cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

EAM Access Setup

Go to solution
Former Member

on ‎10-31-2014 2:49 AM

0 Kudos

Hi All ,

I have a very basic question on FF definition .  We decided that all consultant should have access as FF User .

Would that mean in NWBC I need to specify each of their SAPUID under the respective FireFighter ID..

Example Fire Fighter ID : FFIDXX01

Fire Fighter User ID  : CONSULTANT1; CONSULTANT2;

Regards

Amir

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Colleen
Advisor
Advisor
‎10-31-2014 3:58 AM
0 Kudos

Hi Amir

You need to step back and figure out the design and usage of the accounts. Options can include:


Aproach 1

Each user has is granted a FF Id. Therefore, if you have 300+ support users then you will need 300+ FF Ids.

    • Benefits: if your users are required to use FF frequently, then they might each need their own so they don't lock each other out. A FF Id can only be used by one user at a time
    • Benefit:  you can map each person to a specific controller (more controllers potentially)
    • Drawback: large number of FF Ids and you might have some users who rarely need FF access.
    • Log review would be the same effort as it's based on usage
    • Naming convention of FF Id -  most places try to have a convention of User Id + FF (eg FF_12345 is assigned to user 12345) depending on characters you can play with.
    • FF Access can be a lot more specific to the user's support requirement (restrict what they can do on the FF Id).

E.g 300 Users = 300 FF Ids

Approach 2

Multiple users have are granted to FF Id. You group users into their job function and assign them to the FF Ids.

  • Benefit - less administration compared to option 1
  • Drawback - users may compete for access to a FF Id
  • Process wise - you would advise your users that they will see multiple Ids in their logon cockpit and tell them to chooose the first available one
  • Log review would be the same effort as it's based on usage
  • Naming convention of FF Id tries to differentiate the account purpose (e.g. Finance would be FF_FI01 through to FF_FI10 if you created 10 FICO roles. You could even have FF_FIAP01 for Accounts Payable functions only). Either way, it's to make administration easier.

Example: You have 300+ support users across 10 modules. Therefore, at a minimum you would need 10 FF Ids and multiple User to FF Id assignments. Due to the 300+ people you might allow multiple FF Ids for each module (i.e. 3 FF Ids for Finance).

Approach 3

You have a hybrid of the two areas to overcome the shortcoming of both. For high volume areas like security you might assign each user their own FF Id (1 to 1 mapping) whilst other areas you might assign a shared Id.

The FF Logs which User accesses which FF Id so you are all good there.

Depending on your business requirements, you might want to enable ARQ workflow for FF requests to manage the administration and allow controllers to approve. Part of your design is also if the Support Users are permanently assigned the FF Id are must request them when they need them.

Regards

Colleen

Show replies
Show replies
Former Member
‎11-02-2014 2:45 PM
0 Kudos

Hi Colleen ,

Thank you as usual on your feedback it provide me a good perspective on how to move forward .  

I have suggested to use the 2nd approach however they won’t logging into GRC prior logging into ECC instead directly to GRC .

@ Baithi I have checked the SAP Note and seems it used for upgrade . Thank you for again for your feedback . 

Colleen
Advisor
Advisor
‎11-03-2014 12:59 AM
0 Kudos

Hi Amir

Glad you figured out how best to proceed

however they won’t logging into GRC prior logging into ECC instead directly to GRC .


That just means you need to configure decentralised FF (available as of 10.0 SP10) for users to launch FF via the ERP instead.



Regards

Colleen

Answers (1)

Answers (1)

former_member197694
Active Contributor
‎10-31-2014 3:06 AM
0 Kudos

Hello Amir,                        

I don't think it is best practice to give FF access to all consultants

The below link gives you information about FF assignments in EAM

         

BR

Baithi

Show replies
Show replies
Former Member
‎10-31-2014 3:15 AM
0 Kudos

Hi Baithi ,

I do agree initially i did created 1 FF user for 1 FF ID for each Module ( Basis , Security , Functional , BW) however  since this was not agreed now the management would like to have everyone access to FF as this would controlled via approval workflow  . Since i am still newbie  to GRC module bit stuck now how to do this  .


From my reading if all consultant should have access to GRC box to execute FF  via /N/GRCPI/GRIA_EAM i assume we need to define following  in NWBC as we have over 300++ consultant in organization . 

Example Fire Fighter ID : FFIDXX01

Fire Fighter User ID  : CONSULTANT1; CONSULTANT2; ++ ++

Regards

Amir

former_member197694
Active Contributor
‎10-31-2014 4:09 AM
0 Kudos

Hello Amir,

Yes, We have to assign in NWBC

i have not done practically mass user assignments for FF

if you are looking for mass assignments,check below note,might helps you.

1744929 - Mass Upload of Assignments for EAM

BR

Baithi

Ask a Question