cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC 10.0 Access Control - Emergency Access

Go to solution
Former Member

on ‎04-25-2012 2:45 PM

0 Kudos

Hi Gurus,

I have another question.

I configured the emergency access as described in the "AC 10.0 Pre-Implementation - From Post-Installation to First Emergency Access" guide.

When I finished, I logged on to the GRC Backend with the ZFFUSER and started the transaction GRAC_SPM.

The problem now is, that I am not able to see the Firefighter ID to logon to the remote system.

The User has the following roles:

SAP_GRAC_SUPER_USER_MGMT_USER

SAP_GRC_FN_BASE

SAP_GRC_FN_BUSINESS_USER

The User ZFFID is configured as a serviceuser in the remote system and hast the following roles:

SAP_GRAC_SPM_FFID

Do you know what I did wrong?

Regards,

Sebastian

PS: I read in the RKT Material, that the Firefighter User need the role SAP_GRAC_SPM_FIREFIGHTER in the AC System but this role does not exist.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎04-26-2012 3:22 PM
0 Kudos

I found the solution:

The Role which is delivered by SAP has insufficient rights.

Show replies
Show replies
Former Member
‎04-26-2012 4:18 PM
0 Kudos

Hi Sebastian,

Which role was it ?

Regards,

Ajesh.

Former Member
‎04-26-2012 5:04 PM
0 Kudos

The Role

SAP_GRAC_SUPER_USER_MGMT_USER

for the Firefighter User in the GRC System and the Role

SAP_GRAC_SPM_FFID

for the Firefighter ID in the target system.

I gave them SAP_ALL and the problem was solved. I have to trace with rights you realy need.

Former Member
‎04-26-2012 5:17 PM
0 Kudos

Thank you. Just wanted to know, also it might help others

Just a thought, see if assigning base roles solves the problem.(SAP_GRAC_BASE & SAP_GRAC_END_USER)

Regards,

Ajesh

Former Member
‎05-04-2012 10:06 PM
0 Kudos

The Role that you need to modify is a copy of SAP_GRAC_SUPER_USER_MGMT_USER.

Assign the object GRAC_FFOWN with the following values:

Activity (ACTVT) - 03

GRAC_OWN_T - *

GRAC_SYSID - *

GRAC_USER - *

Regards,
Mario Baez

Former Member
‎05-18-2012 12:56 PM
0 Kudos

Thanks, this worked.

Answers (1)

Answers (1)

Former Member
‎04-25-2012 2:56 PM
0 Kudos

Hi Sebastian,

If you are not seeing any FFID to login, then there is none assigned to the user.

Try assigning a FFID from NWBC-->Access Management-->Emergency Access....

Before that make sure to maintain Owners and controllers:

1.NWBC-->Access Management-->GRC Role Assignments-->AC Owners (Here maintain User ID as FF owner & Controller)

2.NWBC-->Access Management-->Emergency Access Assignment--> FF IDs (Here maintain Owners and Controllers)

Regards,

Ajesh.

Show replies
Show replies
Former Member
‎04-25-2012 3:15 PM
0 Kudos

Hi Ajesh,

I already did this, but nothing shows up.

Please find attached the screenshots.

Best Regards,

Sebastian

Ask a Question