SAP GRC multiple provision issue

Hello experts,

Question for provisioning plans in SAP GRC. I am trying to send it to SAP GRC one request with all roles I want to provision. But actually, GRC sends a request by application e.g:

I have an ITRole created with entitlements of two or more applications:

      ITrole --> entitlement app1 + entitlement app2 + entitlement app2

The problem I have is that Sailpoint sends notifications to SAP_GRC by applications and not a joint one. This is because one provisioning plan is made first and then the other. e.g:

    approval request for entitlement app1

    approval request for entitlements app2

Is there a possibility that Sailpoint reads all the provisioning plans that come in that request (app1, app2…) and sends all the information to create a single request to SAP_GRC?

How I could read all provisioning plans before the notification is sent to SAP GRC and insert all the roles requests from different applications to create a unique request?

I attached an image of my provisioning method.

provisioningPlanMethod800×425 15.7 KB

Thank you for your responses in advance.

IIQ 7.3p4

Thanks for posting this question @LewisSPoint1. Give us a moment to look into this issue for you and we will circle back with some insights.

If I understand correctly, you are writing a custom connector. At the moment the plan hits the connector, the plan has been stripped of everything that is not targeted for the application to which the connector belongs. What remains is specifically what needs to be provisioned.

If you want information to be inspected as a whole, you may need to intercept this in an earlier stage, e.g. in the provisioning workflows. Here you have access to the project, which contains both the original plan (requested items) and the effective plans (effective account and entitlement changes), after plan compilation.

• Menno

Hello and thank you for your responses.

It is not a custom connector. I have three applications that are using “SAP Direct connector” these applications are linked with another one “SAP_GRC application” which has to evaluate risk etc.

When we try to request a new role, (a role that has entitlements of two of the applications) and before sending de XML with all the information to SAP_GRC, Sailpoint creates one provisioning plan for the first entitlement that is the entitlement of the first application and send to SAP_GRC the approval request. After that repeat again the same steps with the other entitlement.
Finally, SAP receives two notifications instead of one.
SAP GRC should receive one notification because these two entitlements compose one ITRole.

How I should send the final XML with all information for GRC independently of the number of applications or systems?

Thank you again.

@LewisSPoint1
Please make sure all your applications which are of type SAP - Direct are GRC enabled. If this is the case then it should create only one GRC request for all these entitlements.

Hello @Gaurav.bachhav and thank you for your response,

Yes, as you say I have GRC enabled on all applications and GRC application sends the requests correctly.
But is sends separately when the ITRole has more than one application.
I want to gather all systems in one request, inside the XML that finally is sent to GRC from sailpoint.

@LewisSPoint1 Can you please send me the logs with below log statements
logger.WorkflowTrace.name=sailpoint.WorkflowTrace
logger.WorkflowTrace.level=trace
logger.SAPGRCIntegrationLibrary.name=sailpoint.workflow.SAPGRCIntegrationLibrary
logger.SAPGRCIntegrationLibrary.level=trace
ogger.PlanCompiler.name=sailpoint.provisioning.PlanCompiler
logger.PlanCompiler.level=trace

I need to check provisioning project.

Hello @Gaurav.bachhav

These are the logs. As you can see, Sailpoint creates two provisioning plans and sends separately the XML request.
The SAP GRC application sends two notifications. What I want is to send one with all the entitlements gather.

Thank you in advance

PROVISIONING PLAN CREATED FIRST APPLICATION:

