cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Access Request Provisioning Failure

Go to solution
Former Member

on ‎04-11-2016 8:12 AM

0 Kudos

Good Day Experts.

Hope someone will be able to assist me

We are busy implementing Access Request in GRC 10.1.

I have 6 plug in systems linked to GRC 10.1

Auto provisioning is working 100% for 5 of these systems, but the last system, BW System, it doesn't want to work at all.

I keep on getting an error message under the provisioning logs saying that the user does not exists in target system. The Access Requests gets closed as Approved.

In SLG1 I get the message from plugin system, saying that the user does not exists in the target system

All the plug in systems share the same config from GRC in terms of Access Request and Provisioning.

When I assign roles to an existing user in the BW System, it works fine, just when I want to create a new user, I get the error.

I have looked everywhere for answers and can't seem to get the correct one.

It is strange that for 5 systems it works and for just 1, I am having problems with.

Any information would be great

Regards

Gerrit

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎04-14-2016 2:22 PM
0 Kudos

Good Day all.

Just some feedback on my issue. The SAP Note 2027126 was implemented in the back end system (BW in my case) and this resolved my issue.

When creating an Access Request now for a new user for BW, the GRC_RFC user automatically creates the user and generates the password successfully in BW System.

I no Longer get any issues

Thanks for everyone's help and assistance.

Regards

Gerrit

Show replies
Show replies

Answers (3)

Answers (3)

former_member182655
Contributor
‎04-12-2016 11:31 AM
0 Kudos

Hi Gerrit,

Do you use CUA for your systems?

Regards,

Artem

Show replies
Show replies
Former Member
‎04-12-2016 11:46 AM
0 Kudos

Hi Artem, Hi All

No, we do not use CUA at this stage.

I think I might have solved my issue. It is an issue with the password in the plug in system. BW in my case.

I tried a different approach. When I created a new access request for a new user, under the Tab "User System Details", there is a field called "Password" and "Confirm Password". In here, I entered a Password for the user.

Upon Approval, the user was created in the BW System and Roles were assigned.

If I leave these 2 blank, The user doesn't get created and the BW System.

Very strange issue indeed, but believe me, it worked when I entered a password

So it seems to be some sort of password issue. In my case, I told BW what I want the Password to be, instead of letting BW tell me what the password should be.

But keep in mind, that for all my other systems, I leave this blank and it works 100%. So Only for BW.

I then found a SAP Note that might be the resolution (SAP Note 2027126). The Note is not very clear, so we will implement it and test to see if it works. If this doesn't resolve the issue, I will look at the Plug In Component for GRC in BW. Maybe we need to upgrade to a higher version or SP.

Thank you and please let me know if you need more information

Regards

Gerrit

former_member182655
Contributor
‎04-13-2016 10:08 AM
0 Kudos

Hi Gerrit,

Really strange behaviour, seems that your communication user cannot generate password. Could you please to trace the permission of the user? Despite you have similar settings the permission may vary depending on NW or Basis release.

Please use ST01 to be sure user has all needed permissions.

Regards,

Artem

Former Member
‎04-13-2016 10:33 AM
0 Kudos

Hi Artem

Thank you, yes, I have even done a trace for the user. All Authorizations was 100% successful. I got no Errors for the communication user.

I have requested to get the note mentioned above, implemented. Once done, I will test and give feedback if this resolved it.

Regards

Gerrit

former_member185447
Active Contributor
‎04-14-2016 2:46 AM
0 Kudos

Hello Gerrit,

Check if the parameter 2050 or 2051 helps you.

Regards,

Deepak M

Former Member
‎04-14-2016 6:54 AM
0 Kudos

HI Deepak

Thanks for the information

Par 2051 helps to check if the user exists, but still doesn't solve the issue for us as it has something to do with the password creation by the backend system

.

We do not have 2050 setup as we do not use data sources for LDAP. I looked at this parameter, but in my opinion, it is rather similar to 2051. Maybe I am wrong

thanks

former_member222517
Explorer
‎04-11-2016 3:17 PM
0 Kudos

Hi Gerrit,

Please cross check the 'maintain provisioning settings'

If these settings are maintained for your BW system.

Also check if your connector is added in Maintain Mapping for Actions and connector group has action '4' added for BW system.

Thanks

Priyanka

Show replies
Show replies
Former Member
‎04-12-2016 6:55 AM
0 Kudos

Hi Priyanka

Thank you for the reply.

I checked the Mapping for Actions and Connector Groups. Our BW system is setup only for Basis Logical Group and here I have setup 4 for BW System.

For the Maintain Provisioning Settings, I am using Global Provisioning Settings for all my systems. Here I have Create User for Role Assign Action Selected. I felt it was not needed to select Create User for Change User Action as I am forcing the user to lookup a User that needs to change. So if the user is not found, it means he doesn't exist and therefore not allowed to continue with the Access Request.

I have tried previously to also select this option, but still got he same issue for BW System.

Thank You

former_member226273
Active Participant
‎04-11-2016 1:09 PM
0 Kudos

Hello Gerrit,

Have you checked if all the mandatory things for user account are present and are correct?

For example, the user group maintained in access request may not exist in plug-in system.

Kind regards,

Yashasvi

Show replies
Show replies
Former Member
‎04-12-2016 7:07 AM
0 Kudos

Hi Yashashvi

Thank you for your reply. Yes, I have checked this as well. I even tried to create a user without a User Group and still this didn't work

Thanks

Gerrit

Ask a Question