cancel
Showing results for 
Search instead for 
Did you mean: 

Auto provisioning failed but roles are assigned in backend

0 Kudos

Hello Experts,

I am on GRC10.1 SP12.

I have 2 stage workflow

1. manager and 2. role owner

once both of them approved the request should be auto provisioned.

I am facing an issue here. The roles are assigned to the user in back-end but the work flow is taking escape route as it is not able to find a user group. The request then waits for the GRC security team for approval but the roles are already provisioned. I have configured the auto provisioning at end of the request in spro.

This is happening with or without risks in the access request.

Regards,

Ram

Accepted Solutions (0)

Answers (2)

Answers (2)

0 Kudos

Please let me know if anyone has a solution for this. I am facing problem when i am removing a role from the user. The role is getting removed for the su01 but the request is taking escape path due to auto provisioning failure  and going to the Security stage. Where, if i try to approve the request. There is an error displayed,"Role not assigned".

Former Member
0 Kudos

Ram,

My last resort when troubleshooting workflow issues in GRC is to perform all Post-Installation activities again.  In particular, make sure all the workflow linkages are activated within tcode SWE2 (not just the highlighted ones in the post installation document).  Also make sure you have activated all the workflow tasks in SWDD, as described in the post-installation doc.  Additionally, Post-Installation activities do not transport properly, so if these weren't done in each environment independently this might be the issue.

-Ken

former_member272126
Discoverer
0 Kudos

Hi Ram Krishna ,

Is your issue resolved ? I am facing exactly the same issue.Please share what you did to correct it.

Regards

Harsha

Former Member
0 Kudos

Hi Ram,

Have you verified that the same user groups are configured in ECC (or the target system) and in GRC?  You can use SUGR to maintain user groups and SUGRD to display the user groups that are configured.

-Ken

0 Kudos

Thank Ken for the quick reply.

The user group is not created in one of the systems but still why is the auto provisioning happening.if it is still lying at the escape route stage "GRAC_SECURITY". It should not assign the roles correct?

I am doing a negative testing over here.

Former Member
0 Kudos

I would verify that you have "Provision at end of request" configured for Global setting as well as specific-system connector (if this is also configured).  The specific system may have "Provision at end of Path" configured, which would override the global setting.  I agree that the request should not provision if there is an error and a re-route to escape path.  Although, maybe this is a bug.

How are you setting the User Group within the request?  It should be set within the System Details tab of the request.

0 Kudos

For all the systems individually as well as global provisioning the value is set to "auto provisioning at end of the request.

The user groups are populated from the BRF+ initiator.