cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC-SPM Firefighter S_USER_GRP 05 (Lock\Unlock) authorization issue

Go to solution
Former Member

on ‎12-07-2010 9:16 PM

0 Kudos

Iu2019ve the following question for the group for GRC-SPM:

Q: Is S_USER_GRP = 05 (Lock\Unlock User) authorization a must for a Firefighter User in order to check out the Firefighter ID? (My testing shows it is!)

If yes, how will you prevent users from changing passwords for other Firefighter users and Business users in production?

Note: Not all Firefighters will have SU01 or SU10 tcodes, but Role stacking (combinations) or transaction ranges could create a risk as there are multiple ways in SAP to update a user.

Also, we are thinking about using User Groups to limit the access but weu2019ll still need to have separate Firefighter role for Basis & Security from other Firefighters in that case.

Is there a way to deactivate the S_USER_GRP = 05 authorization check in the system to avoid this issue? Has anyone implemented anything like this yet?

Thanks,

Mandeep

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-07-2010 9:35 PM
0 Kudos

Hi Mandeep,

Yes, the S_USER_GRP chcek is mandatory. THe best thing to do would be to use user groups and assign a particular group to your firefighter. I guess you could assign the same group to S_USER_GRP for the FF authorization.

Regards,

Chinmaya

Show replies
Show replies
Former Member
‎12-07-2010 11:27 PM
0 Kudos

Thanks Chinmaya!

Do you know the function module where the S_USER_GRP authorization check takes place for Firefighter\SPM?

Is there a User Exit or BADI available for custom implementation or can you de-activate this check?

Is it even reccomended? If not, why?

Thanks,

Mandeep

Former Member
‎12-08-2010 3:33 PM
0 Kudos

Hi Mandeep,

I couldnt really find it... but I would not really change a SAP standard code for this.

Regards!

Chinmaya

Answers (2)

Answers (2)

Former Member
‎12-09-2010 9:34 AM
0 Kudos

Virk,

Although your question is answered, just wish to add few point.

In earliar version of SPM, it was mandatory to maintain password in SPM.

However with latest version maintainance of password is no more compulsary in SPM.

Now SPM handle password change or reset (if required) internally.

and for doing that 05 is MUST.

This applies to SU01, if you want to reset any password.

Regards,

Surpreet

...... my 2 cent......

Show replies
Show replies
Former Member
‎12-09-2010 10:34 AM
0 Kudos

Cool, this helps a lot Surpreet and it makes sense now why we should not deactivate 05 check!

Thanks,

Mandeep

koehntopp
Product and Topic Expert
Product and Topic Expert
‎12-09-2010 11:10 AM
0 Kudos

It seems you have not finished post-installation.

Note 992200 implements a user exit that prevents users logging in with FF IDs which will solve your issue.

Frank.

Former Member
‎01-17-2011 3:41 PM
0 Kudos

Hi Frank,

Note# 992200 does not apply for our version VIRSANH 530_710 installed for PI (Process Integration) system.

I searched if there was another note but could not find any.

Does SAP need to put a correction for version VIRSANH 530_710 yet?

Please let me know.

Thanks,

Mandeep

koehntopp
Product and Topic Expert
Product and Topic Expert
‎01-17-2011 4:23 PM
0 Kudos

Are you sure? Maybe they just forgot to update the note...

Former Member
‎01-17-2011 6:55 PM
0 Kudos

Hi Frank,

Thanks for your reply!

May be SAP did forget to update the note to include the latest version VIRSANH 530_710, version VIRSANH 530_700 is listed there but NOT 710!

I think we can still implement the change? Don't you think?

Regards,

Mandeep Virk

Former Member
‎01-17-2011 11:04 PM
0 Kudos

Hi Frank,

You were correct, I checked and confirmed with SAP .... Note# 992200 is applicable for VIRSANH 530_710 as well.

Thanks,

Mandeep

Former Member
‎12-08-2010 3:41 PM
0 Kudos

Thanks, I agree!

Show replies
Show replies
Ask a Question