Skip to Content

GRC AC 10.1: Unable to mitigate a risk from the access risk violation dashboard


When attempting to mitigate a risk from the access risk violation dashboard a rabax error is received.

"500 SAP Internal Server Error

ERROR: Access using a 'ZERO' object reference is not possible. (termination: RABAX_STATE)"

Steps to reproduce the error:

1.In NWBC click on Reports and Analytics Work Centre.

2.Under Access Dashboards click on Risk Violations.

3.Drilldown on particular risk and click Run Risk Analysis. Run in the foreground.

4.Report will be displayed. Select a particular risk and click Mitigate Risk.

Component Version:

ST22 Error:

ST22 Code Error:

METHOD get_oif_info.
DATA lo_fpm TYPE REF TO if_fpm.
DATA lv_tf_year TYPE grfn_tf_year.
DATA lv_timeframe TYPE grfn_timeframe.
DATA lv_date TYPE grfn_date.

lo_fpm = cl_fpm_factory=>get_instance( ).

>>>>>>>>> lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_object_id IMPORTING ev_value = ev_object_id ).
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_regulation_id IMPORTING ev_value = ev_regulation_id ).
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_app_comp IMPORTING ev_value = ev_app_comp ).
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_mode IMPORTING ev_value = ev_mode ).
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_tf_year IMPORTING ev_value = lv_tf_year ).
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_timeframe IMPORTING ev_value = lv_timeframe ).
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_parent_id IMPORTING ev_value = ev_parent_id ).
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_entity_id IMPORTING ev_value = ev_entity_id ).
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_main_view IMPORTING ev_value = ev_mainview ).
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_date IMPORTING ev_value = lv_date ).
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_workitem IMPORTING ev_value = ev_wi_id ).

* IF ev_app_comp IS NOT INITIAL.
* cl_grfn_api_integration=>set_running( ev_app_comp ).

"date has higher priority when session is opened
eo_session = cl_grfn_api_session=>open_daily(
iv_date = lv_date ).
"use daily timeframe if navigated from work inbox
ELSEIF ev_wi_id IS NOT INITIAL AND lv_timeframe IS INITIAL AND lv_tf_year IS INITIAL.
eo_session = cl_grfn_api_session=>open_daily( ).
eo_session = cl_grfn_api_session=>open(
iv_timeframe = lv_timeframe
iv_tf_year = lv_tf_year ).

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Best Answer
    avatar image
    Former Member
    Aug 02, 2017 at 05:06 PM

    Note 2396639 fixed a very similar issue for me. Try it!

    Add comment
    10|10000 characters needed characters exceeded

  • Jul 25, 2017 at 08:22 PM

    Hi Nakita,

    Do you get the dump when you try to mitigate from User level analysis(Access Management Tab) not from Dashboard risk violation?



    Add comment
    10|10000 characters needed characters exceeded

    • Hi Ramesh

      This error does not occur on the live (real-time) reports found under Access Management tab. If you check the dashboard and drill down to user level and run the analysis on the user, you get the Risk violations per that user. If you then click the Mitigate Risk button, the error occurs.

      The below is all the notes we've implemented on top of SP-16:

      2397975 2 10.1 : ARA : Dump on exporting Background Risk Analysis results

      2401880 1 ARA Risk Analysis authority check fails if risk is defined in more than one rule

      2417823 1 Mitigation Control restriction according to the Region

      2419024 1 Missing items in 'Requests with Conflicts and Mitigation' and 'Risk Violation in

      2423430 1 Missing Business Process codes on Mitigating Control Library report

      2426060 2 Mitigation Analysis with Offline Data checked shows no result

      2427402 2 User Analysis dashboard report - Users with Critical Action count is invalid

      2461018 2 GRC 10.1 Issues in Risk Violations and User Analysis Dashboard after upgrading t

      2505658 2 Error when forwarding Control Assignment Approval Workflow request

      According to the ABAP'er it seems as though the dashboard data is being cleared from a cache or temp table when the button is clicked to Mitigate the Risk.

      We believe the new functionality put in place to multi-select the user groups may be similar. If you choose a different user group from ALL and drill down, the numbers all say zero in the ALV.

      Kind regards


  • avatar image
    Former Member
    Jul 27, 2017 at 02:37 PM

    We are getting the same error when trying to mitigate risk from a background user level risk analysis. Have you found a solution for this issue?

    Add comment
    10|10000 characters needed characters exceeded

  • Jul 20, 2017 at 11:03 AM

    Hello Nakita,

    Please check if mitigation assignment is working fine for ad-hoc risk analysis screen. If yes, please confirm that the offline risk analysis results are correct. You can execute Batch Risk Analysis to get correct offline data.

    Kind regards,


    Add comment
    10|10000 characters needed characters exceeded

    • Hi Yashasvi

      The ad hoc analysis works correctly.

      We are still investigating the problem with the offline data and will revert with an answer when we know.

      Kind regards


  • Jul 21, 2017 at 04:59 AM


    Could you check the error in SAP Notes, as suggested in ST22. Also make an ABAPer take note of this.



    Add comment
    10|10000 characters needed characters exceeded