Objective: The objective of this blog is to explain an issue which I faced and sharing analysis and solution. As per requirement, we have removed task Roles from Business role and then run update assignment job for that Business Role, but it is getting failed after running 24 hours, and found that Task roles which was removed from BR those roles are not removed from user assignment and also GRACUSERROLE table is not getting updated in GRC, due to that inconsistent occurred in GRC Table and user assignment in backend system. In this blog, I am going to explain an issue related to Business role and limitation and recommendations.
Analysis: We have analyzed and found that the Business Role is having 52 connectors and 135 users along with 1459 task roles assignment.
The steps that are followed to replicate the issue:
Removed required task role from Business RoleRun update assignment job for that Business Role to get sync GRACUSERROLE tableUpdate assignment job is getting failed after few hoursValidated GRC table GRACUSERROLE whether task role removed from user’s account or not.Task role is not removed from user’s account.
We are attempting to replicate the issue for Business role to test whether update assignment job is completed or failed.
Update assignment Job got cancelled after running for a day.
We have validating whether task role removals got reflected in backend system. Upon validating we can conclude that task roles are still tagged to users with BR relationship in GRC table.
We are validating task role sample whether it was attempted for removal as part of update assignment job scheduled via NWBC
Debug analysis:
On debugging, it was found out that the business role assignment has 6,37,179 entries.
These 6,37,179 assignments will be checked with the 1446 technical roles in the business role.
Conclusion:
In this scenario, since we have a huge number of technical roles mapped to business role and this is leading to cancellation of update assignment. Also, I have tried to check for the ST22 dump, but there are no error logs since this is HTTP NO MEMORY Runtime error. Even if we increase the SM37 job time limit, there will be this type of error still getting triggered. Hence, we have to bifurcate business role into further part so that the update assignment will function properly otherwise you will fall into similar issues.
It has also been determined that a business role should encompass no more than 250 roles in total, taking into account both individual roles and composite roles. Additionally, when a business role consists of 250 roles, it should not be assigned to more than 450 users.
Also check the parameter value “rdisp/task_limit” in RZ11 with your BASIS team, as it is still showing the default 1000 (current value) instead of 7000.
Objective: The objective of this blog is to explain an issue which I faced and sharing analysis and solution. As per requirement, we have removed task Roles from Business role and then run update assignment job for that Business Role, but it is getting failed after running 24 hours, and found that Task roles which was removed from BR those roles are not removed from user assignment and also GRACUSERROLE table is not getting updated in GRC, due to that inconsistent occurred in GRC Table and user assignment in backend system. In this blog, I am going to explain an issue related to Business role and limitation and recommendations.Analysis: We have analyzed and found that the Business Role is having 52 connectors and 135 users along with 1459 task roles assignment.The steps that are followed to replicate the issue:Removed required task role from Business RoleRun update assignment job for that Business Role to get sync GRACUSERROLE tableUpdate assignment job is getting failed after few hoursValidated GRC table GRACUSERROLE whether task role removed from user’s account or not.Task role is not removed from user’s account.We are attempting to replicate the issue for Business role to test whether update assignment job is completed or failed.Update assignment Job got cancelled after running for a day.We have validating whether task role removals got reflected in backend system. Upon validating we can conclude that task roles are still tagged to users with BR relationship in GRC table. We are validating task role sample whether it was attempted for removal as part of update assignment job scheduled via NWBC Debug analysis:On debugging, it was found out that the business role assignment has 6,37,179 entries.These 6,37,179 assignments will be checked with the 1446 technical roles in the business role.Conclusion:In this scenario, since we have a huge number of technical roles mapped to business role and this is leading to cancellation of update assignment. Also, I have tried to check for the ST22 dump, but there are no error logs since this is HTTP NO MEMORY Runtime error. Even if we increase the SM37 job time limit, there will be this type of error still getting triggered. Hence, we have to bifurcate business role into further part so that the update assignment will function properly otherwise you will fall into similar issues.It has also been determined that a business role should encompass no more than 250 roles in total, taking into account both individual roles and composite roles. Additionally, when a business role consists of 250 roles, it should not be assigned to more than 450 users.Also check the parameter value “rdisp/task_limit” in RZ11 with your BASIS team, as it is still showing the default 1000 (current value) instead of 7000. Read More Technology Blogs by Members articles
#SAP
#SAPTechnologyblog
