on 12-09-2012 6:18 PM
Hello Gurus,
Got couple of questions:
1. I have SP09 implemented in my GRC 10 system, i have a question, can FFID/User login to plugin system to directly in case GRC 10 is down ?
I know we can login to pugin directly in case of SP10 but how abt SP09 ?
2. Where can i find the latest release dates of SP from SAP and what changes are made in that SP, for GRC 10 ?
Regards,
Rajesh Nanda.
Hi Rajesh
1) If you have implemented the user exit and the corresponding configurations in the back-end system:
1735971 - User exit to prevent direct firefighter login
1545511 - Firefighter User Exit
you can remove the role that identifies the FF users from them: parameter 4010 in GRC Box <-> Parameter 1090 in the plugin system (you've probably made a copy of the standard role SAP_GRAC_SPM_FFID) and then the user will be able to login directly.
If the user exit hasn't been implemented then the firefighter is like any normal user and is able to login directly.
Bear in mind that each time a FF ID is used the password is changed by the application, so, you will have to reset the password.
Of course, you won't get any log in GRC, so you might want to activate a trace to the user for example in such cases.
I don't like this kind of check based on a role assigned to the user :http://scn.sap.com/thread/3273562
2) Interesting. Actually you'll find some notes related to de-centralized FF for example:
Note 1752942 - EAM Decentalization Changes - Interface Note 3
As per my understanding they're still working on this and is still not available for use, but it'll be soon (???)
If you access here: http://service.sap.com/swdc and navigate to
SAP Solutions for Governance, Risk, and Compliance" SAP GRC Access Control" SAP GRC ACCESS CONTROL" SAP ACCESS CONTROL 10.0" Entry by Component" GRC ABAP Components
SAP GRC SHARED COMPONENTS 10.0
and click here for example:
GRCFND_A V1000: Support Package 0010
you'll get all the notes included in SP10 for the GRC ABAP component. You might want to check also SP10 details for GRCPINW/GRCPIERP.
Hope it helps.
Cheers,
Diego.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Diego,
If i am understanding correctly. The FF ids will be created and users will directly login to system with those users itself.
For e.g: A is the user in system FP1 and B is the FF id in system FP1.
So if user A needs FF access he will be given the password for user id B and he will login to system with user B ?
If this is the case then how will we monitor the activities done by FF id?
It would be better to use old method of assignment till SP10 is implemented.
Regards,
Rajesh
Hi Rajesh,
Yes, I meant that. But this is only a "emergency" procedure in case GRC Box doesn't work. As I mentioned, you have trace the user activities by other methods in such case.
What do you mean by"better to use old method of assignment"? can you explain that?
What's is the change in SP10 that you mentioned "I know we can login to pugin directly in case of SP10 but how about SP09"??
Cheers,
Diego.
Hi Diego,
I mean to say by old method is:
1. to use tcode /n/virsa/vfat and assign the users FF id manually and do it the way we do in GRC 5.3 and track the activities of FF ids.
2. I just got reply from SAP that in case GRC is down the user can login to remote system if FF assignment is already done for that user. This feature is being introduced in SP10.
I think we will go for method 1 as everything will be jammed if GRC 10 is down till SP09.
Once we implement SP10 we will think of moving to Decentralized approach.
Till SP10 FF will be waste fofr us.
Rajesh
Hi Diego,
Yes with SP10 there is hybrid approach for using FF.
Here are highlights:
1. You can login to plugin system directly with different tcode - /GRCPI/GRAC_EAM(i think this is the tcode)
2. You can extend the validity date in plug in system
3. You can maintain controller,owner etc in plug in system and then sync with GRC 10 system.
4. However, all reporting and assignment has to take place in Central GRC 10 system.
So even in case of decentralized approach you get benefits of central GRC 10 system and i believe decentralized approach is more work for us.
Rajesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.