Hi All,
I’ve been working my way through the installation and configuring of GRC 10 SPS14 for the last few days now and thought I’d share a few points in regards to the setup of EAM.
A common issue for GRC EAM that I also faced was that my user (FF_OWNER) would not appear in the Select Owner ID search help. If you are experiencing this issue please check the following configurations.
1. IMG -> GRC -> AC -> Maintain Configuration Settings
Ensure the following parameters are set:
Parameter | Value |
Application type | 1 |
Default Firefighter Validity Period (Days) | 30 |
Send Email Immediately | YES |
Retrieve Change Log | YES |
Retrieve System log | YES |
Retrieve Audit log | YES |
Retrieve OS Command log | YES |
Send Log Report Execution Notification Immediately | YES |
Send Firefight Id Login Notification | YES |
Log Report Execution Notification | YES |
Firefighter ID role name | Z:SAP_GRAC_SPM_FFID |
For more information please refer to the following guide:
https://websmp102.sap-ag.de/~sapdownload/011000358700000997872011E/AC10_ConfigSettings_SP10.pdf
2. IMG -> GRC -> Common Component Settings -> Integration Framework -> Maintain Connection Settings
Note: I’m assuming you have created and tested your connectors in as outlined in the GRC post configuration guide.
3. Required roles for GRC EAM
Z:GRAC_SUPER_USER_MGMT_OWNER | Super User Owner Role |
Z:GRAC_SUPER_USER_MGMT_CNTLR | Super User Controller Role |
Z:GRAC_SUPER_USER_MGMT_USER | Super User Firefighter |
Z:SAP_GRAC_BASE | Base Role for all Access Control Users |
Z:SAP_GRC_NWBC | Governance, Risk, & Compliance - NWBC |
Z:SAP_GRAC_SPM_FFID | GRC Emergency Access Management Fire-Fighter |
Z:SAP_GRC_FN_BASE | Base role to run GRC applications |
Note: These roles have been copied into the customer namespace from standard SAP Roles.
4. Users
For test purposes, I’ve created three users:
FF_OWNER:
- Z:GRAC_SUPER_USER_MGMT_OWNER
- Z:SAP_GRAC_BASE
- Z:SAP_GRC_NWBC
- Z:SAP_GRC_FN_BASE
FF_CONTROL:
- Z:GRAC_SUPER_USER_MGMT_CNTLR
- Z:SAP_GRAC_BASE
- Z:SAP_GRC_NWBC
- Z:SAP_GRC_FN_BASE
FF_SUPER:
- Z:GRAC_SUPER_USER_MGMT_USER
- Z:SAP_GRAC_BASE
- Z:SAP_GRC_NWBC
- Z:SAP_GRC_FN_BASE
5. AM -> Access Control Owners
You need to configure each user as the owner of their particular "Owner Type":
6. When assigning a new Owner, you should now get the following
Hope it helps!
Cheers,
Sam