Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC - Password self service - S_USER_GRP requirement

Go to solution
Former Member

‎07-06-2016 1:20 PM

0 Kudos

Good Day All.

I am implementing PSS in GRC system for all users.  We have GRC 10.1 (SP12)

But I found the user needs below authorization in connected system to reset password.

1. S_RFC & S_RFCACL  (As we have trusted RFC So this is fine)

2. S_USER_GRP  - ACTVT -  02  -  (Issue). We can't give this access to non security user.

So do we have a way to implement PSS without providing S_USER_GRP to users in connected system ?


Also advice If we can use PSS to reset password for GRC system itself ?

Thanks in advance !!!

Preview file
146 KB
1 ACCEPTED SOLUTION

Go to solution
former_member335915
Explorer

‎07-06-2016 2:24 PM

0 Kudos

Hi Rajesh,

You do not give the access to the users in  connected system. The user id which is used in the RFC is given access. It is fine to give access to this id as this is a system user.

I guess you can connect to the GRC system as well. Just maintain the required RFC and select the check box which corresponds to PSS.

Please use the link mentioned below which has the steps to configure PSS.

http://scn.sap.com/docs/DOC-58058

Let me know if this helps.

Thank you,

Regards,

Praman

7 REPLIES 7

Go to solution
former_member335915
Explorer

‎07-06-2016 2:24 PM

0 Kudos

Hi Rajesh,

You do not give the access to the users in  connected system. The user id which is used in the RFC is given access. It is fine to give access to this id as this is a system user.

I guess you can connect to the GRC system as well. Just maintain the required RFC and select the check box which corresponds to PSS.

Please use the link mentioned below which has the steps to configure PSS.

http://scn.sap.com/docs/DOC-58058

Let me know if this helps.

Thank you,

Regards,

Praman

Go to solution
Former Member
In response to former_member335915

‎07-06-2016 2:41 PM

0 Kudos

Hi Praman  , Thanks for your response.

We have trusted RFC which is connected to satellite system e.g to connect ECC the current user access is checked in GRC and ECC system.

These connector are maintained in GRC connector settings.



Or do I need to maintain the user in service - GRAC_UIBB_END_USER_LOGIN.

I checked with updating user logon data but its not solving our issue.

It seems its only for using "End user login" page which anyway we are not using.

Any other purpose of user ID maintained here ?

Any advice ?

Preview file
35 KB

Go to solution
Former Member
In response to former_member335915

‎07-06-2016 3:05 PM

0 Kudos

Hi Rajesh,

As you are not using the end user logon there is no need to maintain the guest user in the logon tab for any of the end user logon services in SICF.

Assign the authorization S_USER_GRP to the RFC user and check if it helps.

PSS functionality can be enabled for GRC connector as well.

Regards,

Manju

Go to solution
former_member335915
Explorer
In response to former_member335915

‎07-06-2016 3:07 PM

0 Kudos

Hi Rajesh,

These services are only for the End User Logon. The connectors maintained in the connector settings should suffice. Just be sure to select the PSS check box which allows a system to be used for PSS.

Thank you,

Regards,

Praman

Go to solution
Former Member
In response to former_member335915

‎07-06-2016 4:02 PM

0 Kudos

From your comment , it seems I need create a non trusted RFC with user ID with access for S_USER_GRP.

Trusted connection is causing the issue because it check the current user authorization.

Go to solution
Former Member
In response to former_member335915

‎07-06-2016 4:17 PM

0 Kudos

Hi Rajesh,

For S_RFCACL object can you maintain * value for the field RFC_USER and check if it works.

Regards,

Manju

Go to solution
former_member185447
Active Contributor

‎07-06-2016 4:06 PM

0 Kudos

Hello Rajesh Sah,

Did you happen to go through this article by Colleen

http://scn.sap.com/docs/DOC-58651

In this document, if you go through the section reset password, check point no.3 which might be some interest to you provided you are sure that you have PSS configuration done perfectly.

Regards,

Rakesh Ram M