GRC EAM Owner Assignment Issue
Hi All,
I’ve been working my way through the installation and configuring of GRC 10 SPS14 for the last few days now and thought I’d share a few points in regards to the setup of EAM.
A common issue for GRC EAM that I also faced was that my user (FF_OWNER) would not appear in the Select Owner ID search help. If you are experiencing this issue please check the following configurations.
1. IMG -> GRC -> AC -> Maintain Configuration Settings
Ensure the following parameters are set:
|
Parameter |
Value |
|
Application type |
1 |
|
Default Firefighter Validity Period (Days) |
30 |
|
Send Email Immediately |
YES |
|
Retrieve Change Log |
YES |
|
Retrieve System log |
YES |
|
Retrieve Audit log |
YES |
|
Retrieve OS Command log |
YES |
|
Send Log Report Execution Notification Immediately |
YES |
|
Send Firefight Id Login Notification |
YES |
|
Log Report Execution Notification |
YES |
|
Firefighter ID role name |
Z:SAP_GRAC_SPM_FFID |
For more information please refer to the following guide:
https://websmp102.sap-ag.de/~sapdownload/011000358700000997872011E/AC10_ConfigSettings_SP10.pdf
2. IMG -> GRC -> Common Component Settings -> Integration Framework -> Maintain Connection Settings
Note: I’m assuming you have created and tested your connectors in as outlined in the GRC post configuration guide.
3. Required roles for GRC EAM
|
Z:GRAC_SUPER_USER_MGMT_OWNER |
Super User Owner Role |
|
Z:GRAC_SUPER_USER_MGMT_CNTLR |
Super User Controller Role |
|
Z:GRAC_SUPER_USER_MGMT_USER |
Super User Firefighter |
|
Z:SAP_GRAC_BASE |
Base Role for all Access Control Users |
|
Z:SAP_GRC_NWBC |
Governance, Risk, & Compliance – NWBC |
|
Z:SAP_GRAC_SPM_FFID |
GRC Emergency Access Management Fire-Fighter |
|
Z:SAP_GRC_FN_BASE |
Base role to run GRC applications |
Note: These roles have been copied into the customer namespace from standard SAP Roles.
4. Users
For test purposes, I’ve created three users:
FF_OWNER:
- Z:GRAC_SUPER_USER_MGMT_OWNER
- Z:SAP_GRAC_BASE
- Z:SAP_GRC_NWBC
- Z:SAP_GRC_FN_BASE
FF_CONTROL:
- Z:GRAC_SUPER_USER_MGMT_CNTLR
- Z:SAP_GRAC_BASE
- Z:SAP_GRC_NWBC
- Z:SAP_GRC_FN_BASE
FF_SUPER:
- Z:GRAC_SUPER_USER_MGMT_USER
- Z:SAP_GRAC_BASE
- Z:SAP_GRC_NWBC
- Z:SAP_GRC_FN_BASE
5. AM -> Access Control Owners
You need to configure each user as the owner of their particular “Owner Type”:
6. When assigning a new Owner, you should now get the following
Hope it helps!
Cheers,
Sam
The role SAP_GRC_NWBC need not be assigned to Firefighter user.
Regards,
Rama