on 06-08-2010 1:58 AM
Dear Experts,
I have some question regarding fire fighter id for SPM,
1.) Does the system resets the password for the ff id everytime it is used?
2.) If (1) Yes. How can we avoid the ff id's password to be reset everytime it is used?
We have some batch job ids which we want to utilize SPM, but the problem is everytime we use the virsa tool to logon the batch id, the password gets reset, and the jobs which was scheduled under the batch ids failed. So is there anyway to avoid the password reset?
Thank you. Appreciate the replies.
Hi Lee,
Yes, system resets the password for the ff id every time it is used.
It done by code of firefighter application automatically.
Kind Regards,
Srinivasan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello simon,
Thanks for the info.
Hi Frank,
Thanks for the feedback.
What we want to implement is the concept of FF id's where there is a record when admins or power users access a batch id to schedule jobs/remove jobs and etc. We could not know who is the last use person for the batch ids as the details is not user-specific, the id does not contain any information about users (its country based, e.g Singapore would be something like SGBTCID). What would your recommendation be for this scenario? Any sapnote or sites which i can refer for this?
regards,
lee
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Satyabrat,
Thanks for the note.
Hello Frank,
Logs are mostly for audit purpose. We already have FF ids which the usage is for users to do changes in Productive systems, while we also want to implement the FF concept for batch user ids for the reason to identify who made changes and to cater audit purposes.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Well, that totally makes no sense
If it's a batch job, you already know who's going to make a change
Why not give the batch admin an FF ID and capture why a batch job has been planned, and by whom?
The batch user IDs are not suited to be Firefighters, as I said: use security audit log to see what they do.
Frank.
Hello Lee,
First of all, yes FF does reset the password for FFid everytime and it cannot be stopped. This is for security mechanism. In addition to that, it is not recommended to use FFid for scheduling Batch jobs. There is specific SAP Note available under the component GRC-SAC-SFF recommending against it.
Regards, Varun
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Guys,
TYhe FFID automatic password reset is actually dependent on the SWupport pack. Up to SP6 the password is static but with SP7, the functionality is changed to allow the password to be automatically updated with each logon. It is no longer required to be captured within the security table.
I would still not recommend using an FFID to run Batch jobs though.
Simon
Hi there,
We have tried service, the password will still changed.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
Thanks. But is there any way to disable the password reset? Or is there a place where i can predefine the password for the id so that it do not change everytime we use SPM tool to logon?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
If you want to use FF IDs for batch users, you would need to use role based Firefighter. Unfortunately that will not work in combination with normal FF IDs.
I would suggest to use the security audit log to watch over batch users (who would look at the log anyway - what kind of anomaly are you planning to log with FF??)
Frank.
Hi, thanks for your reply.
We are trying to use the FF id concept to control our batch job ids in our system, but it seems that system would reset the password everytime we logon through /virsa/vfat interface. Meaning, we could not logon with the batch id anymore using the password we know. Any idea why is that happening?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
> 1.) Does the system resets the password for the ff id everytime it is used?
No, it would not reset the password.
> 2.) If (1) Yes. How can we avoid the ff id's password to be reset everytime it is used?
>
> We have some batch job ids which we want to utilize SPM, but the problem is everytime we use the virsa tool to logon the >batch id, the password gets reset, and the jobs which was scheduled under the batch ids failed. So is there anyway to avoid >the password reset?
why are your running jobs with FF ID ? you should run it with some other user.
Thanks
Sunny
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.