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE ProvisioningPlan PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<ProvisioningPlan nativeIdentity="001SAP" targetIntegration="SANHQ-IntegrationConfig-MailSender-GRC">
  <AccountRequest application="SANHQ-Application-SAP-DF4" assignmentIds="6e27232d8e584431ba91e2c6b6647662" nativeIdentity="001SAP" op="Create">
    <AttributeRequest name="Roles" op="Add" value="Z_LAFR_BR_C_FI-GL_Y_ADMIACCONT"/>
    <AttributeRequest name="First name" op="Set" value="Test"/>
    <AttributeRequest name="Last name" op="Set" value="Prueba"/>
    <AttributeRequest name="password" op="Set" value="ytuzerE1">
      <Attributes>
        <Map>
          <entry key="secret" value="true"/>
        </Map>
      </Attributes>
    </AttributeRequest>
    <AttributeRequest name="E-Mail" op="Set" value="[email protected]"/>
    <AttributeRequest name="Language UP ISO" op="Set" value="ES"/>
  </AccountRequest>
  <Attributes>
    <Map>
      <entry key="flow" value="AccessRequest"/>
      <entry key="identityRequestId" value="0000000001"/>
      <entry key="launcher" value="spadmin"/>
      <entry key="requestType" value="CART REQUEST FEATURE"/>
      <entry key="requester" value="spadmin"/>
      <entry key="source" value="LCM"/>
    </Map>
  </Attributes>
  <Requesters>
    <Reference class="sailpoint.object.Identity" id="ff808081786e28ab01786e28da35010b" name="spadmin"/>
  </Requesters>
</ProvisioningPlan>

PROVISIONING PLAN CREATED SECOND APPLICATION:

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE ProvisioningPlan PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<ProvisioningPlan nativeIdentity="001SAP" targetIntegration="SANHQ-IntegrationConfig-MailSender-GRC">
  <AccountRequest application="SANHQ-Application-SAP-TS4" assignmentIds="6e27232d8e584431ba91e2c6b6647662" nativeIdentity="001SAP" op="Create">
    <AttributeRequest name="Roles" op="Add">
      <Value>
        <List>
          <String>Z_LAS4_BR_C_FI-GL_Y_MANGFINANC</String>
          <String>Z_LAFB_BR_C_FI-GL_Y_MANGFINANC</String>
        </List>
      </Value>
    </AttributeRequest>
    <AttributeRequest name="First name" op="Set" value="Test"/>
    <AttributeRequest name="Last name" op="Set" value="Prueba"/>
    <AttributeRequest name="password" op="Set" value="rbolgeO4">
      <Attributes>
        <Map>
          <entry key="secret" value="true"/>
        </Map>
      </Attributes>
    </AttributeRequest>
    <AttributeRequest name="E-Mail" op="Set" value="[email protected]"/>
    <AttributeRequest name="Language UP ISO" op="Set" value="ES"/>
  </AccountRequest>
  <Attributes>
    <Map>
      <entry key="flow" value="AccessRequest"/>
      <entry key="identityRequestId" value="0000000001"/>
      <entry key="launcher" value="spadmin"/>
      <entry key="requestType" value="CART REQUEST FEATURE"/>
      <entry key="requester" value="spadmin"/>
      <entry key="source" value="LCM"/>
    </Map>
  </Attributes>
  <Requesters>
    <Reference class="sailpoint.object.Identity" id="ff808081786e28ab01786e28da35010b" name="spadmin"/>
  </Requesters>
</ProvisioningPlan>

FIRST XML REQUEST SENT

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:sap-com:document:sap:soap:functions:mc-style">
   <soapenv:Header />
   <soapenv:Body>
      <urn:GracIdmUsrAccsReqServices>
         <RequestHeaderData>
            <Reqtype>001</Reqtype>
            <Priority>006</Priority>
            <ReqInitSystem>SAILPOINT</ReqInitSystem>
            <Email>[email protected]</Email>
            <Funcarea>HR</Funcarea>
            <RequestReason>Provisioning from IdentityIq</RequestReason>
            <Bproc>GENERAL</Bproc>
         </RequestHeaderData>
         <RequestedLineItem>
            <item>
               <ItemName>Z_LAS4_BR_C_FI-GL_Y_MANGFINANC</ItemName>
               <Connector>TS4CLNT100</Connector>
               <ProvItemType>ROL</ProvItemType>
               <ProvType />
               <ValidFrom>20210520</ValidFrom>
               <ValidTo>99991231</ValidTo>
               <ProvAction>006</ProvAction>
               <RoleType>COM</RoleType>
            </item>
            <item>
               <ItemName>Z_LAFB_BR_C_FI-GL_Y_MANGFINANC</ItemName>
               <Connector>TS4CLNT100</Connector>
               <ProvItemType>ROL</ProvItemType>
               <ProvType />
               <ValidFrom>20210520</ValidFrom>
               <ValidTo>99991231</ValidTo>
               <ProvAction>006</ProvAction>
               <RoleType>COM</RoleType>
            </item>
         </RequestedLineItem>
         <UserInfo>
            <item>
               <Userid>001SAP</Userid>
               <Fname>Test</Fname>
               <Lname>Prueba</Lname>
               <Email>[email protected]</Email>
            </item>
         </UserInfo>
      </urn:GracIdmUsrAccsReqServices>
   </soapenv:Body>
</soapenv:Envelope>

