cancel
Showing results for 
Search instead for 
Did you mean: 

FF ID was not found in GRC server

Former Member
0 Kudos

Hi Colleagues,

I was configuring EAM in GRC.

I Created the user ( owners, controllers, ffif and end user in back end system )

I directly went nwbc  and started creating owners and controllers  and I created the users

My Question,

1 ) As per the process , after the creation of users in back end system , we have to do the repository sync and FF sync( to replicate users to GRC server)

Which I didn't do .

How did users replicated from back end system to GRC server without sync jobs ? Is it possible ?

2) But When I was assiging the FF-ID to owner , FF id was not found in GRC server to assign to owner.

How only owners are replicated without replication of FFID to GRC

Please let me know , if you require further information on this

Thanks and Reagrds,

raghu

Accepted Solutions (0)

Answers (2)

Answers (2)

Arif1
Active Participant
0 Kudos

Hi Raghu,



please follow the below steps to available FF id in GRC system_

1. Make FF id System user.

2. assign role SAP_GRAC_SPM_FFID same role configure in parameter in 4010.

4. configuration parameter 4000 must be id based firefighter

5. run repository sync incremental  mode. if still not available run same job full mode.

Regards,

Arif

Former Member
0 Kudos

Hi Arif,

Thanks for the Reply .

Yes I maintained the both 4010 and 4000 parameters

Regarding the First point ,

I have made FF user as service user , not a system user.

I think we should make it has service user it self , Why we should we use system user here ?

Thanks and Regards,

Raghu

Arif1
Active Participant
0 Kudos

Hi Raghu,

Yes FF user should be service user not system user.

Regards,

Arif

Former Member
0 Kudos

Hi Arif,

I have created the end user and  assigned the ff id to the end  user and saved,

But When I Login through the End user , it shows that , I have not authorizied to execute t-code /ngrac_spm and GRAC_EAM

What would be the problem ?

I have assigned the correct role to FF id and End user and done the sync , but I could not execute the t-code

Thanks and Regards,

raghu

Colleen
Advisor
Advisor
0 Kudos

HI Raghu

how you think about security 101 here. If a user is not authorised to execute a transaction what do you think that means?

some transaction codes to help you think this through: su53, su01, pfcg, st0, su56

assuming you have really assigned the correct role I would then look at pfud, su56, pfcg, supc

Regards

Colleen

Former Member
0 Kudos

Hi Collen,

Thanks for the reply.

The issue solved . I forgot to assign the basic role for end user ( Silly mistake).

Everything is working fine

Happy Weekend

Regards,

raghu

Colleen
Advisor
Advisor
0 Kudos

Glad to hear. For your own benefit you will learn more and master the system if you take the time to troubleshoot The error yourself.

can you please close your answer as resolved

enjoy your weekend

Former Member
0 Kudos

Hi Colleen,

Thanks for the suggestion.

As I am very new to GRC , I am facing the  difficulty in configuring.

I don't  have any mentor to guide me , So I post everything here .

I'll close this as resolved

Kind Reagrds,

Raghu

alessandr0
Active Contributor
0 Kudos

Hi Raghu,

Owners/Approvers are users in GRC system. That means that the user ID has to be available in SU01 and then it can be defined as owner/approver.

FF ID is recognized with the sync job (eam user master data) and if found available in GRC. FF IDs must habe the FF role assigned for recognizion.

Does this answer your question?

Regards,

Alessandro

Former Member
0 Kudos

Hi Alessandro,

Thanks for the reply .

So If  GRC users are created through SU01 , then  there is no need of sync jobs , they will be automatically found in GRC server

If any users ( other than GRC users FF ID , End users  ) we have to replicate them through the sync jobs

Correct ?

Thanks and Regards,

Raghu

alessandr0
Active Contributor
0 Kudos

Dear Raghu,

yes correct - for FF IDs as mentioned it is really necessary to have the FF role assigned that the user can be identified as a FF ID. Beside that also the user type must be set to Service user as otherwise firefighter won't work.

Hope this helps.

Regards,

Alessandro

Former Member
0 Kudos

Hi  Alessandro,

Yes That helped Thank you !!.

I have done everything now . I have created owners, controllers  , end users and FF ids.

And assigned the FF id to end user in GRC server and saved.

But When I login as end user in back end system and run the t-code /ngrac_spm

It says you are not authorized to use the t-code .

It  should work , as I assigned th FFID to this end user

I have done all EAM syncs and repository sycn , but it didn't work

Kind Regards,

Raghu