cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC AC 10 EAM - Distiguish between a firefighter id and a regular user id logon by looking at it

Former Member

on ‎05-28-2014 10:09 PM

0 Kudos

Hello,

I have a requirement where users want to see a change in SAP screen( color/warning/note)  while using a firefighter id.

Reason behind the requirement is that some users are not logging off after using the firefighter id and by mistake using the firefighter id as their own user id for their day to day jobs.

We are conducting training sessions for users but wanted to check if anyone has worked on the same requirement before .

I know SAP GUI settings to get different color codes for development, staging and production sap system but we can not use this for firefighter id globally.

Mark

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎06-02-2014 7:56 AM
0 Kudos

Hello Mark,

I guess you are not using SSO for normal ID login in different systems.

But I am curious because in my organization it's different.

One thing : We have SSO and second thing user's have very limited access under normal ID.

even if users are logging in using GUI. Throug  GRC_EAM , it will take them to UI and from there user's sees the FF ID's ?

Is that not the case here ?

Thanks

Munish Kumar

Show replies
Show replies
alessandr0
Active Contributor
‎06-02-2014 8:01 AM
0 Kudos

Dear Munish,

nope - the problem is that the sessions look similar (normal user and firefighter). As end user you can hardly distinguish which session you are using.

In the status bar you can show the logged on user information, but beside that the user interface is similar.

Regards,

Alessandro


Former Member
‎06-03-2014 7:26 AM
0 Kudos


Hi Alessandro,

Can you please tell me the steps to login in FF you are using ? And screen shot if possible ?

Thanks

Munish Kumar

alessandr0
Active Contributor
‎06-03-2014 7:34 AM
0 Kudos

Dear Munish,

we have decentralized EAM and login is done directly in the backend via transaction /GRCPI/GRIA_EAM.

Regards,

Alessandro

Former Member
‎06-03-2014 7:41 AM
0 Kudos

Hi Alessandro,

Oh that's the case.

You can change the naming convention of FF ids , and users can differentiate with it , will it not work ?

Thanks

Munish

alessandr0
Active Contributor
‎06-03-2014 7:47 AM
0 Kudos

Dear Munish,

yes I know - but the case is, if you log in the user interface will be similar (same color, same theme, etc) and the end user doesn't know with which session he is working (normal user or firefighter).

I am aware that the user name is different, but for an end user it is very difficult to see (also be aware that end users are mostly normal user without the intrest of SAP).

Regards,

Alessandro


Former Member
‎06-04-2014 1:10 AM
0 Kudos

Hello Munish,

Naming convention is different for firefighter ids however issue is when a user who has access to firefighter id has two sessions open, One where user is in sap using their own id and another using a firefighter id. Now SAP screen looks same if you are in your own id or in a firefighter so user may by mistake use the firefighter id for their day to day jobs.

Mark

Colleen
Advisor
Advisor
‎06-04-2014 3:51 AM
0 Kudos

Hi Mark

Changing screen colours are unlikely to really help and I thought those settings are stored against the SAPGUI settings. You could talk to Basis/Developer to see if they have any suggestions in that space.

I have not done this before (and Basis/ABAP might shoot me down for performance issues) but is it possible for a custom program that runs in background and checks for active FF sessions? it can track and every xx minute display a pop up to remind them they are in FF.

The challenge here will be users legitimately in FF Ids will get frustrated. It could be improved with a check box for 'don't remind me again for this session'.

You still rely on training of users and controllers of what FF should be used for in your company. Security authorisations provide additional restriction.

Regards

Colleen

Former Member
‎06-04-2014 7:31 PM
0 Kudos

Hello Colleen,

Its true that color coding of screen is always at GUI level and can not be used in this scenario that was the reason I posted this discussion to see if others have faced the same issue and have done something about it.

Custom Program could be definitely an option but I guess in comparison of issue VS time/money/performance we can settle down with some additional training.

Mark

Colleen
Advisor
Advisor
‎06-05-2014 1:12 AM
0 Kudos

Hi Mark

Yes training is the way to go but it is an issue faced a lot when users forget which account to use. You are right - like all design - there is that balance between time, cost, effort and functionality.

Good luck on it

If your question has been answered here, please close the thread out

Regards

Colleen

alessandr0
Active Contributor
‎06-02-2014 7:48 AM
0 Kudos

Dear Mark,

so far there is no possibility to give colors or warnings when logged on via firefighter. I have the same problem in my organization and assume others do have the same.

To avoid that a user does his daily work with the firefighter we have limited the access rights of the firefighter. Basically a user who has a firefighter has authorized "missing" transactions in the firefighter and does not have the access to his daily work authorization.

This isn't the perfect solution but as work around it serves its purpose.

Regards,

Alessandro

Show replies
Show replies
Former Member
‎06-04-2014 1:16 AM
0 Kudos

Hello Alessandro,

Thanks for your reply.

I think then here I will stress on user training on firefighter usage. We have tried to restrict the firefighter id access by giving exceptional T codes but to give access to a specific business process sometimes we have to include the non sensitive T codes that user have in their own ids as well.

Mark

Ask a Question