Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization error when maintain rulles and Firefighter

Former Member

‎08-09-2011 5:06 AM

0 Kudos

Hi GRC experts,

We have recently upgraded from SAP 4.6c to ECC 6. Virsa component available is VIRSA 400_700 level 0.

The issue is, when I click on any of the butons "FIREFIGHTERS", "CONTROLLERS", "SECURITY" in Firefighter, I am geting the below error.

You have only authorisation for status(es) ,,

.No maintenance authorisation.

Same error i am geting when i click on maintain in RULE ARCHITECT also.

I have assigned all VIRSA related roles to this user, but no use. Also checked the trace in ST01, but not showing any error.

Kindly help me to troubleshoot and correct this error.

Regards

Prasanth

12 REPLIES 12

Former Member

‎08-09-2011 5:09 AM

0 Kudos

Search for all roles start with FF . You will get all required roles .

Thanks & Regards

Asheesh

Former Member
In response to Former Member

‎08-09-2011 5:10 AM

0 Kudos

Also I beleive that you have taken care of post installation step ,like in stalling right RTA for ECC 6

Former Member
In response to Former Member

‎08-09-2011 5:26 AM

0 Kudos

Hi,

I have assigned all FF roles to the user, but still the same issue.

My VIRSA component is 400_700. Could you please tell me the steps to check RTA?

Thanks

Prasanth

Former Member
In response to Former Member

‎08-09-2011 5:40 AM

0 Kudos

Login to SAP system ,at top you can see Tool tab . In tool tab go to system status .

Where you can see "ECC 6 " .just below that you can see serch option .You can check out there .

Or Directly go to SPAM

RTA component will be name as VIRSANH or VIRSAHR depending upon ECC system is having HR component in it .

Former Member
In response to Former Member

‎08-09-2011 5:44 AM

0 Kudos

Hi,

I have checked in SPAM and didnot find any RTA components VIRSANH or VIRSAHR. I checxed in the existing production sysyem which is 4.6c VIRSA 400 and that too dont have.

For ECC6, do whe have to intall both VIRSANH and VIRSAHR along with VIRSA 40_700 component?

Regards

Prasanth

Former Member
In response to Former Member

‎08-09-2011 5:56 AM

0 Kudos

I am assuming that you have GRC 5.3 in place and you have only upgraded backend from ECC 4.6 to ECC 6 , is that Correct ?

If yes then SAP GRC will be installed on Java engine and RTA need to installed on SAP backend .Kindly follow configuration and installation guide .

Thanks & Regards

Asheesh

Former Member
In response to Former Member

‎08-09-2011 7:03 AM

0 Kudos

Dear Ashish,

We are still not in GRC5.3. We have only upgraded from r/3 4.6c to ECC 6. VIRSA is still the older version(400_700).

do we have to upgarde VIRSA from 400_700 also to GRC 5.3 to get all functionalities?

Any other guggession for the error i am facing (auth error).

Your answers are realyhelping me. Will reward you points.

Regards

Prasanth

Former Member
In response to Former Member

‎08-09-2011 7:25 AM

0 Kudos

Dear Prashant ,

I would strongly recommend you to look into configuration ,security guide and upgrade guide as I am really sure that this is a compatibilty issue .

I would suggest you to check that VIRSA 4.0 is compatible with ECC 6.0 and if yes what should be roles and all should be asigned .

Regarding upgrade , I will strongly recommend you to upgrade as you many have many release with extended functionallity after Virsa 4.0 i.e GRC 5.2 ,GRC 5.3 and now GRC 10 .

I an really not sure whether SAP is still supporting Virsa 4 .

Thanks & Regards

Asheesh

Former Member

‎08-09-2011 9:47 AM

0 Kudos

Hi,

What does your SU56 user buffer says?? Do you have the required authorization there??

Regards,

Raghu

simon_persin4
Contributor
In response to Former Member

‎08-09-2011 11:32 AM

0 Kudos

Hi,

With the basis / abap level upgrade, you may find that there are differences in the Authorisation Objects. You may find that there is an additional object called GRCFF_0002 / VIRFF_0002 included which provides additional authorisations to access and maintain the Firefighter tables.

This adds an additional layer of control rather than simply relying on the ZV* table authorisation groups.

You will probably need to assign the relevant values for this object into your Firefighter roles.

I would also look at the configuration parameters within the Firefighter dashboard for Owner and Controller additional authorisation as that also restricts the view and maintenance of these tables.

Simon

Former Member
In response to Former Member

‎08-09-2011 1:26 PM

0 Kudos

Hi Simon,

Thaks for your imput.

I have checked both objects (GRCFF_0002 / VIRFF_0002 ) in my sytem. But both are not existing. I doubt this is because the support pack level i have is less (SP 0). I am thinking of upgrading to SP12.

Any input or suggession?

Regards

Prasanth

Former Member
In response to Former Member

‎08-10-2011 2:43 PM

0 Kudos

Hi Prasanth,

As recommended earlier, check the user buffer. Also, you can enable the ST01 trace and see what is missing.

As mentioned, the new authorization objects might be required. Upgrading to another version is not the solution always Will you go to the next level, if you see a few more issues??

Try to look around for the various possibilities and isolate the root cause. It will help you to fix the issue easily.

Regards,

Raghu