cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Firefighter user exit in centralized firefighter

Go to solution
former_member218247
Participant

on ‎08-13-2015 9:01 AM

0 Kudos


Hi Experts

We have implemeted Firefighter user exist in our Centralized firefighter scenario.

We have maintained all relevant parametes in GRC box under Maintain Configuration settings as shown below.

Now the issue is this after the user exit is implemented in the system ,the Firefighter id can still login in SAP without any error.

Please help me here as i am sure some one must have faced this kind of issue.

NOTE: There is no issue on development side.

Thanks

Nitesh

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎08-13-2015 9:54 AM
0 Kudos

As Plaban advised

Firefighter Ids need to be restricted from Logging in into SAP System, directly via SAP GUI. For

this purpose either we need to create and modify the SAP User Login Exit.

Please follow the steps mentioned below:

First check if the user exit is already implemented or not by going to transaction SE38 and try to

display the program ZXUSRU01. If you can see the program, that means the above mentioned user exit

is already implemented and you need to follow the process under modifying the user exit else you

have to follow the process mentioend under Implementing the user exit

Steps to be followed for Implementing the Logon User Exit for the first time in the SAP System

1) Go to transaction CMOD and give a project name and click on create button.

2) In the following screen, provide a short description for this project and click on save. At this

point you need to assign this object to a development class.

3) Next click on the Enhancement Assignments and provide "SUSR0001" as the Enhancement name.in the

following screen and click Save.

4) Next click on Components button which will show you the function exit screen where a function

module "EXIT_SAPLSUSF_001" is present.

5) Double click on the name of the exit mentioned above which will take you to the exit

implementation screen which will show an include ZXUSRU01.

6) Double click on the ZXUSRU01 (if it will give any warning, then press the Enter) which will ask

to create the inlcude ZXUSRU01 as it does not exit. click yes which will take you to a new screen

for implementing the inlcude.

7) Add the statement "include /GRCPI/GRIA_USEREXIT." in the include ZXUSRU01 implementation screen

and click on save and then activate.

😎 If you have "include /VIRSA/ZVIRSA_USEREXIT." in the include ZXUSRU01 then comment this line.

9) Go back, save and then activate the function module EXIT_SAPLSUSF_001

10) Go back and activate the project.

Steps to be followed for Modifying the already implmented User Exit.

a) Go to transaction SE38 and give the report name as "ZXUSRU01" and click on display. If you get a

message saying report does not exist then you have to follow the steps mentioned above under

Implementing the Logon User Exit.

b) If the implementation screen for the include is shown, then go to change mode and then add the

statment "include /GRCPI/GRIA_USEREXIT". at the end of your existing implementation. and then Save

and activate the include.

c) Following the Step 1, 2, and 3. In 3rd step if you will get any error "SAP enhancement SUSR0001

already belongs to project...(project name)". Kindly activate the project(Project Name) using CMOD

transaction code. If you will not get any error then follow the step 10.

Show replies
Show replies
former_member218247
Participant
‎08-13-2015 10:52 AM
0 Kudos

Hi All

As per Note 1735071,config prameter 1001  is already set to YES in GRC box,then also the issue persists.

Secondly, Note 2172547,talks about Simulatneous usuage of FFID.

Please let me know if i need to do some more parameters settings in Plugin/Connected Systems.

Thanks

Nitesh

former_member193066
Active Contributor
‎08-13-2015 1:12 PM
0 Kudos

Hope you have maintained parameters in plugin system as well.

let me know if you have deactivated and activated and still facing issue.

Reagrd,

Prasant

Former Member
‎08-13-2015 2:56 PM
0 Kudos

first of all, have you implemented 1541511. you can also manually do it, as per steps, mentioned by Somik. 

the 2nd note says, if 1089/90 is not maintained in plug-in, then maintain 1001, in plug-in. As i have decentralized in my system, i have used this. But, i do not think, this is required for Centralized.

reason: 1089/90 relates to FF appl. type and role name, which is 4000 and 4010, respectively in GRC system. In centralized, one will not login to plug-in, and hence no need of maintaining 1089/90

@Prashant : could you share your view on my doubt

regards

plaban

former_member218247
Participant
‎08-13-2015 4:15 PM
0 Kudos

Hi

The note 1541511 is already implemeted and activated.

All parameters are maintained in GRC Box  but not sure what is the issue.

Aslo i checked in my plugin system and i dont see the GRC(Plugin) avaliable under SPRO so i havent maintained any parameter in plugin systems.

.Add-on GRCPINW is already avaialbe in the system.

