cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRc 10, SP12: EAM Invalid User Error.

Go to solution
Former Member

on ‎08-13-2013 4:37 PM

0 Kudos

Dear Gurus,

While logging as a Fire-fighter, I am getting the below error message – Invalid SAP User:

I have checked the following already:

1.       Assignment of FFIDs to Firefighters, controllers and monitors with valid dates and all are valid.

2.       User validity of the Firefighter account in the GRC system – it’s indefinite and hence OK.

3.       User validity of the FFID in the backend system and it’s also indefinite – hence OK

4.       Role assignment to Firefighter and Firefighter IDs – checked these to be correct as well.

5.       Test connection for RFC – Tested to be correct, with a good response time.

Would appreciate if you could please advise and help in resolving the same?

Thanks & Regards,

Ronnie.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎08-14-2013 4:34 AM
0 Kudos

Hi Ronnie,

As per your symptom, below could be the things which need to be taken
care...

1. FFID is System or Dialog user type.     Your ID is already covered
under this creteria.

2. FFID is locked.    Your FFID is also not locked in Plugin system.

3. RFC user has all the required authorizations.
RFC user has SAP_ALL profile.

4. RFC connection should be Trusted.    You can again cross check if
this is trusted or not. You can refer to SAP Note 1701047 for more
detail.

Please check that you have maintained the below parameters in the plug-in system.These
are part of post installation steps and needs to be completed.

Maintian the parameters 1000 & 1001 in the plug-in system as
1-Parameter 1000- The Plug-in Connector is maintained
2-Parameter 1001-The GRC Connector is maintained


Best Regards,

Nandita

Show replies
Show replies
Former Member
‎08-14-2013 9:28 AM
0 Kudos

Hi Nandita,

Parameter 1001 has a differenet description than you stated, which is "Enable Function Change Log"
Parameter 1000 - There is no Parameter 1000 I found like this in config settings

Note 1701047 - It's giving an error with RFC destination if you change it to Secure connection and the system gives a message when you press the logon button in the FF dashboard itself. I had it as unsecure few days back and it was all working fine so I doubt this would be a real issue though.

Thanks.

Ronnie

Former Member
‎08-14-2013 10:21 AM
0 Kudos

Hi Ronnie,

You need to check the parameters 1000 & 1001 in the Plug-in system.Kindly maintain the same

in the plug-in system if they are missing.

Best Regards,

Nandita

Former Member
‎08-15-2013 8:39 AM
0 Kudos

Hi Nandita,

Not sure I followed you correctly when you said these parameters should be maintained in the plug in system. What is the transaction and path to maintain these parameters in the plug in systems, can you please suggest?

Many thanks.

Ronnie.

kevin_tucholke1
Contributor
‎08-15-2013 12:03 PM
0 Kudos

Ronnie:  These parameters are configured in IMG.  Governance Risk and Compliance (Plug in).

Former Member
‎08-15-2013 2:11 PM
0 Kudos

Thanks Kevin. But I guess this wil be maintained only in case we are using the decentralised approach. In my case we are using centralised FF.

Ronnie.

Answers (3)

Answers (3)

former_member193066
Active Contributor
‎08-14-2013 9:31 AM
0 Kudos

centralized firefighting, all the firefighters must exist in the GRC box. To resolve the issue, create the firefighter user ID in the GRC box.,ensure all the firefighters exists in bth the system

Show replies
Show replies
Former Member
‎08-15-2013 8:42 AM
0 Kudos

Hi Prasant,

The firefighters do exist in the GRC box and hence I am able to log in there.

Not sure why firefighters need to exist in both the systems for a centralised approach, as that is what the purpose of using the Firefighter is, that you do not log into the backend as your ID but as a FFID, which exists in the backend.

Thanks and Regards,

Ronnie.

kevin_tucholke1
Contributor
‎08-15-2013 12:09 PM
0 Kudos

In the Centralized EAM Scenario, the Firefight IDs must exist on the target system and the Firefighters must exist on GRC.  Neither have to be in BOTH systems.  If you were doing the De-Centralized firefight scenario, then the FF User and FFID would exist on the target system only and the FF User would execute the transaction to access the Firefighting Logon Screen to enter a Firefight session.  In either case, the result is the same with the logging and the FF Log Review.

From an Administration standpoint, both scenarios are administered centrally in the SAP Access Control application.  The difference is that you need to sync the EAM Master Data to your targets in the De-Centralized scenario.

Thanks,

Kevin Tucholke

Former Member
‎08-15-2013 2:13 PM
0 Kudos

Agree with you Kevin. However, haven't found a solution to my initial problem of getting the invalid user error. Any ideas?

Regards,

Ronnie

Former Member
‎05-24-2016 10:18 AM
0 Kudos

This message was moderated.

former_member225453
Active Participant
‎08-14-2013 2:27 AM
0 Kudos

Hi Ronnie,

Please check if your User has  assigned SAP_ALL Authorization.

In addition to this, there is a Invalid Superuser report in Report & Analytics tab that could be used to find the invalid firefighters,Owner,Controller & FFIDs. You can check that also.

Hope this woould be helpful!

Best Regards,

Shreya Gupta

Show replies
Show replies
Former Member
‎08-14-2013 9:26 AM
0 Kudos

Shreya,

Thanks. have cheked and the user has relevant authorisations:

FFID had the relevant FF role and the required functionality for emergency

RFC use has SAP_ALL

Former Member
‎08-13-2013 8:08 PM
0 Kudos

Dear Ronnie,

You need to add the role provided in param 4010 to the Firefighter IDs in the target system.

Go to SPRO and check the Firefighter role you have in param 4010. Check whether the Firefighter ID you are trying to use has this role in the target system.

Thank you,

Fernando

Show replies
Show replies
Former Member
‎08-14-2013 9:24 AM
0 Kudos

Hi Fernando,

Checked already and ensured again. The role is maintained and assigned to the FFID in the backend.

Ronnie

Ask a Question