Skip to Content

Restricting the Firefighter User Dropdown Box

Hello,

Does anybody know how to restrict the users from appearing when you assign a new Firefighter session?

Obviously the "Filtering" in the available list isn't suitable.... (best not to have them there in the first place).

I have sync'ed all users from the ERP system into GRC but by doing so this has pickup all the leaver records also.

These are defined by the User_Group in SU01 and the Valid_To date with the accounts being locked down.

I ONLY require to pull (sync) the "Active" records to limit the available user selection from the dropdown box for Firefighting.

Having dead records in the list isn't good.

Would also only need to run risk analysis (at user level) only for active records.

Thanks

Jon

(Currently using GRC10.1 - / GRCFND_A  V1100  0013 )

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    avatar image
    Former Member
    Oct 05, 2016 at 09:18 AM

    Hi Jonathon,

    If you want to exclude the locked users from repository object sync the below Note should help you. Can you try implementing this your plug-in system


    2007402 - Configuration Parameter for Locked Users in Repository Sync

    Regards,

    Manju

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 05, 2016 at 01:23 AM

    Hello Jonathan,

    Did you happen to go through this thread which will help you?

    https://scn.sap.com/thread/3820829

    Regards,

    Rakesh Ram M

    Add comment
    10|10000 characters needed characters exceeded

    • Hello,

      Thank you for the thread. We are using the naming convention starting with FF so could filter the list. It's the fact that they are there and "could" be used which is wrong.

      Will keep looking.

      Thanks

      Jon

  • Oct 05, 2016 at 05:07 AM

    hi,

    could you clarify, what you meant by FF session.

    Is it assignment  of FF id to user by admin? For the expired users, you may remove the the role assigned SAP_GRAC_END_USER and the basic GRAC roles, such as SAP_GRAC_FN_BASE. Then sync these expired users.

    This will not make the expired users appear.

    Regards

    Plaban

    Add comment
    10|10000 characters needed characters exceeded

    • Hello Plaban,

      Yes your right, it's the assignment of FF id to a user by admin. When I've sync'ed the users from the backend ERP, they are not in the SU01 so do not have any roles to remove. It seems a little crazy for the system to pull absolutely everything over regardless. The sync program doesn't allow you to specify any criteria.

      Thanks

      Jon