on 01-24-2013 7:38 AM
Hello Guru's,
Can you please explain the concept of the access request for users who are not a GRC user:
How does a user enter the request form? is it through a URL? does he need to give a user name and password?
and if so, which one (from which system)? and if he doesn't need, how does the system recognizes him?
I would appreciate an overall explanation on this.
Regards
Michal Maori
Michal:
SAP Access Control uses an END USER HOME page for end users to be able to access request forms as part of the access requst (ARQ) functionaltiy. You can confiure this service in IMG. Navigate to Governance Risk and Compliance, Access Control, User Provisioning, Activate End User Logon. This opens up the Maintain Service screen when you enable and configure this service. The service should be configured with a "guest ID" as part of the logon credentials and when the end users access the URL associated with this service, this ID would be the underlying access for the end user. SAP does deliver a role that could be used as the role for this guest user ID: SAP_GRAC_END_USER - End User as a GRC Guest User.
The URL can be found by testing the service, but should look something lik this:
http://<server>:<port>/sap/bc/webdynpro/sap/grac_uibb_end_user_login?sap-client=<client>
You can configure whether or not you need to authenticate to this site. You configure this in Maintan Data Sources Configuration. The folders in this IMG activity that matter for this item are User Authentication Data Source (usually something like Active Directory), and End User Verificaiton. If End User Verificaton is set to YES, then the End user will be presented a logon screen where the end user would enter the ID and password from the User Authentication Data Source. If this is set to NO, then only the ID would need to be entered.
I hope this answers your question, if so, please mark as such.
Thanks,
Kevin Tucholke
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Kevin,
Thank you very much!
Your answer was very helpful, as I was able to enter through the URL to the main page of the non-grc user, with only the user authentication.
I hope that you can help me further more...
after entering the system I'm choosing the "Access Requests" but i get another verification page, and here i'm unable to continue.
I would like to not have this second verification logging, any idea of how to do it?
Best regards
Michal
Here are a couple of suggestions that I am aware of:
These were just mentioned to me, but hopefully it's a start.
Thanks,
Kevin Tucholke
Hi Kevin,
thanks for all your help here.
i have another problem concerning the access request.
when i try to raise a request under "request for: other"
i choose out of the users that are in the F4 list. but then when i try to save i get an error saying that the user i choose is not valid.
Please Help
Michal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Very good explanation Kevin! Thanks!
@Michal, there are others services in SICF you'll have to check and make the same configurations::
1.)GRAC_OIF_MY_PROFILE_EU
2.)GRAC_GAF_NAME_CHANGE_SERV_EU
3.)GRAC_POWL_REQUEST_STATUS_EU
4.)GRAC_GAF_PWD_SELFSERVICE_EU
5.)GRAC_OIF_USER_REGISTER_EU
6.)GRAC_GAF_ACCREQ_WITH_REQREF_EU
7.)GRAC_OIF_REQUEST_SUBMISSION_EU
8.)GRAC_GAF_ACCREQ_WITH_TEMPL_EU
9.)GRAC_GAF_ACCREQ_WITH_USEREF_EU
10.)GRAC_UIBB_END_USER_LOGIN
Please also check SAP notes:
1636613 - End user authentication configuration settings do not take effect in the GRC system
1628387 - UAM: End User Logon application requires re-logon
Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.