on 07-08-2012 1:53 PM
Hi,
I was configuring PSS. I had written in another thread of mine asking for the role(s) needed to access PSS service only (now it is closed). However, I found that "End User Logon Page" can be used for accessing such end user services.
I found that when I access the "End User Logon Page" link in a new browser, freshly, it is asking for user id and password! This is how end users will be accessing this link for resetting the passwords for their ids in the backend systems.
But when I log into GRC AC system and access NWBC (via NWBC tcode from ABAP system) with my user id and password, then access "End User Logon Page", then it gives me the page correctly (without asking for user id and password) where I simply have enter the user id to reset the password for. But end users will not be logging into GRC AC system directly and they need not have their IDs in the GRC AC system.
Can anybody tell me what is the problem?
Regards,
Faisal
Hi Faisal,
Please review the following SAP notes-
1636613
1692504
1628387
1613084
Best Regards,
Nandita
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Nandita,
Thanks for sharing these notes.
Let me tell you about each note status at my end and its understanding.
1636613: This note is informative and this settings for "End User Verification" is set to "YES"
1692504: Here basically the end user is trying to access the request status "after" logging into the end user application. However, my problem is that, as soon as end user accesses the URL of End User Application, it is asking for the logon credentials. Please see the screen below:
1628387: This note is aksing me to create a new method in class 'CL_GRAC_ACCESS_REQUEST_UTIL'. Then asking me to maintain the logon details in SICF services for some of the services. I am not sure of this, whether I should act upon.
1613084: This is asking to creates some of the Web Dynpro applications. When I treid to create them, I found that alreay they are available. Therefore, dont know what should I do next.
May you help me on this, further?
Regards,
Faisal
Kevin,
Thanks for your reply.
I was trying to follow your suggestion. However, I do not know the "10" services for which I need to maintain the "GUEST" user. From SPRO I can get one service name "GRAC_UIBB_END_USER_LOGIN" and I did fill up the guest user details here. I have given "SAP_ALL" to this user and it is a "SERVICE" user. Please let me know if any specific authorizations need to be given.
May I know other remaining services where I need to maintain this guest user details?
Regards,
Faisal
Hi Nag,
To activate the End User Logon screen, To maintain the logon information, do the following: -
Note: Create Service type user with below roles in GRC System
SAP_GRAC_SUPER_USER_MGMT_USER
SAP_GRAC_ACCESS_REQUESTER
SAP_GRAC_BASE
SAP_GRAC_END_USER
SAP_GRAC_NWBC
SAP_GRAC_SPM_FFID
SAP_GRC_FN_BASE
SAP_GRC_FN_BUSINESS_USER
8. Click save.
Do the same procedure for all the services mentioned below. Maintain same user details in all the services and the user should be select Internet type User in LOGON DATA OF SICF SCREEN
Maintain logon information for following services in SICF:
If you getting any Login errors like user ID does not exist, then you need to maintain
“User Authentication Data Sources is SU01(If you have HR System then you select HR) and
set NO in End User Verification” in Maintain Data Sources Configuration.
8. To make a link invisible, right-click the link and select Settings for Current Configuration.
9. Select Invisible, Save the entry, and then close the browser.
Thanks,
Rajesh Srisailapu.
Hi Rajesh,
For me everything is working fine, but when i receive email with the link and when i click on the link,
It asks for the username and password for the GRC system. But i have set authentication as LDAP.
End user doesnt have user id in GRC system. how would they login to the same.
Could you please assist me with the same.
Thanks and Regards
Ankit sharma
Dear Ankit,
Please set SU01 (User should have access in Back end ECC
System) for User Authentication Data Sources and NO for End User Verification
in Maintain Data Sources Configuration of SPRO.
Path : SPRO-->GRC-->Access Control-->Maintain Data Sources Configuration
User Authentication Data Sources = SU01
(User should have access in Back end ECC System)
End User Verification = NO
Hi there,
I'm facing another login issue at the enduser logon:
On the logon screen I'm able to enter any password and the system grants me access!
So it seems the system does not really check the passwords.
My Data Source Configurations:
LDAP (Sequence 2)
PRD ERP (Sequence 3; SU01)
End User Verification > Authentication=YES
the guest user for all 10 services is set correctly.
What could be the issue?
Thanks in advance
Edgar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Edgar,
I know this is an old thread, however, there is a setting in SPRO whcih needs to be changed, Go to SPRO, Governance, Risk and Compliance, Access Control and Maintain Data Source Configuration
End user Verification needs to be set to No. This removes the password field automatically.
Cheers,
Sonia
Hi Faisal,
Kindly follow the thread: http://scn.sap.com/thread/3160892.
Here you can find the query related to the minimum authorizations and related SAP Notes detailing about re-logon.
Let us know if it helps.
Best Regards,
Akhil Chopra
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.