- SAP Community
- Products and Technology
- Additional Q&A
- What will be the Role Name of FF ID role in 4010, ...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
What will be the Role Name of FF ID role in 4010, if every plug in has diff. FF id role name
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 05-08-2015 9:32 AM
Hi All,
I have diff. role names of FF id roles, for every plug in. So, which role name should be there in 4010. Also, in GRC box, shall i not mention all the plug-ins in parameter 1000 in SPRO->Access Control-> Maintain Plug-in Configuration settings
Regards
Plaban
Accepted Solutions (0)
Answers (3)
Answers (3)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Plaban,
We are facing similar kind of issue, can you please share the resolution steps if its already resolved?
Component - GRC Ac 10.1 SP23
Firefighter ID Role per connector is different and maintained all the roles in GRC. Any other config settings we need to maintain.
Regards,
Siva
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Plaban,
If you use centralized firefighting, you have to use single FFID role for identification of FFIDs.
But if you are using ID based decentralized Firefighting, then you can maintain configuration setting for for FFID role name in the respective plugin systems.
To answer your second question:
Parameter 1000 for maintain plug-in configuration settings need to be maintained in plug-in systems and not in GRC system. So you can only maintain respective connectors i parameter 1000 in all plug-in systems, and GRC connector in parameter 1001.
Kind regards,
Yashasvi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi,
Decentralized(enabled through 4015), does not mean that Centralized cannot be used , simultaneously. That is how my system is configured, i.e to use both.but decentralized is only to be used, when GRC system is down. i.e primarily Centralized EAM is used.
Now, in 4010, the FF ID role is different from what plug-ins have(in their FF IDs). But all these FF ids have been successfully set up, i.e with Owners and Controllers.Can you explain how does this happen.
Also, could you say, why GRC Plug-in option is available in GRC box, if the same is not be configured in GRC box. fyi, GRC system is also a connector to itself. and Plug-in config. is not required for FF ID in GRC box
Regards
plaban
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi All,
Could you suggest on the above.
In brief: i have Centralized EAM. But all plug-ins have diff. FF id roles, and none of these FF IDs have role of 4010. So, how did they appear to be assigned to Owners, in NWBC.
fyi, Rep sync job alone, will not make a FF id appear in NWBC. FF id needs to have the role of 4010.
Also, Does enabling of Decntralized EAM(4015), disables Centralized EAM.
Could you help here
Regards
Plaban
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Plaban,
Decentralized firefighting is preferable because you don't want to take load of users in new GRC central system. suppose you are going to connect 5 back end system where each system has 500 users. Do you want to support these users in new GRC system, while you are already supporting them in backend system.
Also decentralized EAM does not mean if your GRC system is not available, you can do the firefighting. If GRC system is not available, you won't be access Firefighter.
Decentralized EAM for backend firefighter users. they'll use the same system and do the firefighting with new Tcode.
Repository Sync job will sync user, role, auth from backend system. make it run periodically ( every 15 mins)
in NWBC, you first define the FF owner and controller in access management --> grc role assignment-> access control owner. ( FF owner & controller must have their respective roles else they won't be displayed on search)
after that you assign the ff-id to owner in EAA -> Owners.
after that you assign FF-id to controller in EAM -> controllers
now you login through FF owner and assign FF-id to FF user.
Note: always search and select if search option available in input field else you will get error.
FF ID and FF users must have respected roles given in GRC guide else they wont be displayed in NWBC on search.
role SAP_GRAC_EAM_FFUSER_PLUGIN must be assigned to FF user.
role SAP_GRAC_SPM_FFID must be assigned to backend system FF id.
FF id must be of super user group and system/service type.
let me know in case you have any queries.
thansk,
Pavan
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Pavan
Our GRC system is configured to handle 1000's of users.So, centralized EAM is OK. Also, i think most of the organizations use Centralized EAM
in decentralized, FF user logs into plug-in and uses the FFid. So, why cannot FF id be used, if GRC is down
Now, for your 2 points:
after that you assign the ff-id to owner in EAA -> Owners.
AND
after that you assign FF-id to controller in EAM -> controllers
FF id will only appear in search(in NWBC->..->Owners), if it has 4010 role assigned and Rep sync run. . In my case , 4010 role is different from FF id roles , and each plug-in has diff. FF id role.
So, how does a FF id appear in search?. Can you try this scenario
Regards
Plaban
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi,
maintain the GRC & Plug-in system parameters for EAM.
if FF id has SAP_GRAC_SPM_FFID this role, then only it will be displayed in NWBC on Ff-id search.
FF-ids can have multiple roles but SAP_GRAC_SPM_FFID must be assigned to all firefighter ids.
and you must maintain 4010 with this role in both system.
EAM master data sync job must be running in GRC system, periodically ( every 15 mins), checking for master data consistency between the AC repository and the plug-in systems for Emergency Access Management.
Thanks,
Pavan
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Sahoo,
It is SAP_GRAC_SPM_FFID.
Copy it into a Z Role and assign it to the FF IDs as well as maintain the same in 4010 Parameter.
Regards,
Deepak M
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Comprehensive Guideline to SAP VMS in Technology Blogs by Members
- Consuming SAP with SAP Build Apps - Connectivity options for low-code development - part 2 in Technology Blogs by SAP
- RISE with SAP advanced asset and service management package in Supply Chain Management Blogs by SAP
- SAP Business Transformation Journeys: Insights from ASUG Members on the Center of Excellence in Technology Blogs by Members
- How AI-based Anomaly Detection empowers reliability engineers in SAP Asset Performance Management in Supply Chain Management Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.