cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC EAM - Single Firefighter Multiple User Login

Go to solution
Former Member

on ‎08-23-2014 6:09 AM

0 Kudos

Hi Folks,

Good Day...Please need your valuable suggestion on the below issue...

We have configured GRC EAM 10.0 with a mapping of Single User Id to Single Firefighter but now we have got a scenario where Multiple Users require single Firefighter ID .

Mapping is done for Multiple users with single Firefighter ID., we have logged in with first user and successfully working but same time when the other user logged in, it is not allowing to enter into same firefighter (Popping a message as User1 is already using Firefighter)

Please provide me if any solution...

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Colleen
Advisor
Advisor
‎08-23-2014 6:25 AM

Hi Hima

Just to clarify here - you can assign the same FF Id to multiple users. However, only one user is allowed to access the account at a time. Once the log-in no-one else can user that account until they exit it and release it.

Is this your situation or something else? If something else, please advise what Support pack you are on as well as whether this is centralised or decentralised

Regards

Colleen

Show replies
Show replies
Former Member
‎08-23-2014 6:31 AM
0 Kudos

Hi Colleen,

Appreciate your quick response...

You are right my situation is the same... When we were using GRC 5.1, we were able to beat the above situation (Single Firefighter, Multiple Users login at a time) but  i need to know whether this has been deactivated for GRC 10.0 pls

Colleen
Advisor
Advisor
‎08-23-2014 6:35 AM
0 Kudos

Hi Hima

I'm not quite sure what you mean by "beat the above situation". Possibly 5.1 was never intended that was

I was under the impression back when it was /VIRSA (up to 5.2) the system was always designed this way. I'm not sure how it worked on 5.3 but the log capturing and filter on FF Id would probably be impacted if you were to allow multiple users to access the account at the same time

I've taken the approach of 1:1 mapping for users who always access FF. If not, set of FF Ids per area and assign them all to the team. If the first one is unavailable then work your way down the list. Use a naming convention on the FF Id and assign the appropriate access so it's clear what the intended usage of the account is.

Regards

Colleen

Former Member
‎08-23-2014 6:36 AM
0 Kudos

Hi Hima,

No there is no such way to use same FFID by multiple users at the same time.

There is an option "message" where you can drop a message to the firefighter who is currently using that FFID and let that user know that you need to execute the same FFID and depending on that, it can be used but again as Colleen mentioned, it can't be used by multiple users at the same time.

Hope this is clear now.

Regards,

Ameet

Former Member
‎08-23-2014 7:04 AM
0 Kudos

Hi,

It did not work in GRC 5.3 also...Yes got it... Thank you so much.

Former Member
‎08-23-2014 7:04 AM
0 Kudos

Hi,

Yes got it...Thank you so much.

Former Member
‎08-23-2014 7:08 AM
0 Kudos

Hi,

One more clarification pls... When User Logs in directly with Firefighter ID in to backend system it will give a message that you cannot login - From where the restricted access will be populated (Configuration or Authorizations)..

Pls help!!!

Colleen
Advisor
Advisor
‎08-23-2014 7:23 AM
0 Kudos

Hi Hima

What you describe is exactly how the system is intended to work. It would be a major security risk if the FF Ids could be access directly via SAP GUI login. That would be like having a generic user - no way to track who is using it.

It is a system control. By being configured as a FF Id the system prevents it. You cannot bypass this and it is a deliberate system protection. This was always the case even going back to VIRSA.

FF Ids are accessed via the FF cockpit only. The user is then forced to enter the reason and summary of activity to include in the log and provide some context of why they are using the account.

It sounds like you have some design issues that you need to revisit as the current strategy you are attempt is not SAP standard

Regards

Colleen

Colleen
Advisor
Advisor
‎08-23-2014 7:23 AM
0 Kudos

please close out your question as answered if you know "got it"

Former Member
‎08-23-2014 7:31 AM
0 Kudos

Hi,

We are not trying to remove the control or any standard functionality just trying to understand from where the control is maintained and for new IDs how to put that control so that no users can login directly...

Pls...

Colleen
Advisor
Advisor
‎08-23-2014 7:36 AM
0 Kudos

Hi Hima

Good to hear (sorry for your first question and this one led me down that path)

I assume the program to login to SAP (can't remember name off the top of my head) performs a check to see if FF is configured and the User is a FF Id. This program is locked down so you cannot view the code (if it's not the program then the kernel is performing a check but pretty sure it's the program).

So in short, as soon as you configure the user to become a FF Id then it cannot be logged into via logon pad.

As an additional security measure you should be able to deactivate the FF Id password as it is not required by GRC. This will add additional certainty that no user can access it (you will have change documents to show this should the account ever be removed as a FF Id).

Regards

Colleen

Former Member
‎08-23-2014 7:44 AM
0 Kudos

Hi,

Right!!! Thank you..

We have configured a new User now in GRC EAM 10.0 and mapped to Firefighter ID. But this new Firefighter ID is able to login via GUI logon pad to backend system...Firefighters which we have migrated from GRC 5.3 couldnt login to backend and it is giving a error message but the ID which we are trying now is able to login..

Pls suggest what can be done for restriction...

Colleen
Advisor
Advisor
‎08-23-2014 8:05 AM
0 Kudos

Hi Hima

Looks like some slight differences compared to 5.3

Diego put together a really good guide on EAM - refer here:

Refer to section on EAM user exit as it mentions some notes, etc. It should cover your issue

Regards

Colleen

Former Member
‎09-13-2014 10:25 AM
0 Kudos

Hi Hima,

Be kind to close this thread if you have got your concerns cleared and mark the answers with your response.

Regards,

Ameet

Answers (0)

Ask a Question