Skip to Content
avatar image
Former Member

FFID Owner able to assign any FFID to any user

Hi Experts,

There is a feature in GRC 5.3 that we can restrict a Firefighter ID owner from assigning other FFIDS he or she doesn't own.

When I confiugred the same in GRC10, I don't see any option to restrict it.

There is a parameter 4013, but whether its value is yes or no, it allows a owner to assign a FFID not owned by him.

How can we achieve this? If any owner can assign any FFID, then there won't be any restriction or meaning of ownership of a FFID.

Any solution of this issue?

Regards,

Sabita

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    avatar image
    Former Member
    Dec 21, 2012 at 06:21 PM

    Hi Mam,

    Since the owner is assigned the role SAP_GRAC_SUPER_USER_MGMT_OWNER, with this role the owner is able to assign any firefighter ID to any Firefighter user.

    There has been some changes in the Authorization concept.

     

    The user Assigned with the Role of EAM Admin “SAP_GRAC_SUPER_USER_MGMT_ADMIN”

    and EAM Owner “SAP_GRAC_SUPER_USER_MGMT_OWNER ” can do all available owner action for all connector.

    The Auth. Object used for firefighter Maintenance is GRAC_FFOWN & GRAC_OWNER

    Refer to the EAM Guide attached with the SAP Note -1663949 for detailed information on EAM Authorization objects.

    SAP Note 1730649 - would be helpful for you!

    Surajit

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Harinam,

      We are at SP10. The note  1730649 clearly says that it is the way authorization is designed, the owner must have the role SAP_GRAC_SUPER_USER_MGMT_OWNER to perform his task and if he gets the role, he can assign any FFID to any user. I am really disapointed 😔

      Regards,

      Sabita

  • avatar image
    Former Member
    Nov 05, 2014 at 09:00 PM

    Hello,

    Is there a feature in GRC 5.3 that we can restrict a FF ID owner from assigning other FF ID's where he/she does not own?

    Thanks a lot

    Mithuna

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Nov 26, 2014 at 12:10 AM

    Hi Sabitha,


    Try restricting GRAC_USER field in GRAC_FFOWN object of SAP_GRAC_SUPER_USER_MGMT_OWNER role with the user id of owner.


    I hope it helps.

    Regards,

    Yesh

    Add comment
    10|10000 characters needed characters exceeded