on 07-26-2016 8:24 PM
Hello expwrts,
We are in grc 10.1 and configuring 80 systems to our grc production. Which includes PROD,QA,UAT,DEV. We use Prod only for cup and the remaing systems are for pss.
When we added the connector integration scenarios,in PROV we added the conectirs. ALL systens are displayed in cup connector.
Our REQUIREMENT is to show only prod connectors in cup and remaining all including prod for PSS
I removed the connwctors from Prov.. but pss is not working. So how to grt this scenario
Please suggest.
Regards
Ravi
Hello Ravi,
This can be restricted using the authorization object GRAC_SYS as Manjunath Mentioned.
1. Check if you maintained ASSIGN in activity
2. Check if you maintained the valid Connector Ids
Try to look into this notes which will give you some idea on how to proceed further
1829115 - How to enable systems to appear in the Select Systems screen for Password Self Service
Regards,
Rakesh Ram M
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Rakesh,
thanks for your reply.
I tried with SAP_SYS object id and maintianed teh prod connectors. While creating the request it displayed only those prod systems which is fine. But when i try to use the PSS functionality, then instead of 80 systems it is showing only those production systems maintained in PSS.
Please suggest
Regards,
Ravi.
Hello,
Please restrict at object level not config level.
modify your role
connector have to be maintained in PROV scenario
Regards,
Prasant
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi plaban,
Earlier we maintained in AUth , PROV..
But while creating access request the connectors are displayed in dropdown. So i removed from PROV. Still the systems are existing in AUTH and Sync is Successful.
Now trying to restrict at object level as suggested by prasanth. So checking what is the exact object to restrict. Eeven if we dnt maintained in prov .. stil repository sync is succesful. But we dnt ran AUTH SYNC because we need these 80 systems only for PSS.
Please suggest how to get the scenario.
Regards,
Ravi
Hi Ravi,
You dont have to make any changes in the integration scenarios.
GRAC_SYS should be the authorization object to control the visibility of systems. You can make a copy of SAP_GRAC_ACCESS_REQUESTOR role and restrict the object as per your requirement.
Wrt PSS you need to enable the connector for PSS in SPRO -> Maintain Connector Settings as a first step.
Refer the below link for PSS configuration
http://scn.sap.com/docs/DOC-58058
Regards,
Manju
Hi plaban,
If we perfirm auth sync i dnt thnk it will work untill we perform the repository sync.
Pss is wrkng fine for the prod systems but the point is all the 80 systems were displayed in cup access request which is confusing to the users.
Trying with the GRAC_SYS object suggested by manju and prasanth. But it is restricting systems in risk anakysis also.. but stikl need to check where it restricts the users.
If any other ibject needs to maintain olease suggest. We will maintain the production systems in that object, so that iN accessrequest only production systems will display and in pss it displays all the 80 connectors.
Please suggest
Regards
Ravi
H Manjunath,
i tried by restricting the GRAC_SYS. In access request this is working perfectly. but when i reset the password, at that time only system maintained in GRAC_SYS is displaying. but not all 80 connectors.
We are creating and resetting though end user logon..
Please suggest.
regards,
ravi.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.