Authorization Issues Demystified in EAM
In GRC AC 10.x, there are many issues where a simple authorization assignment will solve the issue. In this blog, I will bring your notice to few issues related to EAM which can be solved by tweaking or making some changes to authorization objects.
The following issues will be covered in this blog.
The following Authorization objects are utilized for the issues mentioned below
Hiding Update firefighter log button Consolidated Log Report
When the Controller is assigned standard controller role SAP_GRAC_SUPER_USER_MGMT_CNTLR, the controllers goes to NWBC->Reports & Analytics->Consolidated Log report, The Update firefighter log button is visible.
To remove the button, Remove the Administer activity 70 from GRAC_ASIGN object.
Firefighter Owner Unable to Assign Firefighter ID
Firefighter owner is unable to assign Firefighter ID in NWBC as he couldn’t find the ASSIGN button though he is assigned with the SAP Standard role SAP_GRAC_SUPER_USER_MGMT_OWNER
This happens if the authorization object GRAC_FFOWN is missing from the Owner’s Role. Please make sure that both the authorization Object GRAC_FFOWN & GRAC_OWNER have been assigned to the owner.
Approvers getting the message ‘User XXX is not a Valid Approver’
When the approvers are opening EAM workflow review request, they are getting the following error message: ‘User XXX is not a Valid Approver’.
This happens due to the following authorization issue.
Make sure the approvers have the following authorizations:
Authorization Object: ‘GRAC_ASIGN’
Transaction Logs are not getting captured in EAM
Even after executing the synch. Jobs if the transaction logs are not getting captured into EAM, apart from the time zone settings please check if the following authorization is assigned to the RFC User.
Make sure the following authorization is maintained:
Authorization Object: S_TOOLS_EX
Authorization Field: AUTH
End Users are not available for Firefighter ID assignment
End users to be assigned to Firefighter IDs are not available in the search during Firefighter ID assignment in NWBC even though EAM related GRC roles have been assigned to the user.
Make sure the following Authorizations are assigned to the user.
Authorization object: GRFN_USER
System list is not coming under selection criteria
The controller is not able to view the logs for a specific system as he is not able to select the system due to empty system list.
Ensure that the Controller user has Authorization Object GRAC_SYS with required system/connectors and Activity 03.
Adding and subtractions to the blog is most welcome.
Rakesh Ram M