Hi All,

I’ve been working my way through the installation and configuring of GRC 10 SPS14 for the last few days now and thought I’d share a few points in regards to the setup of EAM.

A common issue for GRC EAM that I also faced was that my user (FF_OWNER) would not appear in the Select Owner ID search help.  If you are experiencing this issue please check the following configurations.

1. IMG -> GRC -> AC -> Maintain Configuration Settings

/wp-content/uploads/2013/11/pic_1_320605.png

Ensure the following parameters are set:

Parameter

Value

Application type

1

Default Firefighter Validity Period (Days)

30

Send Email Immediately

YES

Retrieve Change Log

YES

Retrieve System log

YES

Retrieve Audit log

YES

Retrieve OS Command log

YES

Send Log Report Execution Notification Immediately

YES

Send Firefight Id Login Notification

YES

Log Report Execution Notification

YES

Firefighter ID role name

Z:SAP_GRAC_SPM_FFID

For more information please refer to the following guide:

https://websmp102.sap-ag.de/~sapdownload/011000358700000997872011E/AC10_ConfigSettings_SP10.pdf

2. IMG -> GRC -> Common Component Settings -> Integration Framework -> Maintain Connection Settings

/wp-content/uploads/2013/11/pic_2_320609.png /wp-content/uploads/2013/11/pic_3_320610.png

/wp-content/uploads/2013/11/pic_4_320611.png

Note: I’m assuming you have created and tested your connectors in as outlined in the GRC post configuration guide.

3. Required roles for GRC EAM

Z:GRAC_SUPER_USER_MGMT_OWNER

Super User  Owner Role

Z:GRAC_SUPER_USER_MGMT_CNTLR

Super User Controller  Role

Z:GRAC_SUPER_USER_MGMT_USER

Super User Firefighter

Z:SAP_GRAC_BASE

Base Role for all Access Control Users

Z:SAP_GRC_NWBC

Governance, Risk, & Compliance – NWBC

Z:SAP_GRAC_SPM_FFID

GRC Emergency Access Management Fire-Fighter

Z:SAP_GRC_FN_BASE

Base role to run GRC applications

Note: These roles have been copied into the customer namespace from standard SAP Roles.

4. Users

For test purposes, I’ve created three users:

FF_OWNER:

  • Z:GRAC_SUPER_USER_MGMT_OWNER
  • Z:SAP_GRAC_BASE
  • Z:SAP_GRC_NWBC
  • Z:SAP_GRC_FN_BASE

FF_CONTROL:

  • Z:GRAC_SUPER_USER_MGMT_CNTLR
  • Z:SAP_GRAC_BASE
  • Z:SAP_GRC_NWBC
  • Z:SAP_GRC_FN_BASE

FF_SUPER:

  • Z:GRAC_SUPER_USER_MGMT_USER
  • Z:SAP_GRAC_BASE
  • Z:SAP_GRC_NWBC
  • Z:SAP_GRC_FN_BASE

5. AM -> Access Control Owners

You need to configure each user as the owner of their particular “Owner Type”:

/wp-content/uploads/2013/11/pic_5_320613.png

/wp-content/uploads/2013/11/pic_6_320614.png

6. When assigning a new Owner, you should now get the following

/wp-content/uploads/2013/11/pic_7_320616.png

Hope it helps!

Cheers,

Sam

To report this post you need to login first.

1 Comment

You must be Logged on to comment or reply to a post.

Leave a Reply