Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC AC10.1 - Manager rejection at Role Level

Go to solution
Former Member

‎05-16-2016 8:43 PM

0 Kudos

Hello All,

I have a requirement from my customer to make "Rejection at role level" active for the MANAGER stage on GRC AC.

I changed my MSMP config to activate it, but when at the manager stage trying to reject a role and approve the rest of the request, the system gives me the message "User xxxxxxxxxxxxxx does not exist on system xxxxxxxxxxxxxxx"

Users are requested to select the system upon request submission and system has NO APPROVAL path.

Only work around I found is for the manager to click on "Show All Assignments" and bring the requested system on. Doing this he is able to approve and reject any role without issues.

Anyone has a recommendation?

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎05-17-2016 11:32 AM

0 Kudos

Hello Bruna,

You have not shared your GRC SP level, although SAP note 2243272 - UAM: Error message is displayed if connector is missing at stage level while approving an access request for new account - seems to be applicable to this issue.

Best Regards,

Zoltan

7 REPLIES 7

Go to solution
former_member185447
Active Contributor

‎05-17-2016 2:31 AM

0 Kudos

Hello Bruna,

1. Please Check if the Parameter 2051 is maintained as YES or Not?

If set to YES, the application validates the UserID exists on the specified source system. If the user does not exist, the application does not allow the request to continue. The validation is performed when you choose Submit or press Enter

2. Also, Check if the maintain data source configuration is maintained properly?



Regards,

Rakesh M.

Go to solution
plaban_sahoo6
Contributor

‎05-17-2016 6:58 AM

0 Kudos

Hi,

in User Provisioning Maintain provisioning settings>Global/System> tick mark Account validation check, and set it to Error. This will prevent submission of request(eg. change user), for a user id of 1 system, but assignment of role in other system(where user id does not exist)

Regards

Plaban

Go to solution
Former Member

‎05-17-2016 11:28 AM

0 Kudos

Hi Bruna,

In SPRO-->Maintain provisioning settings(Global/System Provisioning) for Create User if does not exist option you need to check the box for "For Assign Role Action" and "For Change User Action".

Also check if the request type(New) has the appropriate actions(Create User and Assign object) under Define request types.

Regards,

Manju

Go to solution
Former Member
In response to Former Member

‎05-17-2016 1:37 PM

0 Kudos

Hello,

Thank you for your reply!


This could be an option but it conflicts with the "account validation check" (that is a client requirement) to prevent a new account request bring submitted when user ID already exists.

Go to solution
Former Member

‎05-17-2016 11:32 AM

0 Kudos

Hello Bruna,

You have not shared your GRC SP level, although SAP note 2243272 - UAM: Error message is displayed if connector is missing at stage level while approving an access request for new account - seems to be applicable to this issue.

Best Regards,

Zoltan

Go to solution
Former Member
In response to Former Member

‎05-17-2016 1:50 PM

0 Kudos

Hello!


Thank you! We are on 10.1 SP11, this note sounds exactly what I'm looking for. We will apply it today and I will post how it went.

Thank you very much again!

Go to solution
Former Member
In response to Former Member

‎05-18-2016 7:26 PM

0 Kudos

Hello,

Note 2243272 - Fixed my issue! Thank you very much.