Skip to Content
avatar image
Former Member

GRC 10 SP13:NO ROLE owner standard detour path issue

Dear All,

Am using GRC 10 SP13,

I have configured single stage path i.e(New Path with Sec,Manager and ROLE_OWNER stage). Workflow will be Sec→Manager→Role Owner.

Enabled the routing rule i.e. GRAC_MSMP_DETOUR_NOROLE_OWNER in manager stage

Routing Level is Line item level

Created one more path with no stage in maintain path.

Mapped NO ROLE OWNER detour path between main and detour path at step 6 in MSMP.

My MSMP is working fine if i raise a request with a role where Role owner.

but it is failing to reach to No Role owner detour path in case of role owner missing in the request. After Manager approval, The request doesn't go to role owner for approval. Note No error occured. but can't able to proceed the request. Can any one please help me to configure.

Thanks & Regards,

Mohamed Fazil.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

6 Answers

  • Best Answer
    May 23, 2017 at 01:38 PM

    Mohamed,

    configuration looks ok as far as I can tell. Please share the MSMP debug log of the request so that we can see what is the issue.


    Regards,

    Alessandro

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Alessandro,

      Thanks for your reply,

      Am new to GRC, can you please guide me how to get MSMP debug log for the request,

      Looking forward for your response.

      Thanks & Regards,

      Mohamed Fazil.

  • avatar image
    Former Member
    May 17, 2017 at 10:20 AM

    please share the screen shot from audit in access request and route mapping from MSMP

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    May 18, 2017 at 01:20 AM

    Hi Venkat,

    Thanks for your response.

    Please find the attachment of audit log and route mapping from MSMP.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    May 24, 2017 at 05:38 AM

    Hi Alessandro

    Error remains in MSMP debug log.

    Please check.

    Thanks & Regards,

    Mohamed Fazil.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    May 24, 2017 at 07:13 AM

    Hi Alessandro,

    I have just enabled,
    MSMP debug log in GRFNMW_DEBUG and MSMP Debug Log Messages(GRFNMW_DEBUG_MSG).
    And i have created a test request,

    Request has been successfully completed.

    1624069 - GRC 10.0 Enabling Debug Logging for MSMP

    We strongly recommend customer should enable this log only in exceptional situations and disable the log once the problem is resolved.

    Which means just uncheck the debug on and file log option?

    Or we need to remove SAP_GRAC_ACCESS_REQUEST entries from the list.

    And please let me know,

    Debug Log Messages(GRFNMW_DEBUG_MSG) should be removed or leave as it like above screen?

    Additionally i have another question, I should allow the users to use only one default role(eg: Z_enduser) without having role owner in access request. there are some other roles which doesn' have role owners,how to restrict those roles.

    Looking for your response.

    Thanks & Regards,

    Mohamed Fazil.

    Add comment
    10|10000 characters needed characters exceeded

  • May 24, 2017 at 11:08 AM

    Hi Mohammed,

    great that it solved your problem. I always activate the MSMP debug log just in case something goes wrong. You can easily deactivate by just unticking the "Debug on" checkbox.

    If you have roles that you don't want users to have for provisioning, you have a couple of options. Either remove the "Provisioning allowed" flag in BRM (Role Maintenance > Open the Role and go to Additional Settings), or by restricting the authorization to roles. Restricting roles for provisioning use auth object GRAC_ROLEP.

    Hope that helps again.

    Regards,

    Alessandro

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Alessandro,

      Thank you very much.

      Hope will catch you sometime in some other topic.

      Best Regards,

      Mohamed Fazil.