Hi experts,

I am currently configuring GRC AC 10.0 for a client. I am having an issue when it comes to which roles to assign to each user in regards to SPM (Firefighter).

Users of Firefighter - "FF ADMINISTRATOR", "FF OWNER", "FF CONTROLLER" and "FF USER" that need roles. The guide I'm referring to (AC 10.0 Centralized Firefighter Access.pdf) says I need the following:

FF OWNER = SAP_GRAC_SUPER_USER_MGMT_OWNER

FF CONTROLLER = SAP_GRAC_SUPER_USER_MGMT_CNTLR

FF USER = SAP_GRAC_SUPER_USER_MGMT_USER

FF ADMINISTRATOR = SAP_GRAC_SUPER_USER_MGMT_ADMIN (not mentioned in guide but I am assuming)

In addition, each need SAP_GRC_FN_BASE and SAP_GRC_FN_BUSINESS_USER roles.

However, I've already realized that the FF ADMINISTRATOR is going to need the SAP_GRAC_SETUP role in order to be able to access the Setup tab within GRC in order to maintain the Access Control Owners and then assign an Owner to a Firefighter ID.

The issue comes up when you need to give the Owners the same SAP_GRAC_SETUP role in order to maintain the Firefighter IDs assigned to them and assign those to the actual end user Firefighters. However, with that role, the Owner would also have access to maintain Owners, Reason Codes, etc.

Questions: Am I going to have to manually edit the authorizations within this role to make this work? Is there an actual list of roles that need to be assigned to each of the Users within Firefighter? or is this a trial-and-error process of adding each role to the user and testing to see which roles they need?

Thanks,

Madhu

Edited by: Madhu Mathew on Sep 16, 2011 11:06 PM