Sei sulla pagina 1di 4

GRC 10 generic data source parameter Configuration with Virtual directory Server (VDS):

GRC AC Request Scenario 1:



To define the "Submit AC Request" parameters in the Identity Management correctly, you need
to know the corresponding parameters defined on the SAP BusinessObjects Access Control
side:





Integrating Request Parameters configuration settings:
Make sure that the mandatory parameters (e.g. e-mail address) are defined in the "Submit AC
Request" on the Identity Management side.
When a request (with the defined parameters) is received by the SAP BusinessObjects Access
Control, the request may be approved/rejected through a request administration process.
Write RequestId and opt. Start Polling
The task Write RequestId and opt. Start Polling is a part of the ordered task group Perform Risk
Check.
The pass calls the script sap_grc10_WriteRequestId2PVO to retrieve the request ID from a
context variable (MX_GRC_REQUEST_ID as of, and GRC_REQUEST_ID prior to SAP NW
Identity Management 7.1 SP4) and save it to MX_AC_REQUESTID on a pending value object.
It then checks the attribute MX_AC_POLLING_ENABLED of the assigned privilege (defined
on the repository definition of the privilege). If this attribute is set and the polling enabled, then
the attribute MX_AC_POLLING_TASK is read, and the referenced task executed. Otherwise
(if the attribute is not set) the call-back service is enabled and used, and the task stops.
GRC Request flow Scenario 2:

GRC10 SP06..I have configured Access Request.and i could able to create request with Manager user id in User
details of request.when i check the audit log of it..it is showing like this..and in the Manager inbox there are no
request available...am i missing any thing in MSMP
Recommended suggestions:
o the clarity of the screen shot, it seems that the request is escalated to the security stage, as per escalation
configuration, and at the security stage no agent found.

If this info is correct from the audit log,
then check whether any user is assigned with the privileges of security from AC owners section of setup tab.

-------------------------------------------------------------------------------------------------------
seems that you don't want it to go to security yet and actually want it to go to Manager for approval, however it fails to
find the right approver and applies the escape path to security. Is this correct?
Anyway, possibly something is wrong with the MSMP Workflow Configuration itself.
In MSPM Workflow Config > Maintain Rules, you should have a rule called GRAC_MSMP_MANAGER_AGENT
Then in the next step under Maintain Agents you should have GRAC_MANAGER agent, with assigned agent rule ID
GRAC_MSMP_MANAGER_AGENT.
Then in your path that you use you should have a Stage ID like GRAC_MANAGER with Agent GRAC_MANAGER.
Do you have this so far in MSMP Config?
------------------------------------------------------------------------------------------------------------
Make sure that the user ID that has appropriate security to search users. Also, it seems that you do not have an
escape route enabled.

You can check MSMP Instance Monitor to more details (Txn: GRFNMW_DBGMONITOR_WD) and also possibly
SLG1 for authroization issues.

Potrebbero piacerti anche