    Posted on May 27, 2015 at 01:54 AM

    Hi Ken,

    i have not faced this scenario. But, is your workflow sent to all approvers, so that each approves, and therefore the log

    Regards

    Plaban

    Add a comment
    10|10000 characters needed characters exceeded

    • This particular request had 2 approval stages, however in the provisioning log I am seeing roles with many different number of line items. Some have 2 lines, some have 3, some have 4, etc. See below response screenshots directed towards Alessandro.

      -Ken

  • Posted on May 27, 2015 at 06:46 AM

    Dear Ken,

    can you please share screenshots from the audit log and the provisioning log for req #116. Also share SP level.

    Regards,

    Alessandro

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Nov 03, 2015 at 10:23 AM

    Hi Ken,

    is this issue solved meanwhile ?

    We are on GRC10.1 SP10 and it seems like a similar problem:

    When deleting an user ID, (request type "DELETE ACCOUNT") the workflow is processed two times.

    I can see this occurrence in the provisioning log and also with SLG1 log.

    This user gets deleted properly, but then - for some reason- the workflow is processed again and the user - in that case - can not be deleted anymore.

    Therefore I receive a error message from the plugin system ("User does not exist") and the workflow remains with status "pending".

    I tried also with Request type "CHANGE ACCOUNT": also here the workflow is processed 2 times, but due to the fact that changing a user 2 times does not trigger an error message the workflow will get closed.

    But also here I can see 2 provisioning log entries...

    I was wondering if this could be a BRF+ related configuration error, because in SAP Portal there is no OSS dealing with this issue so far..

    But maybe this is really a bug, which should be raised via OSS.

    Any feedback on this topic highly appreciated..

    regards

    Johannes

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Apr 28, 2016 at 09:14 AM

    Hi Ken,

    after further analysis I was able to re-solve - at least - my issue with the duplicated records.

    we found a SAP bug in the coding of the provisioning engine, which was implemented with SAP Note 2140254. Maybe this is the cause of your similar problem.

    The request line-item which get duplicated with the following statement in class CL_GRAC_PROVISIONING_ENGINE in method PROVISION

    ....

    ...

    *****************************************************************************************************************

    **For CUA -COMPOSITE ROLE the itemtype is CUA

    *****************************************************************************************************************

    data:lt_reqline_item_temp TYPE GRAC_T_API_REQLINEITEM,

    ls_reqline_item_temp TYPE GRAC_S_API_REQLINEITEM.

    lt_reqline_item_temp[] = ls_access_request-reqlineitm[].

    LOOP AT lt_reqline_item_temp into ls_reqline_item_temp.

    IF ls_reqline_item_temp-prov_item_type = grac0_role_type-CUA.

    ls_reqline_item_temp-prov_item_type = grac0_role_profile_type-role.

    ENDIF.

    1

    APPEND ls_reqline_item_temp TO ls_access_request-reqlineitm.

    CLEAR:ls_reqline_item_temp.

    ENDLOOP.

    During processing and without using CUA the line items of the requests get simply duplicated.

    (>>> Append statement)

    Consequently the provisioning action is performed 2 times, as shown in the SLG1 log.

    With Change/create request this doesn't has much impact, but for delete requests you get a provisioning failure as the "second" processing of the line item to delete the user will tell you that the user does not exist anymore, which is correct as the user was already deleted with the first line item....

    regards

    Johannes

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.