Skip to Content
avatar image
Former Member

SPM 10.0 Roles

Hi experts,

I am currently configuring GRC AC 10.0 for a client. I am having an issue when it comes to which roles to assign to each user in regards to SPM (Firefighter).

Users of Firefighter - "FF ADMINISTRATOR", "FF OWNER", "FF CONTROLLER" and "FF USER" that need roles. The guide I'm referring to (AC 10.0 Centralized Firefighter Access.pdf) says I need the following:

FF OWNER = SAP_GRAC_SUPER_USER_MGMT_OWNER

FF CONTROLLER = SAP_GRAC_SUPER_USER_MGMT_CNTLR

FF USER = SAP_GRAC_SUPER_USER_MGMT_USER

FF ADMINISTRATOR = SAP_GRAC_SUPER_USER_MGMT_ADMIN (not mentioned in guide but I am assuming)

In addition, each need SAP_GRC_FN_BASE and SAP_GRC_FN_BUSINESS_USER roles.

However, I've already realized that the FF ADMINISTRATOR is going to need the SAP_GRAC_SETUP role in order to be able to access the Setup tab within GRC in order to maintain the Access Control Owners and then assign an Owner to a Firefighter ID.

The issue comes up when you need to give the Owners the same SAP_GRAC_SETUP role in order to maintain the Firefighter IDs assigned to them and assign those to the actual end user Firefighters. However, with that role, the Owner would also have access to maintain Owners, Reason Codes, etc.

Questions: Am I going to have to manually edit the authorizations within this role to make this work? Is there an actual list of roles that need to be assigned to each of the Users within Firefighter? or is this a trial-and-error process of adding each role to the user and testing to see which roles they need?

Thanks,

Madhu

Edited by: Madhu Mathew on Sep 16, 2011 11:06 PM

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Sep 18, 2011 at 02:32 PM

    Hi

    Along with roles given in guide try adding following roles :

    1. SAP_GRAC_BASE

    2.SAP_GRAC_END_USER

    3.SAP_GRAC_NWBC

    Thanks & Regards

    Asheesh

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Simon Persin

      Simon,

      Thanks. We are currently working on modifying the standard roles as needed, but I was just hoping that someone (or SAP) had already done this. I am only speaking of basic functionality of the roles, not anything client or business-specific.

      For example, I would think that the Owner role given should not have access to create or assign new owners, but they do.

      Thanks,

      Madhu