cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

FireFighter ID

Go to solution
Former Member

on ‎06-08-2010 1:58 AM

0 Kudos

Dear Experts,

I have some question regarding fire fighter id for SPM,

1.) Does the system resets the password for the ff id everytime it is used?

2.) If (1) Yes. How can we avoid the ff id's password to be reset everytime it is used?

We have some batch job ids which we want to utilize SPM, but the problem is everytime we use the virsa tool to logon the batch id, the password gets reset, and the jobs which was scheduled under the batch ids failed. So is there anyway to avoid the password reset?

Thank you. Appreciate the replies.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎06-08-2010 7:16 AM
0 Kudos

Hi Lee,

Yes, system resets the password for the ff id every time it is used.

It done by code of firefighter application automatically.

Kind Regards,

Srinivasan

Show replies
Show replies

Answers (7)

Answers (7)

Former Member
‎06-09-2010 1:15 AM
0 Kudos

Hello simon,

Thanks for the info.

Hi Frank,

Thanks for the feedback.

What we want to implement is the concept of FF id's where there is a record when admins or power users access a batch id to schedule jobs/remove jobs and etc. We could not know who is the last use person for the batch ids as the details is not user-specific, the id does not contain any information about users (its country based, e.g Singapore would be something like SGBTCID). What would your recommendation be for this scenario? Any sapnote or sites which i can refer for this?

regards,

lee

Show replies
Show replies
Former Member
‎06-08-2010 11:38 AM
0 Kudos

Hi Satyabrat,

Thanks for the note.

Hello Frank,

Logs are mostly for audit purpose. We already have FF ids which the usage is for users to do changes in Productive systems, while we also want to implement the FF concept for batch user ids for the reason to identify who made changes and to cater audit purposes.

Show replies
Show replies
koehntopp
Product and Topic Expert
Product and Topic Expert
‎06-08-2010 12:00 PM
0 Kudos

Well, that totally makes no sense

If it's a batch job, you already know who's going to make a change

Why not give the batch admin an FF ID and capture why a batch job has been planned, and by whom?

The batch user IDs are not suited to be Firefighters, as I said: use security audit log to see what they do.

Frank.

Former Member
‎06-08-2010 11:30 AM
0 Kudos

Hello Lee,

First of all, yes FF does reset the password for FFid everytime and it cannot be stopped. This is for security mechanism. In addition to that, it is not recommended to use FFid for scheduling Batch jobs. There is specific SAP Note available under the component GRC-SAC-SFF recommending against it.

Regards, Varun

Show replies
Show replies
Former Member
‎06-08-2010 3:58 PM
0 Kudos

Hi Guys,

TYhe FFID automatic password reset is actually dependent on the SWupport pack. Up to SP6 the password is static but with SP7, the functionality is changed to allow the password to be automatically updated with each logon. It is no longer required to be captured within the security table.

I would still not recommend using an FFID to run Batch jobs though.

Simon

Former Member
‎06-08-2010 7:34 AM
0 Kudos

Hi there,

We have tried service, the password will still changed.

Show replies
Show replies
Former Member
‎06-08-2010 8:05 AM
0 Kudos

Hi Lee,

Please check SAP note 992200. I beleive you can get a clear picture.

Regards,

Satyabrat

Former Member
‎06-08-2010 7:21 AM
0 Kudos

Hello,

Thanks. But is there any way to disable the password reset? Or is there a place where i can predefine the password for the id so that it do not change everytime we use SPM tool to logon?

Show replies
Show replies
Former Member
‎06-08-2010 7:29 AM
0 Kudos

Hi Lee,

Can you please confirm the user Type of your FF ID. Dialog or Service ? If it is dialog, please try to change it user type service.

Regards,

Satyabrat

koehntopp
Product and Topic Expert
Product and Topic Expert
‎06-08-2010 10:49 AM
0 Kudos

If you want to use FF IDs for batch users, you would need to use role based Firefighter. Unfortunately that will not work in combination with normal FF IDs.

I would suggest to use the security audit log to watch over batch users (who would look at the log anyway - what kind of anomaly are you planning to log with FF??)

Frank.

Former Member
‎06-08-2010 6:51 AM
0 Kudos

Hi, thanks for your reply.

We are trying to use the FF id concept to control our batch job ids in our system, but it seems that system would reset the password everytime we logon through /virsa/vfat interface. Meaning, we could not logon with the batch id anymore using the password we know. Any idea why is that happening?

Show replies
Show replies
sunny_pahuja2
Active Contributor
‎06-08-2010 6:14 AM
0 Kudos

Hi,

> 1.) Does the system resets the password for the ff id everytime it is used?

No, it would not reset the password.

> 2.) If (1) Yes. How can we avoid the ff id's password to be reset everytime it is used?

>

> We have some batch job ids which we want to utilize SPM, but the problem is everytime we use the virsa tool to logon the >batch id, the password gets reset, and the jobs which was scheduled under the batch ids failed. So is there anyway to avoid >the password reset?

why are your running jobs with FF ID ? you should run it with some other user.

Thanks

Sunny

Show replies
Show replies
Ask a Question