Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

VIRSA-->Firefighter --General Doubt

Former Member
0 Kudos

The FF users are created as a SERVICE user. This means that these users cannot log onto the SAP system. Now my question is:

1. How does the FF get on to the SAP system ?Does he piggy back ??

Thanks!

1 ACCEPTED SOLUTION

Former Member
0 Kudos

Hi Pratap,

I dont remember the exact tcode, but there is aTcode that the Fire fighter would key in and hey would be directed to a new screen which has a Login screen. SO once he clicks login-- enters into the system with the authorizations as a firefighter and with FF ID. He no longer is using his own ID.

Will check out and let you know exactly how a FF liogs in the system...

Br

Sri

Award points for helpful answers

19 REPLIES 19

Former Member
0 Kudos

Hello Pratap,

Service users can logon on the system. Only system and communication users cannot login.

Check this out:

http://help.sap.com/saphelp_nw04/helpdata/en/52/67119e439b11d1896f0000e8322d00/content.htm

Regards.

Ruchit

0 Kudos

Ruchit,

Thanks for your following up this query.

The link you have pasted in response I did visit. I have pasted below the relevent part :

System (B)

User type for background processing and communication within a system (internal RFC calls).

○ A dialog logon is not possible.

○ The password change requirement does not apply to the passwords, that is, they cannot be initial or expired. Only a user administrator can change the password

○ Multiple logons are permissible.

When you logon ie if the SAP system accepts your user id & Password you are in all probablity a dialogue user.

The Service user is not peremitted to logon to the system. best way to check this is to create your own user (Su01). in the process there is a section where you can select the type of user , try using the service user.

Regards

0 Kudos

Hello Pratap,

You have posted the details for system user not service user.

You can login into othe system using service user. The main difference between dialog user and service user is that for service user password never expires.

Service users are permitted to logon. Create one in Su01 and then try out yourself.

Regards.

Ruchit.

Former Member
0 Kudos

Hi Pratap,

I dont remember the exact tcode, but there is aTcode that the Fire fighter would key in and hey would be directed to a new screen which has a Login screen. SO once he clicks login-- enters into the system with the authorizations as a firefighter and with FF ID. He no longer is using his own ID.

Will check out and let you know exactly how a FF liogs in the system...

Br

Sri

Award points for helpful answers

0 Kudos

You create the FF users as service users. At this point the user can logon via a dialog logon. ONCE you add the user to the FF users toolbox/table a user exit prevents this FF user from logging on via dialog

0 Kudos

Thanks David, This is exactly my question one FF has been configured? How does he get on to the system as he is prevented by the user exit.

0 Kudos

I am not familiar with this product, but technically they might have the user exit resetting the password or locking the user again if a dialog logon is made => So he is prevented from logging on again; but is already logged on.

Just an idea.

0 Kudos

FFID - the service account with SAP_ALL

FF User - The user that uses the FFID when they need SAP_ALL access

FF Adminstrator - The ADMIN of the FF application

-


you create a FFID as a service account. You then logon as a FF administrator and add that FFID to the FF toolbox, and assign a dialog user as a user of the FFID you just created(FF User)

Then the FF user logs on as themselves (using the limited access account) and they run the FF transaction /N/VIRSA/VFAT. They will then see the FFID they are assigned to and will be able to click on that account the logon. Once they click on this account the FF tool logs them onto SAP.

0 Kudos

I forgot to add

FF Owner - The owner of the FFID account

FF Controller - The person responsible for reviewing the logs that are created by FFID

0 Kudos

David ---> Thanks a ton am just beginging to work out your suggestions.

All the same, are n't we Supposed to exclude SAP_ALL from our profiles?

0 Kudos

Yes, I'd exclude SAP_ALL when possible. I only mentioned that profile so you'd understand that I was talking about an account with elevated access

0 Kudos

great !! thanks ! I have awarded the points too !!!

David i am learnig this part of SAP --FF/Enforcrer/CC --ie virsa by myself so be ready to get more & More &More PO(ints!) STS on this -

Do you have any docs on this apart from those on SDN ?

thanks

0 Kudos

I used the Firefighter 3.0 user guide and I thought that was pretty helpful. I also had to find many answers on the forums as well as from SAP directly

0 Kudos

David,

Please mail me the doc to me <b><removed by moderator></b>

If you have ANY more on VIRSA please do mail it to me so that I can study that too

Regards,

koehntopp
Product and Topic Expert
Product and Topic Expert
0 Kudos

Again, posting your email address here in the forums may result in more email than you'd like to get

I'd suggest visiting the Service Marketplace, which has all of those documents (and more):

https://websmp202.sap-ag.de/~form/sapnet?_FRAME=OBJECT&_HIER_KEY=501100035870000015092&_HIER_KEY=601...

Kind reagrds,

Frank.

0 Kudos

And, hardcoding plaintext passwords for unnamed accounts may result in a wider user community than you'd like to get...

Cheers,

Julius

Okay, I see the encryption footnote now... (sorry)... but if the destination information is unmaitained, then how does it get the password into the RFC logon screen; or (temporarily) into the destination? It would need to be decryptable within the system?

Message was edited by:

Julius Bussche

0 Kudos

There is an USER EXIT that prevents the Logon. This is from the various references that I made over the days !!

0 Kudos

Hi Pratap,

I dont know this product, so perhaps I should rather shut up...

But if I do bump into one sometime, then I will remember to take a look at this.

Cheers,

Julius

Former Member
0 Kudos

Julius,

When We create this particular user, its created as a service user that means we donot give a Password.

In the RFC you referred to, The RFC when Created SHOULDNOT have any Users attached to it.

( i too thought that we need to give one as in SM59, but on studying the topic, We must not , i have not tried this aspect though..shall let you know !)