SECOND XML REQUEST SENT

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:sap-com:document:sap:soap:functions:mc-style">
   <soapenv:Header />
   <soapenv:Body>
      <urn:GracIdmUsrAccsReqServices>
         <RequestHeaderData>
            <Reqtype>001</Reqtype>
            <Priority>006</Priority>
            <ReqInitSystem>SAILPOINT</ReqInitSystem>
            <Email>[email protected]</Email>
            <Funcarea>HR</Funcarea>
            <RequestReason>Provisioning from IdentityIq</RequestReason>
            <Bproc>GENERAL</Bproc>
         </RequestHeaderData>
         <RequestedLineItem>
            <item>
               <ItemName>Z_LAFR_BR_C_FI-GL_Y_ADMIACCONT</ItemName>
               <Connector>DF4CLNT100</Connector>
               <ProvItemType>ROL</ProvItemType>
               <ProvType />
               <ValidFrom>20210520</ValidFrom>
               <ValidTo>99991231</ValidTo>
               <ProvAction>006</ProvAction>
               <RoleType>COM</RoleType>
            </item>
         </RequestedLineItem>
         <UserInfo>
            <item>
               <Userid>001SAP</Userid>
               <Fname>Test</Fname>
               <Lname>Prueba</Lname>
               <Email>[email protected]</Email>
            </item>
         </UserInfo>
      </urn:GracIdmUsrAccsReqServices>
   </soapenv:Body>
</soapenv:Envelope>

@LewisSPoint1 Thanks for the response but can you attach complete logs for more analysis? I need provisioning project to check how IIQ is compiling the plan and SAP GRC integration creating two GRC access request ? please use above logs statement.
One more question, have you configured split provisioning/ split plan in LCM provisioning workflow ?

@Gaurav.bachhav
How could I check if “split plan” is enabled?
I have reviewed my “workflow_SAPGRC_LifeCycle_Events” and found these lines:

<Variable name="splitPlans">
        <Description>List of ProvisioningPlan that is generated from the splitPlans step if approvalSplitPoint is set.</Description>
      </Variable>

<Step action="call:splitProvisioningPlan" icon="Task" name="Split Plan" posX="618" posY="63" resultVariable="splitPlans">

<Replicator arg="plan" items="splitPlans"/>

I try to add this code:

logger.WorkflowTrace.name=sailpoint.WorkflowTrace
logger.WorkflowTrace.level=trace
logger.SAPGRCIntegrationLibrary.name=sailpoint.workflow.SAPGRCIntegrationLibrary
logger.SAPGRCIntegrationLibrary.level=trace
logger.PlanCompiler.name=sailpoint.provisioning.PlanCompiler
logger.PlanCompiler.level=trace

To my log4j.properties but I did not obtain any results.
Have I to add these instructions to a different file?

@Gaurav.bachhav
How can I extract and attach the log file… to show you the provisioning project…?

