on 08-13-2015 9:01 AM
Hi Experts
We have implemeted Firefighter user exist in our Centralized firefighter scenario.
We have maintained all relevant parametes in GRC box under Maintain Configuration settings as shown below.
Now the issue is this after the user exit is implemented in the system ,the Firefighter id can still login in SAP without any error.
Please help me here as i am sure some one must have faced this kind of issue.
NOTE: There is no issue on development side.
Thanks
Nitesh
As Plaban advised
Firefighter Ids need to be restricted from Logging in into SAP System, directly via SAP GUI. For
this purpose either we need to create and modify the SAP User Login Exit.
Please follow the steps mentioned below:
First check if the user exit is already implemented or not by going to transaction SE38 and try to
display the program ZXUSRU01. If you can see the program, that means the above mentioned user exit
is already implemented and you need to follow the process under modifying the user exit else you
have to follow the process mentioend under Implementing the user exit
Steps to be followed for Implementing the Logon User Exit for the first time in the SAP System
1) Go to transaction CMOD and give a project name and click on create button.
2) In the following screen, provide a short description for this project and click on save. At this
point you need to assign this object to a development class.
3) Next click on the Enhancement Assignments and provide "SUSR0001" as the Enhancement name.in the
following screen and click Save.
4) Next click on Components button which will show you the function exit screen where a function
module "EXIT_SAPLSUSF_001" is present.
5) Double click on the name of the exit mentioned above which will take you to the exit
implementation screen which will show an include ZXUSRU01.
6) Double click on the ZXUSRU01 (if it will give any warning, then press the Enter) which will ask
to create the inlcude ZXUSRU01 as it does not exit. click yes which will take you to a new screen
for implementing the inlcude.
7) Add the statement "include /GRCPI/GRIA_USEREXIT." in the include ZXUSRU01 implementation screen
and click on save and then activate.
😎 If you have "include /VIRSA/ZVIRSA_USEREXIT." in the include ZXUSRU01 then comment this line.
9) Go back, save and then activate the function module EXIT_SAPLSUSF_001
10) Go back and activate the project.
Steps to be followed for Modifying the already implmented User Exit.
a) Go to transaction SE38 and give the report name as "ZXUSRU01" and click on display. If you get a
message saying report does not exist then you have to follow the steps mentioned above under
Implementing the Logon User Exit.
b) If the implementation screen for the include is shown, then go to change mode and then add the
statment "include /GRCPI/GRIA_USEREXIT". at the end of your existing implementation. and then Save
and activate the include.
c) Following the Step 1, 2, and 3. In 3rd step if you will get any error "SAP enhancement SUSR0001
already belongs to project...(project name)". Kindly activate the project(Project Name) using CMOD
transaction code. If you will not get any error then follow the step 10.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
first of all, have you implemented 1541511. you can also manually do it, as per steps, mentioned by Somik.
the 2nd note says, if 1089/90 is not maintained in plug-in, then maintain 1001, in plug-in. As i have decentralized in my system, i have used this. But, i do not think, this is required for Centralized.
reason: 1089/90 relates to FF appl. type and role name, which is 4000 and 4010, respectively in GRC system. In centralized, one will not login to plug-in, and hence no need of maintaining 1089/90
@Prashant : could you share your view on my doubt
regards
plaban
Hi
The note 1541511 is already implemeted and activated.
All parameters are maintained in GRC Box but not sure what is the issue.
Aslo i checked in my plugin system and i dont see the GRC(Plugin) avaliable under SPRO so i havent maintained any parameter in plugin systems.
.Add-on GRCPINW is already avaialbe in the system.
Do let me know if i am missing anything specific
Thansk
Nitesh
Hi Prasant
Thanks for your help.
I was not able to see GRC Plug in under SPRO in connected systems.
So i followed the note 1591667 and did as below
Run the Transaction 'SIMGH' in SRM/CRM/APO System & search for 'Compliance' in IMG Strcuture Field.
You will find the Node 'Governance, Risk & Compliance', which you need to select & later add it to your Favorites on the screen. Then, click on 'Governance, Risk & Compliance' Item which is in your Favorites & click on the Display button placed in Application Toolbar, will show you the Configuration of GRC Plug-in.
I appreciate eveyone chipping in and giving your valuable inputs.
Thanks
Nitesh
Hi Plaban
Once you run the transaction SIMGH as i explained in my earlier reply and add the Governance risk and Compliance under favourites in the same screen of SIMGH and then click on display then you will find the GRC Plugin Node where you can maintain the configuation parameters.
Do not go to /n spro and search it.
Thanks
Nitesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI Nitesh,
Could you try the below
1545511 - Firefighter User Exit:
If in Sa38-> ZXSUSR01 is existing, then add the below in the program, in last line, and activate it.
include /GRCPI/GRIA_USEREXIT.
Further notes if above note does not suffice:
1735971 - User exit to prevent direct firefighter login
Regards
Plaban
you can implement the note
depends upon which support pack you are in.
you can apply this not,
again did you try deactivating and reactivating the user exit,
Regards,
Prasant
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.