- SAP Community
- Products and Technology
- Additional Q&A
- SPM error login
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
SPM error login
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 11-27-2012 3:38 PM
Hello consultants:
We are trying configure GRC AC 10.0 SP07 SPM and we have following error:
IN AC system Firefighter executes transaction code GRAC_SPM.Firefighter selects FFID, enters reason code ,details and clicks logon. The next screen is asking autnentication of target system (Remote Logon screen in SM59)
We have revised following forum https://scn.sap.com/thread/2142757 and the note 1652880 no apply and RFC user has sap_all profile
Please could you help us?
Thanks
Accepted Solutions (0)
Answers (3)
Answers (3)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Diego
FF-ID user in the backend system has sap_all profile and SAP_GRAC_SPM_FFID role
Is mandatory use trusted RFC in this support package(SP07)? In other SP(before SP) is not neccesary use this kind of RFC.
Thanks
Marco
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Marco,
Please check the following things:
(1) Can you check if FFID user is locked or not. Try reset the password from SU01.
(2)Check if the RFC user has authorization to change password( he should have as he is having SAP_ALL).
(3) Check if it is a CUA child system.
(4) Check with the Basis team, what is password parameter settings in RZ11.
Thanks & Regards,
Chandani
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Marco,
What's the role assigned to the FF ID in the back-end system? have you made a copy of the role SAP_GRAC_SPM_FFID and assign it to the FF ID?
Despite that, bear in mind that the recommendation is to use trusted RFCs.
Cheers,
Diego.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Diego
I have made the RFC as trusted and also added object S_RFCACL for the RFC user.But still when I try to login to FF id from GRC box it gives me error message "No authorization to log on as a trusted system"
I am on SP09.
Do you suggest implementing note 1652880 without changing RFC from trusted ? r please suggest something for the same .
Thanks in advance!
Regards
Pradeep
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Pradeep,
In order to analyze the RFC error you should check: Note 128447 - Trusted/trusting systems
the return code is very important to find the root cause. Also check ST22 in GRC Box and in plugin system to get more details:
"No authorization to log on as a trusted system (Trusted RC = #)."
In this case, the trusted return code # (# = 0, 1, 2, 3) has the following relevance:
0 Invalid logon data (user and client) for the trusting
system.
Solution: In the server system (trusting system), create the user
in the relevant client.
1 The calling system is not a trusted system, or the
security key for the system is invalid.
Solution: Recreate the trusted system (see
documentation).
2 In the trusting system, the user has no authorization that contains
the authorization object S_RFCACL, or a logon was carried out using one of the protected users 'DDIC' or 'SAP*'.
Solution: Either provide the user with the relevant
authorization, or use neither of the protected
users 'DDIC' or 'SAP*'.
3 The time stamp of the logon data is invalid.
Solution: Check the system time on the client host and on the
server host and check the validity date of the logon data. The
system times of both systems must be synchronized.
Since you're on SP09, note 1652880 does not apply.
I've added some documentation in order to configure decentralized EAM. If you're interested in this functionality you have to apply SP10.
Cheers,
Diego.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello:
If we create other FFID and test this new configuration we have following message when enters code , detail and clicks logon"Name or password incorrect"
We have review RFC and have executed authorization test and is correct
Thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Recursive Item Structure (Exploded BOM) in Enterprise Resource Planning Q&A
- reading external (OData) API from cap in Technology Q&A
- App ID F1706 Change Inbound Delivery in Supply Chain Management Q&A
- putNextEntry failed storing SPML.SAPUSER in Technology Q&A
- GRC Tuesdays: Takeaways from the 2024 Internal Controls, Compliance and Risk Management Conference in Financial Management Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.