Activate the End User Logon screen in GRC AC 10.0
To activate the End User Logon screen, To maintain the logon information, do the following: –
- Execute transaction SICF.
- In the Service Name, enter the name of the service – GRAC_UIBB_END_USER_LOGIN
- Click the Execute button.
- Under the Virtual Hosts / Services column you will see the service selected service. Double click on this service name.
- Click on the Logon Data tab.
- Click on the Pencil icon to go to change mode.
- Enter the information for the client, shared user, language and password and the user should be select Internet type User.
Note: Create user with below roles and user type is service type
- SAP_GRAC_SUPER_USER_MGMT_USER
- SAP_GRAC_ACCESS_REQUESTER
- SAP_GRAC_BASE
- SAP_GRAC_END_USER
- SAP_GRAC_NWBC
- SAP_GRAC_SPM_FFID
- SAP_GRC_FN_BASE
- SAP_GRC_FN_BUSINESS_USER
8. Click on save.
Do the same procedure for all the services mentioned below. Maintain same user details in all the services and the user should be of type Internet user
1. GRAC_OIF_MY_PROFILE_EU
2. GRAC_GAF_NAME_CHANGE_SERV_EU
3. GRAC_POWL_REQUEST_STATUS_EU
4. GRAC_GAF_PWD_SELFSERVICE_EU
5. GRAC_OIF_USER_REGISTER_EU
6. GRAC_GAF_ACCREQ_WITH_REQREF_EU
7. GRAC_OIF_REQUEST_SUBMISSION_EU
8. GRAC_GAF_ACCREQ_WITH_TEMPL_EU
9. GRAC_GAF_ACCREQ_WITH_USEREF_EU
- Save the entry and navigate back to the Maintain Service screen.
- Right-click GRAC_UIBB_END_USERLOGIN, and then choose Test Service.
- The End User Logon screen appears. The http URL displayed in the browser’s address window is the End User Logon URL.
- To set the links the application displays on the End User Logonscreen, continue with the following steps:
- In the URL window of the browser (from step 4), append this to the end of the URL: &SAP-CONFIG-MODE=X&OBJECT_ID=ACCREQ/123 and press Enter. The Logonscreen appears.
- Enter your username and password, and log onto the system. TheEnd User screen appears.
If you getting any Login errors like user ID does not exist, then you need to maintain
“User Authentication Data Sources is SU01(If you have HR System then you select HR) and
set NO in End User Verification” in Maintain Data Sources Configuration.
8. To make a link invisible, right-click the link and select Settings for Current Configuration.
9. Select Invisible, Save the entry, and then close the browser.
Thanks,
Rajesh Srisailapu.
Dear Rajesh Srisailapu:
Do you have advantages and disadvantes og using this functionality on GRC 10.,0?
Thanks a lot.
Hi Picho Hernandez,
Sorry for late replay.
Please let me know what is OG.
Thanks,
Rajesh Srisailapu
Hi Rajesh,
Hernandez would mean "
Do you have advantages and disadvantes of using this functionality on GRC 10.,0?
Thanks a lot." 🙂
Regards,
Surya
The disadvantage if you do not do this is every user that needs access to any function in GRC would need to exist in GRC as a user. Therefore the advantage is that the SICF user can on behalf of a user create an access request for that user, assist them with a password reset for their own account, allow them to display the status of an access request they submitted for their own account. If setup properly, they can only perform actions for their own account.
Hi ,
The advantages are -
No need GRC System access to raise GRC Access request.
Who ever have the access either LDAP or SAP ECC System , they can able to raise Access request and reset the password with the help of GRC application even though user don't have GRC system access based on Database Configuration.
Regards,
Rajesh Srisailapu