Skip to Content

GRC 10.1 single role not assigned

Jun 16, 2017 at 02:03 PM


avatar image

I have seen this question asked a number of times but no one seems to have an answer so I will ask again.

Tech Spec:

GRC 10.1 SP 16

GRCPINW V1100_731 SP18 Plug -in system

NOT a CUA environment.

I have gotten provisioning of a user to a single role to work but when Run the Repository synch job after the update and then try to remove the role that I just added to my test user I gett the dreaded "Single Role Z**** is not assigned to a user in System XXXXXX. The Remove action cannot be performed"

Again I have run the repository synch job and it allows me to see the role on the user and select it to be removed but I still get the error.

I have given my RFC ID's SAP_ALL/NEW just to ensure it is not a rights issue.

I am not getting any errors in SLG1

I have defined my "Change" 02 request type and maintained the below actions.

I do not think it is an MSMP issue as I am not even able to get past the initial start of the selection process to initiate the Workflow.

All previous searches on this topic (which there are a few) refer to notes that have already been implemented in my environment as I am as the latest service pack level.

Any help at all would be appreciated.


remove-request.jpg (79.2 kB)
request-type.jpg (21.2 kB)
10 |10000 characters needed characters left characters exceeded


I have also confirmed that the Role_ID in teh GRACRLCONN table is assigned to the user for that connector in the GRACUSERROLE table.

So even though in NWBC the chance user screen is stating that the role is not assigned, the tables specifically show that this is not the case. It would seem to me that this is a program bug.

I have also run the comparison report that shows that the role is assigned to the user.

role-match.jpg (209.1 kB)
* Please Login or Register to Answer, Follow or Comment.

3 Answers

Best Answer
Michael Hughes Jun 27, 2017 at 08:11 PM

Ramesh, thank you for the comments but this was resolved by another issue.

I was following a combination of notes from Class and the online community on how to set up AD LDAP for GRC requests and in one of those documents it stated you needed to maintain the User Data Type as "SU01" in the "User Search Data Sources".

This is in correct because SU01 refers to the ABAP system which states that all entries in the Table are upper case. When I typed in the users ID in the Access request in Upper Case this issue went away.

The problem is that all of the users Active Directory ID's are in lower case or mixed case.

The resolution from SAP was to remove the "SU01" from the User Data Type entry so that it would not convert to upper case and use what came out of LDAP.

This resolved the issue and I am now able to removed/add/update role assignments.

grc10.jpg (42.9 kB)
10 |10000 characters needed characters left characters exceeded
Ramesh Vithanala Jun 27, 2017 at 06:12 PM

Hi Michael,

Can you delete the action 09 - remove for the request type 2 (change account).



10 |10000 characters needed characters left characters exceeded
Bharati Tambade Feb 15 at 10:02 PM

Hi Michael

Thank you for your notes above!!

I had a similar issue where I was not able to submit a "Role Removal " Request wherein the user had the role assigned in back end SAP and it as well was synced through synchronization jobs . I could pull up the assignment in "Access request" screen ,however, was not able to remove it.

I entered user ID in upper case and I was able to submit the role removal request

However, when I check my settings " User Search Data Sources" , the entry for data type is already "blank".


I will keep searching for answer but let me know if you have any inputs. Thank you!!- Bharati

setting.jpg (41.9 kB)
10 |10000 characters needed characters left characters exceeded