Which version of IIQ are you using. I hope you might be using log4j2.properties not log4j.properties.
If possible, can you share me complete log4j.properties ? also please make sure all the required things are set up in that file like…

1. File path is properly set

#appender.file.type=File
#appender.file.name=file
#appender.file.fileName=C:/Windows/Temp/sailpoint.log
#appender.file.layout.type=PatternLayout
#appender.file.layout.pattern=%d{ISO8601} %5p %t %c{4}:%L - %m%n

2. Comment out below statement to enable writing to file
   #rootLogger.appenderRef.file.ref=file

How could I check if “split plan” is enabled?
Please check whether below variables are configured

<Variable name="approvalSplitPoint">
      <Description>
          Variable to determine when to split into parallel processing.
          This should map to a configured approvalScheme. We will process all schemes up until
          the approvalSplitPoint in the Pre Split approvals, and the remaining schemes after
          we split the items. If this is not specified, we will not split the Provisioning
          project, and process the entire project as a whole.
      </Description>
  </Variable>

Check approvalScheme is configured

<Arg name='approvalScheme' value='ref:approvalScheme'>
      <Script>
          <Source>
              import java.util.List;
              import java.util.ArrayList;
              import java.util.Iterator;
              import sailpoint.tools.Util;

              List schemes = Util.csvToList(approvalScheme);
              List preSchemes = new ArrayList&lt;String&gt;();
              for (String s : Util.safeIterable(schemes)) {
                if (s.equals(approvalSplitPoint)) {
                    break;
                } else {
                    preSchemes.add(s);
                }
              }
              return Util.listToCsv(preSchemes);
          </Source>
      </Script>
    </Arg>

Hello @Gaurav.bachhav and thank you for your quick response.

I have the log file but I can not attach .txt files, It only allows me to attach images (.jpg etc)
How could I send you the log file??

@LewisSPoint1,

You are correct. Discourse doesnt allow .txt file attachments. So in order for you to share a log file, you would need to copy the log file text, then use the “preformatted text” button (found in the window after you click “reply” in a Discourse thread). The "preformatted text button looks like this </>

Hello @Gaurav.bachhav,

I copied the log but many lines are missing because there are more than 10,000 log lines.
Thank you in advance!

2021-06-09T11:33:51,271 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:120 - Entering <init>(con = sailpoint.server.InternalContext@23934664)
2021-06-09T11:33:51,272 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:126 - Exiting <init> = null
2021-06-09T11:33:51,273 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering compile(arguments = {lcmUser=07SAP, lcmQuickLink=Request Access}, masterPlan = sailpoint.object.ProvisioningPlan@1778b573, scriptArgs = null)
2021-06-09T11:33:51,273  INFO http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:1395 - Compiling plan for identity: 07SAP
2021-06-09T11:33:51,274 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering compileArguments(arguments = {lcmUser=07SAP, lcmQuickLink=Request Access}, masterPlan = sailpoint.object.ProvisioningPlan@1778b573)
2021-06-09T11:33:51,275 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering fixArguments(args = {lcmUser=07SAP, lcmQuickLink=Request Access})
2021-06-09T11:33:51,275 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting fixArguments = null
2021-06-09T11:33:51,276 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting compileArguments = null
2021-06-09T11:33:51,277 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering compileProject(masterPlan = sailpoint.object.ProvisioningPlan@1778b573)
2021-06-09T11:33:51,277 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering logProject(header = Project before compilation:)
2021-06-09T11:33:51,278  INFO http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:1562 - Project before compilation:
2021-06-09T11:33:51,279  INFO http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:1564 - <?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE ProvisioningProject PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<ProvisioningProject identity="07SAP">
  <Attributes>
    <Map>
      <entry key="lcmQuickLink" value="Request Access"/>
      <entry key="lcmUser" value="07SAP"/>
    </Map>
  </Attributes>
  <MasterPlan>
    <ProvisioningPlan>
      <AccountRequest application="IIQ" op="Modify" trackingId="229b3619bc454977bd0fe61f57fa197a" type="role">
        <Attributes>
          <Map>
            <entry key="id" value="7f00000179ae11158179ae9c0fc20803"/>
          </Map>
        </Attributes>
        <AttributeRequest assignmentId="a3f8ee9bb6c54b61825a7382bdaa29a7" name="assignedRoles" op="Add" value="APP-HQ-BR Controlling Cierre"/>
      </AccountRequest>
    </ProvisioningPlan>
  </MasterPlan>
</ProvisioningProject>

