- SAP Community
- Products and Technology
- Additional Q&A
- EAM - Auto Provision Default Firefighter Role!
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
EAM - Auto Provision Default Firefighter Role!
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 06-11-2015 2:29 PM
G'Day All,
Is there a way we can automate the provisioning of 'Z_GRAC_SUPER_USER_MGMT_USER' role, when someone raises a request for FFID?
I mean we have the option of Default Roles but this is system wide. So I was wondering can we do something like that with the default firefighter role, only request/user specific rather than system wide?
Regards,
Leo..
Accepted Solutions (0)
Answers (3)
Answers (3)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
@sarat Adari
How you have enable default role with template based?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
G'Day Guys,
Just a follow up to the original question and we have found a simple workaround. I just created a template for Super User Access, with the default firefighter role assigned. So if anyone who wishes to raise a request for an FFID will have to use the template based request, in which the default role is already added to and will get provisioned without any approvals.
Regards,
Leo..
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi S,
Normally, that role is permanently assigned to a FF user. So, why request is required to assign the role everytime?FF usage is supported by the assignment of FF id for a specific period. So, it is better to have the role all the time.
But, if you do not want it to be approvedd, then it can have no Role owner for that role, and direct it to a path, with no stages, for auto-approval.
Could you explain, how can a default FF role, be request /user specific. This means that everyh FF user will have diff. FF role. I do not think, it makes sense
Could you explain, your requirement
Regards
Plaban
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Plaban,
Thank you for your input. My requirement is pretty simple, Here's how I would like for it to work:
1. User raises a request for a particular FFID (Request Type = 006)
2. When this happens, this user should have the default 'Z_GRAC_SUPER_USER_MGMT_USER' assigned automatically
I understand its a permanent assignment but even for that to happen, initially someone has to either manually assign that role to the end user or raise a separate GRC request for that assignment. Considering both of these cannot be raised in the same request hence toying with the idea of automating it.
As of now we have some default roles which gets auto assigned based on the Parameters 2010-2013 however we have set this up system specific, i.e if a request is raised for a certain system then a particular role gets added to the request and provisioned without any approvals. So as of now I am trying to somehow link this to request type (2010). For example:
If Request Type = 006 then tie it up to an attribute(2013) other than System, which is tied up to Request Type: 001
I hope this makes a bit more sense now. It might sound like its not really worth the effort but GRC is all about automation and having some sort of an audit trail right hence this query.
Regards,
Leo..
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi S,
Since assignment of FF user role is a one time activity for all users in all of your systems, why don't you assign it as a Multiple user request, with no Role owner for these roles. So, this will assign specific role(of a system) to a user. This can be raised by Security admin, also.
Also, can you try including Action 'Assign Objects', in Emergency Access request, under User provisioning-> Define request type. This will give you the option to add role, in FF request.
Regards
plaban
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Plaban,
I guess that's (including Action 'Assign Objects') the next best thing to provisioning it as a default role. In fact we can even control the validity of that role using this method. The first option you mentioned is a valid one too if it is for permanent assignment. However it wont work for temporary assignments (SAP to get into our systems, maybe auditors etc). Nevertheless thank you for your valuable feedback. Appreciate it..
Regards,
Leo..
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Behind the compatibility - What are the compatibility means between GRC and the plugins in Technology Blogs by SAP
- Configure Custom SAP IAS tenant with SAP BTP Kyma runtime environment in Technology Blogs by SAP
- SAP Enable Now setup in Technology Blogs by Members
- Streamline the updates for SAP HANA Cloud with SAP Automation Pilot in Technology Blogs by SAP
- What’s New in SAP Analytics Cloud Release 2024.06 in Technology Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.