- SAP Community
- Products and Technology
- Additional Q&A
- FireFighter Access for CRM WebUI
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
FireFighter Access for CRM WebUI
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 01-21-2015 4:36 AM
Hi All,
I have a specific scenario where Business want to access CRM WebUI (CRM Front End in version 7.0) via Fire-Fighter ID.But if we use t-code CRM_UI it asks for user logon id and password(which cannot be provided to the Dialog users).
Similarly if WUI_SSO is used it doesn't work because we have user exit implemented for stopping Fire-Fighter ID to login to the system directly.
Now please suggest how do I achieve this requirement.Is there any other way of doing this?
Regards
Pradeep
Accepted Solutions (1)
Accepted Solutions (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Pradeep,
Emergency Access Management (EAM) is basically designed to support ABAP based applications. Hence there are lot of limitations and issues if it is used for Webdynpro and Web based applications.
Please go through below SAP notes when trying to implement EAM for Webdynpro or Web-based applications to understand the GRC EAM limitations.
1796682 - 'User Type must be Dialog User' Dump comes when FFID tries to login to NWBC
1905295 - Launching firefighter application from NWBC not working
Object Services icon not available in Firefighter ID session
Important points to be considered
1. Firefighter approach will not work for Webdynpro and Web based applications if Firefighter ID is a service UserID. Please check the below SAP note for the same
1588075 - SSO fails for service type users in FF session.
2. Since SAP is not supporting SSO for service UserIDs, in GRC 10 SAP is suggesting a work around to convert Firefighter IDs from Service to Dialog user type to make them work properly.
3. When Firefighter ID is made as dialog user type, make sure that no password aging policy is implemented in that system.If you have password aging active in your system, then you will be requested to change the password at regular intervals.
4. Maintain some unknown password to the Firefighter ID after converting to dialog user type or generate the password and save it. Now this Firefighter ID can be used to login as Firefighter.
5. Once the above changes are made and when Firefighter user executes NWBC or CRM_UI transactions, web links shows a screen with Change password for Firefighter IDs. To avoid this issue implement the below SAP note.
1736116 - Password change window pops up after Firefighter ID launches NWBC
6. The log for the activities performed by Firefighter id are picked first from STAD and then from CDHDR. If the same details are not available in these 2 then activity details will not be picked at all. I believe that such information is not captured in above 2 if the firefighter id logs onto web applications and that is why it will not be picked.
Before gathering the above information, i have gone through lot of discussion on this forum regarding the same.
Does SPM (firefighter) support transactions CRM_UI, WUI, START_BSP using SSO?
Risk Analysis, SPM for CRM UI ( CRM 2007)
Configure Emergency Access (EAM) in GRC 10 | SCN
There is a idea submitted in the Idea place requesting SAP to enhance GRC 10 to support EAM for CRM,SRM, TM etc which uses Web UI. Please check it out.
EAM - Firefighter not works for portal system such SRM - CRM , etc : View Idea
Regards,
Madhu.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Madhu,
Thanks for your reply.I have few questions
1.You meant after setting up the FF change the user type to Dialog and do a random generation of the password and save the user and implement the SAP note as mentioned by you above.What about the user exit implemented for the FF ID ? It won't create problem ?
2.Will this changes will affect the overall functioning of the Fire-Fighter ID?
3.Will there be any other problem if FF ID is made Dialog other than password expiration ?
Overall I see only 1 major issue is password expiration ,our project has a password aging policy.
Regards
Pradeep
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Pradeep,
1. FF user exit will not have any issue as you still login in the same way as you do while using FF ID logon, only thing is when you run web UI tcodes, system wont prompt to enter UserID and Password
2. There won't be any issue with overall functioning of FF IDs but the logs will not be proper if you don;t have table logging enabled for all your tables which are critical.
3. One problem is password expiration and the other one we saw regularly is, user will open the Web UI and then logs off FF ID but still Web UI session will be active
Regards,
Madhu.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Answers (0)
- Firefighter will support in SAP Cloud Integration? in Technology Q&A
- Bug in Access Control SP23? in Financial Management Q&A
- Identifying Risks Associated with Custom Transaction Codes in SAP! Best Practices! in Financial Management Blogs by Members
- Git workflows and SAP Cloud Integration in Technology Blogs by Members
- Good to know: Firefighter Session related changes from Access Control Service Pack 21 in Financial Management Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.