Skip to Content
author's profile photo Former Member
Former Member

Access Controls 5.3 - User Access Reviews

Hi all

I have read all of the documentation availble on User Access Reviews in AC 5.3 and I do not seem to be able to identify what criteria is used by CUP/ERM to select a user for a User Access Review. I can configure the UA Reviews fine and I understand the process, but.

Is there a field and value or something that is used to trigger the review via the Role Usage Synchronization job.

A have been tearing my hair out over this for a few weeks (and I don't have much left) to understand what the trigger is and why some users would be selected but others are not.

regards

Simon

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Mar 25, 2009 at 12:49 PM

    What Support Pack level for 5.3 are you on? We had similar experience on SP04, and were told my SAP GRC contact there were issues with users not in AD. I'm not sure that was our only issue, but rather than figuring it out we pursued SP06 (wanted several fixes for UAR/SOD) and am getting ready to run a regression test to see if the situation is improved in this version. Should know soon.

    BTW, have you figured out what tables are updated by Role Usage Synchronization job?

    Regards,

    Heraleen

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Mar 25, 2009 at 01:00 PM

    I was told that the trigger is the manual running of the role/user sync job in ERM and that you can not select which users are included in the UAR process, they are all included as a default.

    I was also told that the UAR functionality had issues and needed to be fixed.

    We have just upgraded to AC 5.3 SP07 and will be testing it this week/next week.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Mar 25, 2009 at 02:48 PM

    Simon-

    All users should be picked up by the Role User Syncronization job. There were some issues with that prior to SP06. So all unlocked/locked users will be picked up as of SP06. I have forwarded you a reference guide I came up with collaboration from Development. That document does not address this topic though.

    Ankur

    SAP GRC RIG

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.