Hi Raghu,

Thanks for your suggestion!

Firefigher has assigned SAP_ALL and SAP_NEW. For this reason, Firefigher has all permission.

This is incorrect?

Please, any other suggestions?

Thanks,

Liliana!

Hi Liliana,

May I know the exact steps that you are following and the error message.

Firefigher has assigned SAP_ALL and SAP_NEW.

This is a wrong approach. You can't have SAP_ALL and SAP_NEW assigned to firefigthers. Giving this access may cause lot of issues and you might be unaware of the transactions that they are using until the log file is generated/sent.

Regards,

Raghu

Hi,

Thanks for your suggestion!

I have assigned the FirefigherID to UserID through CUP. So, I start transaction u201C/VIRSA/VFATu201D to check this userID and the assignation is correct.

Then, I login with UserID, I click a u201CLog onu201D button and I enter the Reason code and action. But, when I click u201COKu201D button, it appear the window to enter again the USER and PASSWORD.

I know this window shouldnu2019t appear, but I donu2019t know what it happens.

Please, any other suggestions?

Thanks,

Liliana!

Hi Liliana,

When you go to /n/virsa/vfat, do you see all the tabs (buttons) Owner,Firefighter,Controllers,Security,Reason Code,Configuration,Critical Tcodes.

Make sure that you have configured all of these. Click the Configuration tab and ensure that all the below parameters are set:

Retrieve Change Log YES

Critical Transaction Table from Compliance Calibrator(VRAT) NO

Firefighter Owner Additional Authorization YES

Configuration Change Comment Mandatory YES

Firefighter Controller Additional Authorization YES

Send Log Report with Critical Transactions Only YES

Send Log Report Execution Notification Immediately YES

Send Log Report Execution Notification YES

Send Firefighter Login Notification Immediately YES

Assign FF Roles Instead of FF IDs NO

Send FirefightId Login Notification YES

Remote Function Call - The ABAP type RFC connection that was created.

Also, make sure that the FF ID that you have created is a service type user and not dialog user.

Hope this solves the issue.

Regards,

Raghu

Hi,

I am getting the same error as described above. After the Firefighter attempts to check out the ID and fills out the reason code details, a new session opens requiring the user to reauthenticate (username/password). After the 2nd authentication the SAP Easy Access button is displayed but the Firefighter ID session never opens. I check the firefighter dashboard and the ID still has a green status.

I have provided the correct S_USER_GRP 02, 05 Auths to roles assigned to the users and have provided the necessary Configuration settings in the Config table.

Does anyone have any idea why this would be happening?

Also I am getting the logon summary reports notifying me that an ID has been checked out even though it has not.

Edited by: suggsda on Aug 16, 2011 1:50 PM

Hi,

You may re-check if the Firefighter user exit is configured correctly. SAP Note 992200 - Firefighter User Exit provides you more information on the same.

Also, refer the below SAP note:

Note 1056560 - Firefighter Logon problem- New session not created

This should resolve the issue.

Regards,

Raghu

I have checked and implemented the SAP Note: 1056560 - "Firefighter Logon problem- New session not created" but issue is still there. I am going to try to get one of our ABAP developers to implement the User Exit soon, but I did not think that the user exit would prevent the session from opening properly.

I will wait for the exit to be implemented and let you know.

We have implemented user exit and still no fix. Will open a message with SAP.

Hi,

Yes. I don't see any other issues/recollect any other SAP Notes to resolve the issue. Don't forget to post the solution, once it is fixed

Best Regards,

Raghu

Thanks for the feedback Arjuna, these were all helpful but unfortunately none of these has addressed the issue that we were facing. I did however find another fix that worked via SAP Note 1528178

Liliana this may fix your issue as well if you are still encountering the reauthentication issue when checking out a firefighter ID.

Because we are using CUA, you must ensure that the GRC RTA - VIRSANH is installed on the CUA master as well as on the Child systems. We are in the process of installing the RTA now, but the other temporary fix is to update the password setting in SCUM (tcode) from 'Global' to 'Everywhere'. When set to Everywhere the CUA does not have to regenerate the password and the SAP Easy Access button will allow the new Firefighter session to be opened.

I hope this helps,

suggsda

Hi,

Great and thanks for posting the solution here

Regards,

Raghu