cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restricting the Firefighter User Dropdown Box

Go to solution
jonathon_sullivan
Explorer

on ‎10-04-2016 6:19 PM

0 Kudos

Hello,

Does anybody know how to restrict the users from appearing when you assign a new Firefighter session?

Obviously the "Filtering" in the available list isn't suitable.... (best not to have them there in the first place).

I have sync'ed all users from the ERP system into GRC but by doing so this has pickup all the leaver records also.

These are defined by the User_Group in SU01 and the Valid_To date with the accounts being locked down.

I ONLY require to pull (sync) the "Active" records to limit the available user selection from the dropdown box for Firefighting.

Having dead records in the list isn't good.

Would also only need to run risk analysis (at user level) only for active records.

Thanks

Jon

(Currently using GRC10.1 - / GRCFND_A  V1100  0013 )

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎10-05-2016 10:18 AM
0 Kudos

Hi Jonathon,

If you want to exclude the locked users from repository object sync the below Note should help you. Can you try implementing this your plug-in system


2007402 - Configuration Parameter for Locked Users in Repository Sync

Regards,

Manju

Show replies
Show replies
jonathon_sullivan
Explorer
‎10-05-2016 11:03 AM
0 Kudos

Hi Manju,

Thank you for identifying this.... the parameter was already in my ERP system (1004) but was not populated. If I enter the value 64 (locked users by admin) then this should exclude them from the object sync. Brilliant....

Thank you Manju

Regards

Jon

former_member185447
Active Contributor
‎10-05-2016 11:39 AM
0 Kudos

Hello Manjunath,

Good one. Another learning for the day.

Thanks a lot.

Regards,

Rakesh Ram M

Answers (2)

Answers (2)

plaban_sahoo6
Contributor
‎10-05-2016 6:07 AM
0 Kudos

hi,

could you clarify, what you meant by FF session.

Is it assignment  of FF id to user by admin? For the expired users, you may remove the the role assigned SAP_GRAC_END_USER and the basic GRAC roles, such as SAP_GRAC_FN_BASE. Then sync these expired users.

This will not make the expired users appear.

Regards

Plaban

Show replies
Show replies
jonathon_sullivan
Explorer
‎10-05-2016 9:14 AM
0 Kudos

Hello Plaban,

Yes your right, it's the assignment of FF id to a user by admin. When I've sync'ed the users from the backend ERP, they are not in the SU01 so do not have any roles to remove. It seems a little crazy for the system to pull absolutely everything over regardless. The sync program doesn't allow you to specify any criteria.

Thanks

Jon

former_member185447
Active Contributor
‎10-05-2016 2:23 AM
0 Kudos

Hello Jonathan,

Did you happen to go through this thread which will help you?

https://scn.sap.com/thread/3820829

Regards,

Rakesh Ram M

Show replies
Show replies
jonathon_sullivan
Explorer
‎10-05-2016 9:11 AM
0 Kudos

Hello,

Thank you for the thread. We are using the naming convention starting with FF so could filter the list. It's the fact that they are there and "could" be used which is wrong.

Will keep looking.

Thanks

Jon

Ask a Question