on 04-11-2016 8:12 AM
Good Day Experts.
Hope someone will be able to assist me
We are busy implementing Access Request in GRC 10.1.
I have 6 plug in systems linked to GRC 10.1
Auto provisioning is working 100% for 5 of these systems, but the last system, BW System, it doesn't want to work at all.
I keep on getting an error message under the provisioning logs saying that the user does not exists in target system. The Access Requests gets closed as Approved.
In SLG1 I get the message from plugin system, saying that the user does not exists in the target system
All the plug in systems share the same config from GRC in terms of Access Request and Provisioning.
When I assign roles to an existing user in the BW System, it works fine, just when I want to create a new user, I get the error.
I have looked everywhere for answers and can't seem to get the correct one.
It is strange that for 5 systems it works and for just 1, I am having problems with.
Any information would be great
Regards
Gerrit
Good Day all.
Just some feedback on my issue. The SAP Note 2027126 was implemented in the back end system (BW in my case) and this resolved my issue.
When creating an Access Request now for a new user for BW, the GRC_RFC user automatically creates the user and generates the password successfully in BW System.
I no Longer get any issues
Thanks for everyone's help and assistance.
Regards
Gerrit
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Gerrit,
Do you use CUA for your systems?
Regards,
Artem
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Artem, Hi All
No, we do not use CUA at this stage.
I think I might have solved my issue. It is an issue with the password in the plug in system. BW in my case.
I tried a different approach. When I created a new access request for a new user, under the Tab "User System Details", there is a field called "Password" and "Confirm Password". In here, I entered a Password for the user.
Upon Approval, the user was created in the BW System and Roles were assigned.
If I leave these 2 blank, The user doesn't get created and the BW System.
Very strange issue indeed, but believe me, it worked when I entered a password
So it seems to be some sort of password issue. In my case, I told BW what I want the Password to be, instead of letting BW tell me what the password should be.
But keep in mind, that for all my other systems, I leave this blank and it works 100%. So Only for BW.
I then found a SAP Note that might be the resolution (SAP Note 2027126). The Note is not very clear, so we will implement it and test to see if it works. If this doesn't resolve the issue, I will look at the Plug In Component for GRC in BW. Maybe we need to upgrade to a higher version or SP.
Thank you and please let me know if you need more information
Regards
Gerrit
Hi Gerrit,
Really strange behaviour, seems that your communication user cannot generate password. Could you please to trace the permission of the user? Despite you have similar settings the permission may vary depending on NW or Basis release.
Please use ST01 to be sure user has all needed permissions.
Regards,
Artem
HI Deepak
Thanks for the information
Par 2051 helps to check if the user exists, but still doesn't solve the issue for us as it has something to do with the password creation by the backend system
.
We do not have 2050 setup as we do not use data sources for LDAP. I looked at this parameter, but in my opinion, it is rather similar to 2051. Maybe I am wrong
thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Priyanka
Thank you for the reply.
I checked the Mapping for Actions and Connector Groups. Our BW system is setup only for Basis Logical Group and here I have setup 4 for BW System.
For the Maintain Provisioning Settings, I am using Global Provisioning Settings for all my systems. Here I have Create User for Role Assign Action Selected. I felt it was not needed to select Create User for Change User Action as I am forcing the user to lookup a User that needs to change. So if the user is not found, it means he doesn't exist and therefore not allowed to continue with the Access Request.
I have tried previously to also select this option, but still got he same issue for BW System.
Thank You
Hello Gerrit,
Have you checked if all the mandatory things for user account are present and are correct?
For example, the user group maintained in access request may not exist in plug-in system.
Kind regards,
Yashasvi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.