on 02-08-2016 7:08 PM
Hello Experts,
I am on GRC10.1 SP12.
I have 2 stage workflow
1. manager and 2. role owner
once both of them approved the request should be auto provisioned.
I am facing an issue here. The roles are assigned to the user in back-end but the work flow is taking escape route as it is not able to find a user group. The request then waits for the GRC security team for approval but the roles are already provisioned. I have configured the auto provisioning at end of the request in spro.
This is happening with or without risks in the access request.
Regards,
Ram
Please let me know if anyone has a solution for this. I am facing problem when i am removing a role from the user. The role is getting removed for the su01 but the request is taking escape path due to auto provisioning failure and going to the Security stage. Where, if i try to approve the request. There is an error displayed,"Role not assigned".
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ram,
My last resort when troubleshooting workflow issues in GRC is to perform all Post-Installation activities again. In particular, make sure all the workflow linkages are activated within tcode SWE2 (not just the highlighted ones in the post installation document). Also make sure you have activated all the workflow tasks in SWDD, as described in the post-installation doc. Additionally, Post-Installation activities do not transport properly, so if these weren't done in each environment independently this might be the issue.
-Ken
Hi Ram,
Have you verified that the same user groups are configured in ECC (or the target system) and in GRC? You can use SUGR to maintain user groups and SUGRD to display the user groups that are configured.
-Ken
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I would verify that you have "Provision at end of request" configured for Global setting as well as specific-system connector (if this is also configured). The specific system may have "Provision at end of Path" configured, which would override the global setting. I agree that the request should not provision if there is an error and a re-route to escape path. Although, maybe this is a bug.
How are you setting the User Group within the request? It should be set within the System Details tab of the request.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.