cancel
Showing results for 
Search instead for 
Did you mean: 

GRC AC 10.1: Unable to mitigate a risk from the access risk violation dashboard

nakita_sukhessan
Discoverer

Error:

When attempting to mitigate a risk from the access risk violation dashboard a rabax error is received.

"500 SAP Internal Server Error

ERROR: Access using a 'ZERO' object reference is not possible. (termination: RABAX_STATE)"

Steps to reproduce the error:

1.In NWBC click on Reports and Analytics Work Centre.

2.Under Access Dashboards click on Risk Violations.

3.Drilldown on particular risk and click Run Risk Analysis. Run in the foreground.

4.Report will be displayed. Select a particular risk and click Mitigate Risk.


Component Version:


ST22 Error:


ST22 Code Error:

METHOD get_oif_info.
DATA lo_fpm TYPE REF TO if_fpm.
DATA lv_tf_year TYPE grfn_tf_year.
DATA lv_timeframe TYPE grfn_timeframe.
DATA lv_date TYPE grfn_date.

lo_fpm = cl_fpm_factory=>get_instance( ).

>>>>>>>>> lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_object_id IMPORTING ev_value = ev_object_id ).
lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_regulation_id IMPORTING ev_value = ev_regulation_id ).
lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_app_comp IMPORTING ev_value = ev_app_comp ).
lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_mode IMPORTING ev_value = ev_mode ).
lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_tf_year IMPORTING ev_value = lv_tf_year ).
lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_timeframe IMPORTING ev_value = lv_timeframe ).
lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_parent_id IMPORTING ev_value = ev_parent_id ).
lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_entity_id IMPORTING ev_value = ev_entity_id ).
lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_main_view IMPORTING ev_value = ev_mainview ).
lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_date IMPORTING ev_value = lv_date ).
lo_fpm->mo_app_parameter->get_value(
EXPORTING iv_key = cl_grfn_ui_wd=>c_param_workitem IMPORTING ev_value = ev_wi_id ).

* IF ev_app_comp IS NOT INITIAL.
* cl_grfn_api_integration=>set_running( ev_app_comp ).
* ENDIF.

"date has higher priority when session is opened
IF lv_date IS NOT INITIAL.
eo_session = cl_grfn_api_session=>open_daily(
iv_date = lv_date ).
"use daily timeframe if navigated from work inbox
ELSEIF ev_wi_id IS NOT INITIAL AND lv_timeframe IS INITIAL AND lv_tf_year IS INITIAL.
eo_session = cl_grfn_api_session=>open_daily( ).
ELSE.
eo_session = cl_grfn_api_session=>open(
iv_timeframe = lv_timeframe
iv_tf_year = lv_tf_year ).
ENDIF.

Accepted Solutions (1)

Accepted Solutions (1)

sarah_klobe
Explorer
0 Kudos

Note 2396639 fixed a very similar issue for me. Try it!

nakita_sukhessan
Discoverer
0 Kudos

Hi Sarah,

Thank you for the note. We applied this note and updated SAP_UI to SP 8 and it now works.

Answers (5)

Answers (5)

sarah_klobe
Explorer

We are getting the same error when trying to mitigate risk from a background user level risk analysis. Have you found a solution for this issue?

Former Member

Hi Nakita,

Do you get the dump when you try to mitigate from User level analysis(Access Management Tab) not from Dashboard risk violation?

Thanks

Ramesh

Former Member
0 Kudos

Hi Nakita,

We are on GRC AC 10.1 SP13 and I am able to mitigate the risk.

Thanks

Ramesh

Former Member
0 Kudos

Check this SAP Note,it talks about same issue that you are having

Accessing using'ZERO'objectreferenceisnotpossible

2505658 - Error when forwarding Control Assignment Approval Workflow request

Thanks

Ramesh

Former Member
0 Kudos

Hi Ramesh

This error does not occur on the live (real-time) reports found under Access Management tab. If you check the dashboard and drill down to user level and run the analysis on the user, you get the Risk violations per that user. If you then click the Mitigate Risk button, the error occurs.

The below is all the notes we've implemented on top of SP-16:

2397975 2 10.1 : ARA : Dump on exporting Background Risk Analysis results

2401880 1 ARA Risk Analysis authority check fails if risk is defined in more than one rule

2417823 1 Mitigation Control restriction according to the Region

2419024 1 Missing items in 'Requests with Conflicts and Mitigation' and 'Risk Violation in

2423430 1 Missing Business Process codes on Mitigating Control Library report

2426060 2 Mitigation Analysis with Offline Data checked shows no result

2427402 2 User Analysis dashboard report - Users with Critical Action count is invalid

2461018 2 GRC 10.1 Issues in Risk Violations and User Analysis Dashboard after upgrading t

2505658 2 Error when forwarding Control Assignment Approval Workflow request

According to the ABAP'er it seems as though the dashboard data is being cleared from a cache or temp table when the button is clicked to Mitigate the Risk.

We believe the new functionality put in place to multi-select the user groups may be similar. If you choose a different user group from ALL and drill down, the numbers all say zero in the ALV.

Kind regards

Gregory

0 Kudos

Hello

have you solve this issue?

we have the same only on production enviroment, on dev and quas It workshop fine.

thanks

plaban_sahoo6
Contributor
0 Kudos

Hi,

Could you check the error in SAP Notes, as suggested in ST22. Also make an ABAPer take note of this.

Regards

Plaban

former_member226273
Active Participant
0 Kudos

Hello Nakita,

Please check if mitigation assignment is working fine for ad-hoc risk analysis screen. If yes, please confirm that the offline risk analysis results are correct. You can execute Batch Risk Analysis to get correct offline data.

Kind regards,

Yashasvi

Former Member
0 Kudos

Hi Yashasvi

The ad hoc analysis works correctly.

We are still investigating the problem with the offline data and will revert with an answer when we know.

Kind regards

Gregory