cancel
Showing results for 
Search instead for 
Did you mean: 

Role does not exits in NWBC

0 Kudos

Hello Experts,

I am able to upload/import the roles in GRC 10.1(SP12)  from the ECC production system. All the Single roles are getting imported successfully but some of the roles say it does not exists. I did all the below steps but still its not working.

1. Generated the roles.

2. REP obj Sync Full/ Incremental.

3. Role status production/ PRD and complete.

4. Import file does not have any problem because 99% of the other roles got uploaded correctly and have no issues.

5. Role system validity is checked.

6. Role exists in the ECC prod. system, its picking up the profile name/description correctly.

Even after all these step still there are some roles which are under role exists status as 'No'.

Please can someone help me in resolving this issue.

Thanks,

Accepted Solutions (1)

Accepted Solutions (1)

0 Kudos

The issue is resolved. Thanks Manju for the table pointers.

This GUID mismatch occurred because the connector and the source system selected while importing the roles first time was different than what i was selecting for new connector group. There were several business roles which had these roles.

When i imported this with the new connector group and new source. GRC was unable to find the role in table GRACRLCONN. As there is only one entry per system for the role.

1. I had to delete all the associated business roles first then Derived roles and then Master role.

2. Run REP sync.

3. Import the single task(both Master and derived roles).

4. Import the business role and then the issue would be fixed.

Answers (1)

Answers (1)

Former Member
0 Kudos

Hi Ram,

If the roles exist in the back end system and the import is successful, running a repository object sync in full mode for the correct connector should change the Role exists status from NO to YES in BRM.

Try the following

1. Re-import the roles with no white spaces and Overwrite existing Role as Y

2. If you do not wish to maintain authorizations in BRM and use the role only for selection in access request then use Skip as the role authorization source while doing the role import

3. Once imported successfully run a full repository object sync for the correct connector and check if the role exists status changes from NO to YES.

4. Check whether the role exists in GRACROLE and GRACRLCONN tables.

Regards,

Manju

0 Kudos

Hi Manju,

Thanks for the pointers.

The role exists in GRACROLE and GRACRLCONN. But the GUIDs are not matching.


Scenario:Here ECCPRD is my connector common to both the connector groups 1 & 2


Table GRACROLE

Role 1 [GUID(XX)] ->  (ECCPRD) ConnectorGrp1

Role 1 [GUID(YY)] ->   (ECCPRD) ConnectorGrp2

Table GRACRLCONN

Role 1 [AC_REF_ROLEID(XX)]    ->  ECCPRD

As there is only one entry in the table GRACRLCONN for GUID(XX) for Connector Grp1

then role exists field is 'Yes' for Connector Grp1 and 'No' for ConnectorGrp 2

Problem:

I want to remove the role from connector group 1. Please let me know if i can do this, without deleting the PFCG role in the backend.

Former Member
0 Kudos

Hi Ram,

For removing the role from connector group 1, Go to NWBC -> Access Management -> Role Maintanence -> Role Search

Search for "Role 1" and you should see 2 results.

Select the Role with landscape Connector group 1 and Delete.

In the confirmation dialog select NO to delete the role only in BRM(front end) and not in PFCG.

Hope this helps.

Regards,

Manju

P.S : Can you also let us know the purpose of assigning connector(ECCPRD) to 2 different groups.

plaban_sahoo6
Contributor
0 Kudos

Hi,

The GUIDs will match for 1 connector and not across Connectors, for the same role.i understand that removal of role was not the original requirement. Is the original problem resolved.

Does 'Role exists' appear as 'Yes', when role is removed for one of the connectors.

Could you check your GRCPINW SP level on ECC. Does it have the required version/patch for GRC 10.1 SP12

Regards

plaban

0 Kudos

Hi Manju,

Thanks for the help.

There were 3 systems in the scope before, for Connector Grp 1 and now it was reduce to only 2 systems. But i dont want to delete the connector grp 1 as there are still some users/roles using connector grp 1. Is there a possiblity that the GUID/role id can be changed like below

I want the GUID (XXXB4812E)of the row 2 from the table GRACRLCONN to be reflected in the row 2 of the table GRACROLE

For grp2 it says the role does not exists. For grp 1 it says the role exists, as the GUID matches.

I re-imported role  1 for GRP2 with connector QTY but still the role id in table GRACROLE has some other value. It should be (XXXB4812E) in order for it to show role exists as 'Yes'.

0 Kudos

Hi Plaban,

The issue is not resolved yet.

Yes the version is GR10.1 and SP12

Thanks,