Skip to Content
1

GRC AC 10.1: Unable to mitigate a risk from the access risk violation dashboard

Jul 20, 2017 at 04:16 AM

268

avatar image

Error:

When attempting to mitigate a risk from the access risk violation dashboard a rabax error is received.

"500 SAP Internal Server Error

ERROR: Access using a 'ZERO' object reference is not possible. (termination: RABAX_STATE)"

Steps to reproduce the error:

1.In NWBC click on Reports and Analytics Work Centre.

2.Under Access Dashboards click on Risk Violations.

3.Drilldown on particular risk and click Run Risk Analysis. Run in the foreground.

4.Report will be displayed. Select a particular risk and click Mitigate Risk.


Component Version:


ST22 Error:


ST22 Code Error:

METHOD get_oif_info.
DATA lo_fpm TYPE REF TO if_fpm.
DATA lv_tf_year TYPE grfn_tf_year.
DATA lv_timeframe TYPE grfn_timeframe.
DATA lv_date TYPE grfn_date.

lo_fpm = cl_fpm_factory=>get_instance( ).

>>>>>>>>> lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_object_id IMPORTING ev_value = ev_object_id ).
lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_regulation_id IMPORTING ev_value = ev_regulation_id ).
lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_app_comp IMPORTING ev_value = ev_app_comp ).
lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_mode IMPORTING ev_value = ev_mode ).
lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_tf_year IMPORTING ev_value = lv_tf_year ).
lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_timeframe IMPORTING ev_value = lv_timeframe ).
lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_parent_id IMPORTING ev_value = ev_parent_id ).
lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_entity_id IMPORTING ev_value = ev_entity_id ).
lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_main_view IMPORTING ev_value = ev_mainview ).
lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_date IMPORTING ev_value = lv_date ).
lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_workitem IMPORTING ev_value = ev_wi_id ).

* IF ev_app_comp IS NOT INITIAL.
* cl_grfn_api_integration=>set_running( ev_app_comp ).
* ENDIF.

"date has higher priority when session is opened
IF lv_date IS NOT INITIAL.
eo_session = cl_grfn_api_session=>open_daily(
iv_date = lv_date ).
"use daily timeframe if navigated from work inbox
ELSEIF ev_wi_id IS NOT INITIAL AND lv_timeframe IS INITIAL AND lv_tf_year IS INITIAL.
eo_session = cl_grfn_api_session=>open_daily( ).
ELSE.
eo_session = cl_grfn_api_session=>open(
iv_timeframe = lv_timeframe
iv_tf_year = lv_tf_year ).
ENDIF.

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

5 Answers

Best Answer
avatar image
Former Member Aug 02, 2017 at 05:06 PM
0

Note 2396639 fixed a very similar issue for me. Try it!

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi Sarah,

Thank you for the note. We applied this note and updated SAP_UI to SP 8 and it now works.

0
Ramesh Vithanala Jul 25, 2017 at 08:22 PM
1

Hi Nakita,

Do you get the dump when you try to mitigate from User level analysis(Access Management Tab) not from Dashboard risk violation?

Thanks

Ramesh

Show 3 Share
10 |10000 characters needed characters left characters exceeded

Hi Nakita,

We are on GRC AC 10.1 SP13 and I am able to mitigate the risk.

Thanks

Ramesh

0

Check this SAP Note,it talks about same issue that you are having

Accessing using'ZERO'objectreferenceisnotpossible

2505658 - Error when forwarding Control Assignment Approval Workflow request

Thanks

Ramesh

0

Hi Ramesh

This error does not occur on the live (real-time) reports found under Access Management tab. If you check the dashboard and drill down to user level and run the analysis on the user, you get the Risk violations per that user. If you then click the Mitigate Risk button, the error occurs.

The below is all the notes we've implemented on top of SP-16:

2397975 2 10.1 : ARA : Dump on exporting Background Risk Analysis results

2401880 1 ARA Risk Analysis authority check fails if risk is defined in more than one rule

2417823 1 Mitigation Control restriction according to the Region

2419024 1 Missing items in 'Requests with Conflicts and Mitigation' and 'Risk Violation in

2423430 1 Missing Business Process codes on Mitigating Control Library report

2426060 2 Mitigation Analysis with Offline Data checked shows no result

2427402 2 User Analysis dashboard report - Users with Critical Action count is invalid

2461018 2 GRC 10.1 Issues in Risk Violations and User Analysis Dashboard after upgrading t

2505658 2 Error when forwarding Control Assignment Approval Workflow request

According to the ABAP'er it seems as though the dashboard data is being cleared from a cache or temp table when the button is clicked to Mitigate the Risk.

We believe the new functionality put in place to multi-select the user groups may be similar. If you choose a different user group from ALL and drill down, the numbers all say zero in the ALV.

Kind regards

Gregory

0
avatar image
Former Member Jul 27, 2017 at 02:37 PM
1

We are getting the same error when trying to mitigate risk from a background user level risk analysis. Have you found a solution for this issue?

Share
10 |10000 characters needed characters left characters exceeded
Yashasvi Sanvaliya Jul 20, 2017 at 11:03 AM
0

Hello Nakita,

Please check if mitigation assignment is working fine for ad-hoc risk analysis screen. If yes, please confirm that the offline risk analysis results are correct. You can execute Batch Risk Analysis to get correct offline data.

Kind regards,

Yashasvi

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi Yashasvi

The ad hoc analysis works correctly.

We are still investigating the problem with the offline data and will revert with an answer when we know.

Kind regards

Gregory

0
plaban sahoo Jul 21, 2017 at 04:59 AM
0

Hi,

Could you check the error in SAP Notes, as suggested in ST22. Also make an ABAPer take note of this.

Regards

Plaban

Share
10 |10000 characters needed characters left characters exceeded