on 07-24-2014 3:56 PM
Hi Colleagues,
I was configuring EAM in GRC.
I Created the user ( owners, controllers, ffif and end user in back end system )
I directly went nwbc and started creating owners and controllers and I created the users
My Question,
1 ) As per the process , after the creation of users in back end system , we have to do the repository sync and FF sync( to replicate users to GRC server)
Which I didn't do .
How did users replicated from back end system to GRC server without sync jobs ? Is it possible ?
2) But When I was assiging the FF-ID to owner , FF id was not found in GRC server to assign to owner.
How only owners are replicated without replication of FFID to GRC
Please let me know , if you require further information on this
Thanks and Reagrds,
raghu
Hi Raghu,
please follow the below steps to available FF id in GRC system_
1. Make FF id System user.
2. assign role SAP_GRAC_SPM_FFID same role configure in parameter in 4010.
4. configuration parameter 4000 must be id based firefighter
5. run repository sync incremental mode. if still not available run same job full mode.
Regards,
Arif
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Arif,
I have created the end user and assigned the ff id to the end user and saved,
But When I Login through the End user , it shows that , I have not authorizied to execute t-code /ngrac_spm and GRAC_EAM
What would be the problem ?
I have assigned the correct role to FF id and End user and done the sync , but I could not execute the t-code
Thanks and Regards,
raghu
HI Raghu
how you think about security 101 here. If a user is not authorised to execute a transaction what do you think that means?
some transaction codes to help you think this through: su53, su01, pfcg, st0, su56
assuming you have really assigned the correct role I would then look at pfud, su56, pfcg, supc
Regards
Colleen
Hi Raghu,
Owners/Approvers are users in GRC system. That means that the user ID has to be available in SU01 and then it can be defined as owner/approver.
FF ID is recognized with the sync job (eam user master data) and if found available in GRC. FF IDs must habe the FF role assigned for recognizion.
Does this answer your question?
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Alessandro,
Thanks for the reply .
So If GRC users are created through SU01 , then there is no need of sync jobs , they will be automatically found in GRC server
If any users ( other than GRC users FF ID , End users ) we have to replicate them through the sync jobs
Correct ?
Thanks and Regards,
Raghu
Hi Alessandro,
Yes That helped Thank you !!.
I have done everything now . I have created owners, controllers , end users and FF ids.
And assigned the FF id to end user in GRC server and saved.
But When I login as end user in back end system and run the t-code /ngrac_spm
It says you are not authorized to use the t-code .
It should work , as I assigned th FFID to this end user
I have done all EAM syncs and repository sycn , but it didn't work
Kind Regards,
Raghu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.