on 09-01-2014 10:05 AM
Hi, We have issue in EAM when users are using Firefighter ID with some of the Z Tcodes. After they jump in to FF ID from their regular ID,if they execute some of Z Tcodes, it is opening authentication page and asking for ID and password for that Z Tcode execution. If we change FF ID user type from service to dialog, it is not asking for any authentication (its only for few Z Tcodes). We are in SP11.Please check and suggest if we can change all our FF IDs from service user type to dialog. If we change to Dialog, do we need to add any additional authorizations to users and advice if it is correct process to follow or not. Thanks & Regards, Koteswara Rao.
Hi Koti ,
Could you please check the rfc connection type Its trusted rfc or not , I am not sure but some times its might be the issue , Please check it once.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi ,
check the RFC connection once .
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Koti ,
If your are using Decnetralised ffid : http://scn.sap.com/community/grc/blog/2014/01/16/de-centralized-eam-grc-100 , go throught he link once .
Hi Alessandro, Thanks for your information. May I know why the service type FF user is prompting for ID and password to login after executing custom Tcode but it is not prompting for ID and password if FF User ID is dialog user. We are able to login to FF ID without any authentication error with service user and dialog user but after executing custom Tcode,it is prompting for ID and password to login(this is only for service type FF user). Due to that we are looking to change FF User type to Dialog. Please check and advice in this. Thanks & Regards, Koteswara Rao.
Hi Koteswara,
Could you please confirm if the customized tode has any special characters in it..? Usually this combination takes place for audits to exclude some of such transaction codes.
With service user type, this is the limitation, but with Dialog or communication it can be executed.
Regards,
Ameet
G'Day Alessandro,
This is in response to your following comment:
in AC 10.X the functionality is given to use with dialog users. Each time you log-in the system changes the password so that the end-user doesn't know the password.
If that's the case what is the significance of enabling user exits? I mean there is no way the end user can login directly without knowing the password right?(come to think of it he/she will never know unless you give it to them). I would also appreciate if you can kindly explain how user exit works from firefighting point of view. I know it is to prevent users from logging in directly using SAP GUI. However for this to happen they need to know the password of the FFID right?
Regards,
Leo..
Hi Ale and Koteswara
Ameet mentioned below but my money is on the transaction definition for the Z code. I wonder if it is calling webdynpro or some system call requesting password prompt. It does not sound like this is specific to GRC FF as you would have successfully logged in to FF and launched the SAP Easy Access Menu. Once you are in the FF Id you are using it like a normal account
What is the screen shot/password prompt? If it's HTTPS switch or some other SSO it may be more RZ10 paramter settings that Basis need to do to allow launching of this content without prompt for password.
Because this is a Z transaction code it will really depend on the back-end program - if it's a Z program as well none of us can speculate without seeing the code. You never know, it might be hard-coded to check user type.
Regards
Colleen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.