cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC AC 10.0 EAM : FireFighter ID Not Visible

Go to solution
Former Member

on ‎05-31-2013 2:21 PM

0 Kudos

Hello everyone,

I'm currently configuring EAM for GRC 10.0 on SP7

I've done the following:

1. Configured Integration Scenario 'SUPMG'.

2. Added 'SAP' connection type L_GRAC_AD_SUPER_USER_RFC  and done Scenario-Conenction Type LInk for SUMPG.

3.The target RFC Connector is set.

4. The Role: SAP_GRAC_SPM_FFID is configured for paramter 4010.

5. FireFighther, FF Owner, FF Controler users have been created in the ERP System with the relevant roles as

follows:

Firefighter: userSAP_GRAC_SUPER_USER_MGMT_USER

Firefightercontroller : SAP_GRAC_SUPER_USER_MGMT_CNTLR

Firefighterowner: SAP_GRAC_SUPER_USER_MGMT_OWNER

And all have been assigned SAP_GRC_FN_BASE and  SAP_GRC_FN_BUSINESS_USER

6. The FFID User in the backend is a type SERVICE user  and has been assigned the role SAP_GRAC_SPM_FFID .

7. Owners and Controllers have been maintained in NWBC.

8. Synced everything several times: Auth/Rep/Role/Action

9. Assigned the FireFighterID to the FireFighter user.

10. Logged in using FireFighter user and executed GRAC_SPM. And here lies the problem: The screen is blank - as attached. No FFID or anything else appears.

Now what could I be doing wrong ?

I've gone through SAP's AC 10.0 Pre-ImplementationFrom Post-Installation to First Emergency Access and this thread as well as a Diego's useful doc here but I haven't been able to solve the problem.

Any help, as always would be highly appreciated.

Best regards,

Paul

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎05-31-2013 5:28 PM

Hi Paul,

Check security on the role you mentioned having assigned to the FF User:

SAP_GRAC_SUPER_USER_MGMT_USER

There are certain authorizations that need to be there for the FFIDs to show up on the dashboard (GRFN_CONN & GRAC_USER).  I recall having to look into this at one point, although I do not remember if it had to do with standard role.

You could do a quick test on security by assigning your FF User SAP_ALL and/or the GRC ALL roles to eliminate or validate an authorization issue.

Show replies
Show replies
Former Member
‎06-04-2013 9:09 AM
0 Kudos

Hi Nathan,

Yes you were correct it turned out to be an authorisation issue to do with one of the auth objects and the correct value. I assigned SAP_ALL and found out that the launchpad was visible, therefore indicating that it had to be an auth issue so did further investigation from there and rectified it.

Cheer mate and thanks to everyone for responding to this.

PS: Diego, yes you were right too....your message seemed to have got tangled up between all the other messages but you did beat Nathan to it but for some reason I only saw Nathan's message? So thanks to you too

Paul

Former Member
‎06-10-2013 4:51 PM
0 Kudos

Paul,

Would you identify the authorization issue that you changed.

Thanks,

Susan Hammock

Answers (2)

Answers (2)

Former Member
‎06-13-2013 5:09 PM
0 Kudos

Hi Paul

Please Upgrade to SP level to 12 there you can find GRAC_EAM  and also can find additional menus under the SPRO >> ACCESS CONTROL >> SYNCRONIZATION JOBS.

Thanks

Navakanth

Show replies
Show replies
Former Member
‎05-31-2013 3:18 PM
0 Kudos

Have you completed Plug-in configuration steps, specially Application type and FFID role for firefighter? Also, check if your assignment has validity set is it is expired.

Regards,

Sabita

Show replies
Show replies
Former Member
‎05-31-2013 3:21 PM
0 Kudos

Hi Paul,

Just remembered that after SP10 onwards, firefighter decentralizing option is available. Check those parameters as well. It may happen that the firefighter is logging into one system and assignment is available in another system.

Regards,

Sabita

Former Member
‎05-31-2013 3:29 PM
0 Kudos

Hi Sabita,

Thanks for your response .

1. Yes I have configured Application type as 1

2. Yes and the user who will do the firefighting (i.e Firefighter) has been assigned the SAP_GRAC_SPM_FFID  which is also set in parameter is 4010.

3. Validity is fine.

Thanks

former_member275658
Contributor
‎05-31-2013 4:49 PM
0 Kudos

Hi Paul,

I guess, this part is missing, Please check the firefighter id's are assigned to the Owners.

Go to Access Management -> Emergency Access Management -> Owners -> Assign

Then, you will see all the firefighter id's.

Hope this helps!

Regards,

Salman

Former Member
‎05-31-2013 5:16 PM
0 Kudos

Hi Salman,

Thanks for your response.

That pathway you've mentioned: Access Management -> Emergency Access Management -> Owners -> Assign  .......... does not exist in my setup.

There is no Emergency Acces Management under the Access Management tab in NWBC !

However Owners do exist and have been assigned as mentioned in the first post via Setup>Superuser Assignment > Owners....so an owner is assigned to the FF ID.

Thanks

former_member275658
Contributor
‎05-31-2013 7:31 PM
0 Kudos

Hi Paul,

I'm using role SAP_GRC_NWBC and that allows me to view  Access Management -> Emergency Access Management -> Owners -> Assign.

However, I created Firefighter ID's in backend (ECC system) and Owners/Controllers in GRC box.

Then,

1. Assigned Owners to Firefighter id's

2. Assigned Firefighter id to Firefighter user id

3. Logged into GRC box and executed GRAC_SPM or GRAC_EAM and fighter id exist.

Not sure, if this help you.

Regards,

Salman

dyaryura
Active Participant
‎06-01-2013 2:35 AM
0 Kudos

Hi Paul!

Have you checked for authorizations problems using SU53 or ST01 after executing GRAC_SPM??

How did you set up the RFC connection?

Cheers,

Diego.

former_member184114
Active Contributor
‎06-01-2013 6:32 AM
0 Kudos

Paul,

Yes, what Salman says seems to be correct.

I have noticed in your very first post that you have created all the ids: FireFighter, FireFighter ID, Controller and Owner in ERP system. Rather, as suggested by Salman. you need to create FireFighter ID ONLY in ERP (back end system) and rest of the users need to be created in GRC box.

Please check this.

Faisal

Former Member
‎06-01-2013 8:06 AM
0 Kudos

Hi Paul,

As you said "

2. Yes and the user who will do the firefighting (i.e Firefighter) has been assigned the SAP_GRAC_SPM_FFID  which is also set in parameter is 4010. "

Where is this user ID created? If Firefighter is centralized, this user(end user to use Firefighter ID) should be existing in GRC and this role will not be available in GRC box.

Check your Users assignment. As Salman said, Only FFID should be in backend, other users should be in GRC box.

Check the parameter of centralize firefighter which system it is pointing and ask user to login to that system.

Regards,

Sabita

Former Member
‎06-01-2013 8:08 AM
0 Kudos

Hi Paul,

I just noticed you have mentioned that your system is at Patch 07. The decentralized firefighter will not be in this case. Login to GRC and check there itself.

Regards,

Sabita

Ask a Question