Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC 5.3 Access Control password communication

Go to solution
Former Member

‎09-10-2012 7:17 PM

0 Kudos

Hello,

I currently administer the GRC 5.3 Access Control for my company. One of the concerns with this tool is that it doesn't conform with a couple of our Security Policies/standards. More specifically,the auto-provisioning at the end of the request process is enabled and the user receives an auto-email with their user ID and password. The (GRC) tool uses a group mailbox to send messages to users, but the messages being sent especially the ones with the User ID & Password are not encrypted thus non-compliant to the aforementioned policy. My question is... is there a way to change the message template (just like the other templates) to not include the user ID since this part of the credentials should already be known to the user? Also, is there a way to encrypt/secure the messages at the tool level or is this an issue that should be resolved at the mailbox level (my company uses outlook 2007)?

I also wonder how GRC 10 handles the communication of the credentials (ID & password) and whether it has an option to secure this communication.

Thank you in advance for your help.

1 ACCEPTED SOLUTION

Go to solution
saksham
Advisor
Advisor

‎09-11-2012 11:27 AM

0 Kudos

Hi Renis,

You may choose the link to be sent instead-From Configuration tab->E-mail reminder Page-> Closing Tab Screen,You need to set the 'Send Password in mail' to 'NO', will send a link to the User, when the Password is reset.I have appended a screenshot for your convenience.

Kindly also check SAP note 1253720- Compliant User Provisioning 5.3-Supressing Password Email

Best Regards,

Saksham

Preview file
96 KB
3 REPLIES 3

Go to solution
saksham
Advisor
Advisor

‎09-11-2012 11:27 AM

0 Kudos

Hi Renis,

You may choose the link to be sent instead-From Configuration tab->E-mail reminder Page-> Closing Tab Screen,You need to set the 'Send Password in mail' to 'NO', will send a link to the User, when the Password is reset.I have appended a screenshot for your convenience.

Kindly also check SAP note 1253720- Compliant User Provisioning 5.3-Supressing Password Email

Best Regards,

Saksham

Preview file
96 KB

Go to solution
Former Member
In response to saksham

‎09-11-2012 7:30 PM

0 Kudos

Saksham,

Thank you for your response. Actually I was already aware of that functionality, but the problem is that it doesn't address the issue. I was able to find a way to modify the communication (containing the user id and password) using the info on the note below:

Note 1253720 - Compliant User Provisioning 5.3-Supressing Password Email

Go to solution
Former Member

‎09-12-2012 8:14 AM

0 Kudos

Hi Renis,

Please view the code: 1032 as given in SAP Note: 1253720 and remove the text 'your ID is #_!' from the file, screenshot is shown below:-

Let us know if it resolves the issue.

Best Regards,

Akhil Chopra

Preview file
193 KB