cancel
Showing results for 
Search instead for 
Did you mean: 

EAM Pre-Approval or Approval Required

0 Kudos

Hi All ,

I need advice if we can both have both pre-approved and approval required EAM Access in SAP .The EAM access which my organization should be combination above.  I have went through the documentation on EAM - Provisioning Strategies which gave a good idea on EAM .

http://scn.sap.com/docs/DOC-57322

The problem which I am having after I have configured the EAM Access in NWBC

  1. 1. Maintain Owners and Controllers in Central Owner Maintenance
  2. 2. Assign Owners to Firefighter IDs
  3. 3. Assign Controllers to Firefighter IDs
  4. 4. Assign Firefighter Users to Firefighter IDs

I was able to login using Firefighter IDs without approval even though the owner rejected the request .

Checked the parameter 4007 and 4008 both was set to Yes,

Would that mean we can only have either pre-approved and approval required EAM Access .   Much help advice on this .


Regards

Kumar

Accepted Solutions (1)

Accepted Solutions (1)

madhusap
Active Contributor
0 Kudos

Hi Kumar,

As per your requirement you can follow below approach

Design Considerations

** Manual Assignment of Users to FF IDs is not allowed

** End Users are not given access to create FF ID access requests by restricting using request type auth object

Pre-Approval will not be through GRC system

1. Users who need Firefighter access will get offline approval via Email and then will raise a ticket to our support team.

2. Based on email approval and ticket raised, our support team will raise a EAM access request for the user attaching the approval Email

Approval in GRC system

1. Once the request is raised, it goes for approval to  FF ID owner and up on approval  from FF ID owner user will be assigned with the requested FF ID

Regards,

Madhu.

Answers (2)

Answers (2)

former_member184114
Active Contributor
0 Kudos

Kumar,

If you wan pre-approved, then assign FF ID manually after obtaining necessary approvals as per your designed protocol. This does not need any WF configuration.

For Approved, as pointed by others, you need to  define WF in GRC system.

It is very nicely explained by Madhu.

Regards,

Faisal

0 Kudos

Hi All ,

Thank you a lot for giving a good overview on this  , now understand we can’t have both way for EAM . This explain why even after I rejected the FF ID  via workflow I still able to login with FF  ID for the those FF ID which assigned to a Fire Fighter .,

AndrzejP
Active Participant
0 Kudos

Hi Kumar,

you have to choose, either you assign particular FF ID manually(pre-approval) or via request. Once you assign it manually there is no point to create request - anyway you would have access.

For workflow set-up please have a look on this document:

Best regards, Andrzej