- SAP Community
- Products and Technology
- Additional Q&A
- GRC 10 ARM: access request for non GRC users
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
GRC 10 ARM: access request for non GRC users
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 01-24-2013 7:38 AM
Hello Guru's,
Can you please explain the concept of the access request for users who are not a GRC user:
How does a user enter the request form? is it through a URL? does he need to give a user name and password?
and if so, which one (from which system)? and if he doesn't need, how does the system recognizes him?
I would appreciate an overall explanation on this.
Regards
Michal Maori
Accepted Solutions (1)
Accepted Solutions (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Michal:
SAP Access Control uses an END USER HOME page for end users to be able to access request forms as part of the access requst (ARQ) functionaltiy. You can confiure this service in IMG. Navigate to Governance Risk and Compliance, Access Control, User Provisioning, Activate End User Logon. This opens up the Maintain Service screen when you enable and configure this service. The service should be configured with a "guest ID" as part of the logon credentials and when the end users access the URL associated with this service, this ID would be the underlying access for the end user. SAP does deliver a role that could be used as the role for this guest user ID: SAP_GRAC_END_USER - End User as a GRC Guest User.
The URL can be found by testing the service, but should look something lik this:
http://<server>:<port>/sap/bc/webdynpro/sap/grac_uibb_end_user_login?sap-client=<client>
You can configure whether or not you need to authenticate to this site. You configure this in Maintan Data Sources Configuration. The folders in this IMG activity that matter for this item are User Authentication Data Source (usually something like Active Directory), and End User Verificaiton. If End User Verificaton is set to YES, then the End user will be presented a logon screen where the end user would enter the ID and password from the User Authentication Data Source. If this is set to NO, then only the ID would need to be entered.
I hope this answers your question, if so, please mark as such.
Thanks,
Kevin Tucholke
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Dear Kevin,
Thank you very much!
Your answer was very helpful, as I was able to enter through the URL to the main page of the non-grc user, with only the user authentication.
I hope that you can help me further more...
after entering the system I'm choosing the "Access Requests" but i get another verification page, and here i'm unable to continue.
I would like to not have this second verification logging, any idea of how to do it?
Best regards
Michal
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Here are a couple of suggestions that I am aware of:
- User can maintain their language pref in the browser and then the system selects as the logon language the first language from the list that is maintained in the browser, and which is also installed in SAP system. e.g in internet explorer->internet options->General tab->languages
- User can manually append url parameter at the end of the URL e.g. &sap-language=de
These were just mentioned to me, but hopefully it's a start.
Thanks,
Kevin Tucholke
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Answers (2)
Answers (2)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Kevin,
thanks for all your help here.
i have another problem concerning the access request.
when i try to raise a request under "request for: other"
i choose out of the users that are in the F4 list. but then when i try to save i get an error saying that the user i choose is not valid.
Please Help
Michal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Very good explanation Kevin! Thanks!
@Michal, there are others services in SICF you'll have to check and make the same configurations::
1.)GRAC_OIF_MY_PROFILE_EU
2.)GRAC_GAF_NAME_CHANGE_SERV_EU
3.)GRAC_POWL_REQUEST_STATUS_EU
4.)GRAC_GAF_PWD_SELFSERVICE_EU
5.)GRAC_OIF_USER_REGISTER_EU
6.)GRAC_GAF_ACCREQ_WITH_REQREF_EU
7.)GRAC_OIF_REQUEST_SUBMISSION_EU
8.)GRAC_GAF_ACCREQ_WITH_TEMPL_EU
9.)GRAC_GAF_ACCREQ_WITH_USEREF_EU
10.)GRAC_UIBB_END_USER_LOGIN
Please also check SAP notes:
1636613 - End user authentication configuration settings do not take effect in the GRC system
1628387 - UAM: End User Logon application requires re-logon
Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- ABAP Cloud Developer Trial 2022 Available Now in Technology Blogs by SAP
- Simplifying Employee and Manager Experiences with Employee Central Quick Actions in Human Capital Management Blogs by SAP
- SAP S/4HANA Cloud Public Edition: Security Configuration APIs in Enterprise Resource Planning Blogs by SAP
- Switch on gCTS (for existing packages) in Technology Blogs by SAP
- When to Use Multi-Off in 3SL in Technology Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.