on 11-27-2012 3:38 PM
Hello consultants:
We are trying configure GRC AC 10.0 SP07 SPM and we have following error:
IN AC system Firefighter executes transaction code GRAC_SPM.Firefighter selects FFID, enters reason code ,details and clicks logon. The next screen is asking autnentication of target system (Remote Logon screen in SM59)
We have revised following forum https://scn.sap.com/thread/2142757 and the note 1652880 no apply and RFC user has sap_all profile
Please could you help us?
Thanks
Hi Diego
FF-ID user in the backend system has sap_all profile and SAP_GRAC_SPM_FFID role
Is mandatory use trusted RFC in this support package(SP07)? In other SP(before SP) is not neccesary use this kind of RFC.
Thanks
Marco
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Marco,
Please check the following things:
(1) Can you check if FFID user is locked or not. Try reset the password from SU01.
(2)Check if the RFC user has authorization to change password( he should have as he is having SAP_ALL).
(3) Check if it is a CUA child system.
(4) Check with the Basis team, what is password parameter settings in RZ11.
Thanks & Regards,
Chandani
Hi Marco,
What's the role assigned to the FF ID in the back-end system? have you made a copy of the role SAP_GRAC_SPM_FFID and assign it to the FF ID?
Despite that, bear in mind that the recommendation is to use trusted RFCs.
Cheers,
Diego.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Diego
I have made the RFC as trusted and also added object S_RFCACL for the RFC user.But still when I try to login to FF id from GRC box it gives me error message "No authorization to log on as a trusted system"
I am on SP09.
Do you suggest implementing note 1652880 without changing RFC from trusted ? r please suggest something for the same .
Thanks in advance!
Regards
Pradeep
Hi Pradeep,
In order to analyze the RFC error you should check: Note 128447 - Trusted/trusting systems
the return code is very important to find the root cause. Also check ST22 in GRC Box and in plugin system to get more details:
"No authorization to log on as a trusted system (Trusted RC = #)."
In this case, the trusted return code # (# = 0, 1, 2, 3) has the following relevance:
0 Invalid logon data (user and client) for the trusting
system.
Solution: In the server system (trusting system), create the user
in the relevant client.
1 The calling system is not a trusted system, or the
security key for the system is invalid.
Solution: Recreate the trusted system (see
documentation).
2 In the trusting system, the user has no authorization that contains
the authorization object S_RFCACL, or a logon was carried out using one of the protected users 'DDIC' or 'SAP*'.
Solution: Either provide the user with the relevant
authorization, or use neither of the protected
users 'DDIC' or 'SAP*'.
3 The time stamp of the logon data is invalid.
Solution: Check the system time on the client host and on the
server host and check the validity date of the logon data. The
system times of both systems must be synchronized.
Since you're on SP09, note 1652880 does not apply.
I've added some documentation in order to configure decentralized EAM. If you're interested in this functionality you have to apply SP10.
Cheers,
Diego.
Hello:
If we create other FFID and test this new configuration we have following message when enters code , detail and clicks logon"Name or password incorrect"
We have review RFC and have executed authorization test and is correct
Thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.