2021-06-09T11:33:51,279 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting logProject = null
2021-06-09T11:33:51,280 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering getProject()
2021-06-09T11:33:51,280 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting getProject = sailpoint.object.ProvisioningProject@124850e6
2021-06-09T11:33:51,281 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering preclean(master = sailpoint.object.ProvisioningPlan@1778b573)
2021-06-09T11:33:51,281 DEBUG http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:1739 - Precleaning master plan
2021-06-09T11:33:51,282 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering preclean(reqs = [sailpoint.object.ProvisioningPlan$AttributeRequest@78e45fb6], now = Wed Jun 09 11:33:51 CEST 2021)
2021-06-09T11:33:51,283 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting preclean = null
2021-06-09T11:33:51,283 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering preclean(reqs = null, now = Wed Jun 09 11:33:51 CEST 2021)
2021-06-09T11:33:51,284 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting preclean = null
2021-06-09T11:33:51,284 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting preclean = null
2021-06-09T11:33:51,285 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering partitionIIQPlan(master = sailpoint.object.ProvisioningPlan@1778b573)
2021-06-09T11:33:51,285 DEBUG http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:1818 - Partitioning IIQ plan
2021-06-09T11:33:51,286 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering partitionIIQPlan(req = sailpoint.object.ProvisioningPlan$AccountRequest@6ca4e2cc)
2021-06-09T11:33:51,286 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering isIIQRequest(req = sailpoint.object.ProvisioningPlan$AccountRequest@6ca4e2cc)
2021-06-09T11:33:51,287 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting isIIQRequest = true
2021-06-09T11:33:51,288 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering assimilateRequests(src = sailpoint.object.ProvisioningPlan$AccountRequest@6ca4e2cc, dest = sailpoint.object.ProvisioningPlan$AccountRequest@2a2ffe7d)
2021-06-09T11:33:51,288 DEBUG http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:2910 - Assimilating AbstractRequest for: IIQ
2021-06-09T11:33:51,289 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering assimilateArgs(src = sailpoint.object.ProvisioningPlan$AccountRequest@6ca4e2cc, dest = sailpoint.object.ProvisioningPlan$AccountRequest@2a2ffe7d)
2021-06-09T11:33:51,290 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting assimilateArgs = null
2021-06-09T11:33:51,291 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering isCaseInsensitive(req = sailpoint.object.ProvisioningPlan$AccountRequest@6ca4e2cc)
2021-06-09T11:33:51,291 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering getApplication(name = IIQ)
2021-06-09T11:33:51,292 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting getApplication = null
2021-06-09T11:33:51,293 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting isCaseInsensitive = false
2021-06-09T11:33:51,293 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering assimilateRequest(src = sailpoint.object.ProvisioningPlan$AttributeRequest@78e45fb6, dest = [], nocase = false, srcParent = sailpoint.object.ProvisioningPlan$AccountRequest@6ca4e2cc)
2021-06-09T11:33:51,294 DEBUG http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:3040 - AttributeRequest Add assignedRoles APP-HQ-BR Controlling Cierre
2021-06-09T11:33:51,295 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting assimilateRequest = null
2021-06-09T11:33:51,295 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting assimilateRequests = null
2021-06-09T11:33:51,296 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting partitionIIQPlan = null
2021-06-09T11:33:51,297 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting partitionIIQPlan = null
2021-06-09T11:33:51,297 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering getContext()
2021-06-09T11:33:51,298 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting getContext = sailpoint.server.InternalContext@23934664
2021-06-09T11:33:51,300 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering getIdentity()
2021-06-09T11:33:51,301 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting getIdentity = sailpoint.object.Identity@6f458388[id=7f00000179d2135d8179d6a60be50310,name=07SAP]
