cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Conflit in between access GRC FF ID and GRC FF owner

Former Member

on ‎08-03-2010 3:29 PM

0 Kudos

Hi guys,

I have the following issue:

We have users that use firefighter and we have firefighter owners. The diference in between both of the on authorizations is that firefighters have auth object GRCFF_0001 and ACTVT * while the owners only have ACTV 02, 03 and 81.

The issue we have is, currently we have a user that will perform firefighter and be a firefighter owner. Because he gets from the firefighter ID * on actvt it overwrittes the 02, 03 and 81 for the owner meaning that he is able to assign any firefighter ID he wants, while he should only be able to assign firefighters that he is owner off.

Have you seen this issue before?

As the GRC FF ID needs value 36 this overwrittes the other values coming from GRC FF owner. We have tried already the configuration option u201CFirefighter Owner Additional Authorizationu201D to YES and NO and still no solution.

Any ideas?

Many thanks

pedro

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

sunny_pahuja2
Active Contributor
‎08-03-2010 4:44 PM
0 Kudos

Hi,

This issue has been resolved in GRC 5.3 SP12. Please check SAP note 1168121. Check below extract from this note:

o Firefighter Owner is able to assign the Firefighter IDs for which

he is not the Owner.

Thanks

Sunny

Show replies
Show replies
Former Member
‎08-04-2010 8:54 AM
0 Kudos

Hi Sunny

Thanks for your reply. i have read note 1168121 and we have SP12.

The issue here is that user ,for example, user A will be a firefighter and will be a firefighter owner. So the authorizations from firefighter are broader then the one for owner and it overwrittes...

sunny_pahuja2
Active Contributor
‎08-04-2010 10:04 AM
0 Kudos

Hi,

Assign only the authorization related to approving of FF id to the owner of the firefighter as per SAP note 1286000. And rest of the authorization will be assigned to FF ID not owner user id. Then it will not be overwritten.

Thanks

Sunny

Former Member
‎08-04-2010 10:14 AM
0 Kudos

SAP note 1286000 doesn't exist

The thing is: the same user needs to have role /VIRSA/Z_VFAT_FIREFIGHTER and /VIRSA/Z_VFAT_ID_OWNER as he is supposed to perform both tasks. the thing is is this compliant? Because with the authorizations coming from role /VIRSA/Z_VFAT_FIREFIGHTER user will be able to perform as owner add any user even if he is not the owner.

thx

pedro

sunny_pahuja2
Active Contributor
‎08-04-2010 12:00 PM
0 Kudos

I think this note is under maintenance.

In our case, FF Owner is the business lead and he is not allowed to use FF ID to whom he is owner.

Thanks

Sunny

Former Member
‎08-03-2010 3:44 PM
0 Kudos

Moved to the GRC forum...

Show replies
Show replies
Ask a Question