cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restricting Firefighter Access Request in GRC 10

Go to solution
Former Member

on ‎11-02-2015 9:57 PM

0 Kudos

Hi,

We are trying to implement SAP GRC 10 Firefighter Access Request.

Requirement: Finance users should see only Finance Firefighter ID's to select from the drop down box but not Security Firefighter ID's.

Please advise if this restrictions is possible at the Firefighter ID level. We were able to restrict Firefighter access at the system level with Connectors. We couldn't find any auth object to restrict the Firefighter ID at the ID level.

Thank you,

Krishna

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

shivraj_singh2
Active Participant
‎11-03-2015 1:23 AM
0 Kudos

Krishna,

You may explore user groups (which in combinations with system level restrictions you already have can work pretty well)

But rather than going through such an effort, using an easy to understand naming convention for your FF IDs may work better. In cases where a FFID request has to be made by someone other than end user (on end user's behalf i.e. is delegated), the business requirement you are working on may become too restrictive. So a naming conventions as simple as F_ECC_SEC01 may work better than altering the BRF+ rules.

Regards

Shivraj Singh

Show replies
Show replies
Former Member
‎11-03-2015 3:44 PM
0 Kudos

Hi Shivraj,

Thank you for your quick response.

I tried user groups but, it was not helpful to restrict at the FF ID level.

We already have easy to understand naming convention for our FF ID's in place but we wanted to see if we can restrict the ID's with respect to the Department.

Regards,

Krishna

Answers (2)

Answers (2)

former_member242638
Explorer
‎10-05-2016 2:24 PM
0 Kudos

Hi Krishna,

Could you please check below 2 authorization objects if it helps for restriction.

GRAC_FFOWN

GRAC_SYS

Regards,

Varun Jain

Show replies
Show replies
plaban_sahoo6
Contributor
‎11-03-2015 4:13 AM
0 Kudos


Hi Krishna,

the standard SAP user role SAP_GRAC_END_USER, provides auth. object GRAC_USER. Could you check if User id/User group can be used to restrict FF id selection.

Regards

Plaban

Show replies
Show replies
Former Member
‎11-03-2015 4:57 PM
0 Kudos

Hi Plaban,

Thank you for your advise!

Auth object GRAC_USER from end user role did not allow me to restrict the FF ID's at the ID level. I was able to restrit at the system level but not at the FF ID level.

Regards,

Krishna

Ask a Question