2021-06-09T11:33:51,304 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering getIdentity()
2021-06-09T11:33:51,305 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting getIdentity = sailpoint.object.Identity@6f458388[id=7f00000179d2135d8179d6a60be50310,name=07SAP]
2021-06-09T11:33:51,307 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering isDeferred(req = sailpoint.object.ProvisioningPlan$AttributeRequest@78e45fb6)
2021-06-09T11:33:51,307 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting isDeferred = false
2021-06-09T11:33:51,308 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering getIdentity()
2021-06-09T11:33:51,309 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting getIdentity = sailpoint.object.Identity@6f458388[id=7f00000179d2135d8179d6a60be50310,name=07SAP]
2021-06-09T11:33:51,309 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering getIdentity()
2021-06-09T11:33:51,309 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting getIdentity = sailpoint.object.Identity@6f458388[id=7f00000179d2135d8179d6a60be50310,name=07SAP]
2021-06-09T11:33:51,310 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering partition(master = sailpoint.object.ProvisioningPlan@1778b573, doIIQ = false)
2021-06-09T11:33:51,310 DEBUG http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:2032 - Partitioning plan
2021-06-09T11:33:51,311 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering isIIQRequest(req = sailpoint.object.ProvisioningPlan$AccountRequest@6ca4e2cc)
2021-06-09T11:33:51,311 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting isIIQRequest = true
2021-06-09T11:33:51,312 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering isIIQRequest(req = sailpoint.object.ProvisioningPlan$AccountRequest@6ca4e2cc)
2021-06-09T11:33:51,312 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting isIIQRequest = true
2021-06-09T11:33:51,313 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:150 - Exiting partition = null
2021-06-09T11:33:51,313 TRACE http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:138 - Entering logProject(header = Project after partitioning:)
2021-06-09T11:33:51,314  INFO http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:1562 - Project after partitioning:
2021-06-09T11:33:51,318  INFO http-nio-8080-exec-4 sailpoint.provisioning.PlanCompiler:1564 - <?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE ProvisioningProject PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<ProvisioningProject identity="07SAP">
  <Attributes>
    <Map>
      <entry key="lcmQuickLink" value="Request Access"/>
      <entry key="lcmUser" value="07SAP"/>
    </Map>
  </Attributes>
  <MasterPlan>
    <ProvisioningPlan>
      <AccountRequest application="IIQ" op="Modify" trackingId="229b3619bc454977bd0fe61f57fa197a" type="role">
        <Attributes>
          <Map>
            <entry key="id" value="7f00000179ae11158179ae9c0fc20803"/>
          </Map>
        </Attributes>
        <AttributeRequest assignmentId="a3f8ee9bb6c54b61825a7382bdaa29a7" name="assignedRoles" op="Add" value="APP-HQ-BR Controlling Cierre"/>
      </AccountRequest>
    </ProvisioningPlan>
  </MasterPlan>
  <ProvisioningPlan targetIntegration="IIQ" trackingId="6d386cbec1684df48c1e9d53b9d61779">
    <AccountRequest application="IIQ" op="Modify" trackingId="229b3619bc454977bd0fe61f57fa197a">
      <Attributes>
        <Map>
          <entry key="id" value="7f00000179ae11158179ae9c0fc20803"/>
        </Map>
      </Attributes>
      <AttributeRequest assignmentId="a3f8ee9bb6c54b61825a7382bdaa29a7" name="assignedRoles" op="Add" value="APP-HQ-BR Controlling Cierre"/>
    </AccountRequest>
  </ProvisioningPlan>
  <ProvisioningTarget assignmentId="a3f8ee9bb6c54b61825a7382bdaa29a7" role="APP-HQ-BR Controlling Cierre"/>
</ProvisioningProject>

@jordan.violet is there any alternate way we can attach log file ?

@LewisSPoint1 I need complete logs for further analysis… Let me see how you can share it.
Meanwhile, as per my above comment, can you please check whether split plan is enabled ?
The reason I am asking here is because SAP GRC Integration doesn’t support split provisioning.

@LewisSPoint1 & @Gaurav.bachhav, I have changed some of the system settings for our Discourse instance. You should now be able to upload documents with .txt file extensions. I hope this helps!

Thank you @jordan.violet and @Gaurav.bachhav

Log file attached.
logfile.txt (1.9 MB)