Do let me know if i am missing anything specific

Thansk

Nitesh

Former Member
‎08-13-2015 4:22 PM
0 Kudos

Hi Nitesh,

is GRCPIERP component also available. Please share SPRO from plug-in

Regards

Plaban

former_member218247
Participant
‎08-13-2015 4:50 PM
0 Kudos

Hi Plaban

Please see below from Plug in

Thanks

Nitesh

former_member218247
Participant
‎08-13-2015 5:51 PM
0 Kudos

Hi

I just observed a wierd thing in Plugin System ,not sure if the probelm is in installation             

In system status under product versions i dont see SAP GRC Access Control component

Not sure if this is the reason for fire fighter user exist not working in Plug in system.

Thanks

Nitesh

Former Member
‎08-14-2015 6:02 AM
0 Kudos

A correction to my above post. GRCPIERP is for HR component, only. 

former_member218247
Participant
‎08-14-2015 6:07 AM
0 Kudos

Guys

I have rasied a SAP Message as i dont uunderstand the system behaviour.

In some Plug in system user exist is working inspite of no config and plug in avalaible in SPRO,but in some system it does not work.

Will keep youi posted once i get some news from SAP.

Thanks

Nitesh

former_member193066
Active Contributor
‎08-14-2015 7:15 AM
0 Kudos

did u try to execute

RS_APPL_REFRESH in SE38 then check for node in SPRO

please note in SRM and CRM procedure in different if you dont see node you have notes for how to proceed.

Regards,

Prasant

former_member218247
Participant
‎08-14-2015 12:20 PM
0 Kudos

Hi Team

After lot of testing ,we were able to make it.

I followed the instrutions as per Note 1591667 and add 4000,4001,4008,4010 parameters in Plug in System.

User exist is working now

Thanks

Nitesh

former_member193066
Active Contributor
‎08-14-2015 1:08 PM
0 Kudos

so u have maintained parameter in plugin system,

thats what i was asking you earlier to check.

and hope RS_APPL_REFRESH has helped you finding the node.

Regards,

Prasant

former_member218247
Participant
‎08-14-2015 2:37 PM
0 Kudos


Hi Prasant

Thanks for your help.

I was not able to see GRC Plug in under SPRO in connected systems.

So i followed the note 1591667 and did as below

Run the Transaction 'SIMGH' in SRM/CRM/APO System & search for 'Compliance' in IMG Strcuture Field.

You will find the Node 'Governance, Risk & Compliance', which you need to select & later add it to your Favorites on the screen. Then, click on 'Governance, Risk & Compliance' Item which is in your Favorites & click on the Display button placed in Application Toolbar, will show you the Configuration of GRC Plug-in.

I appreciate eveyone chipping in and giving your valuable inputs.

Thanks

Nitesh

former_member193066
Active Contributor
‎08-14-2015 2:49 PM
0 Kudos

yeah, i thought so thats why mentioned for SRM and CRM its little different.

glad you found notes and solved the issue.

have a nice day.

Prasant

Former Member
‎08-15-2015 8:03 AM
0 Kudos

HI Nitesh,

although i did add a node, in Favorites, it still does not appear in my home screen, under favorites. This added node, also does not appear under SPRO-IMG.

So, did you find your node , in favorites or IMG

Regards

plaban

former_member218247
Participant
‎08-17-2015 9:49 AM
0 Kudos

Hi Plaban

Once you run the transaction SIMGH as i explained in my earlier reply and add the Governance risk and Compliance under favourites in the same screen of SIMGH and then click on display then you will find the GRC Plugin Node where you can maintain the configuation parameters.

Do not go to /n spro and search it.

Thanks

Nitesh

Answers (1)

Answers (1)

former_member193066
Active Contributor
‎08-13-2015 9:08 AM
0 Kudos
  1. Go to transaction SMOD
  2. Enter "SUSR0001" and press the "Test" button
  3. Here  the user exit is de-activated. Then activate this.

Regards,

Prasant

Show replies
Show replies
former_member218247
Participant
‎08-13-2015 9:30 AM
0 Kudos

Hi

The user exit is already activated in all plugin systems.

Please let me if i need to set any config parameters in Plugin systems.

Thanks

Nitesh

Former Member
‎08-13-2015 9:40 AM
0 Kudos

HI Nitesh,


Could you try the below


1545511 - Firefighter User Exit:
If in Sa38-> ZXSUSR01 is existing, then add the below in the program, in last line, and activate it.

include /GRCPI/GRIA_USEREXIT.

Further notes if above note does not suffice:

1735971 - User exit to prevent direct firefighter login


Regards

Plaban

former_member193066
Active Contributor
‎08-13-2015 9:47 AM
0 Kudos

you can implement the note

2172547


depends upon which support pack you are in.


you can apply this not,


again did you try deactivating and reactivating the user exit,


Regards,

Prasant

Ask a Question