Simple MSMP workflow for Emergency Access Management

Similar Messages

• GRC AC 10: Emergency Access Management, Logon button is disabled (GRAC_SPM)

  Hello Gurus,
  I have configured Emergency Access Management in GRC AC 10.
  GRC Box (SID) : GR1 client 100
  Backend ERP system : D24 client 100
  The FIREFIGHTER in GRC system : FFUSER1
  Z_SAP_GRAC_SUPERUSER_MGMTUSER
  Z_SAP_GRC_FN_BASE
  Z_SAP_GRC_NWBC
  In the Backend ERP system the FIREFIGHTER ID: ABC wants to access the FIREFIGHTER(FFUSER1)
  Hence in NWBC (Setup >Superuser Assignment>Firefighter ID) the assignment is done.
  ABC(FIREFIGHTER ID) <--->FFUSER1(FIREFIGHTER)
  Now the User login the GRC system using FFUSER1 assigned following roles
  Z_SAP_GRAC_SUPERUSER_MGMTUSER
  Z_SAP_GRC_FN_BASE
  Z_SAP_GRC_NWBC
  Z_SAP_GRAC_SPM_FFID
  and runs Transaction: GRAC_SPM
  and he is able to see that ABC is assigned .
  Now the user clicks on "Logon" and the status changes from green to "RED".
  A new SAP screen opens asking credintials for Backend ERP system D24 client 100
  The User enters his own Id : ABC and password and logs in.
  Runs the necessary transactions and logs out using transaction: /nex
  The session in GRC is still running and now the "LOGON button" is disabled , he comes out of that screen too.
  When the user tries to login again using FFUSER1 to do more task , the "LOGON Button" is seen disabled.
  and clicking the "unlock" button also doesn;t help.
  When checked in SM04, no live session is reflected .
  How can we "enable" the LOGON button in the transaction : GRAC_SPM for the same FIREFIGHTER (FFUSER1) assigned for Firefighter ID (ABC) ??
  As it is now not possible to click "LOGON" button and the status is "RED".
  Please let me know your opinion .
  Thank You.
  Regards,
  Premjit

  Thanks to All

• Workflow for Predefined Performance Management Process

  Hi All,
  We are in process of implementing Predefined Performance Management to our client, as I know we donu2019t have workflow for predefined performance management, but I saw below thread:
  Performance Management Process - Workflow between participants
  Please give me more clarification about configuration of Workflow for PMP, we need e-mail notifications only when ever manager is going to do some status change like approve planning phase, reject planning phase etc.
  We are expecting these notifications not through portal only employees e-mail account, can you tell me where the location of the configuration is?
  Thanks in advance.
  -Abhi

  Hi,
  The pre-defined is not ment for changing by anyone. The template is generated and the settings are as is. You would need to go to the phap_catalog to change the template (but that option is disabled for PMP templates). Theoritically you would need to change the status flow tab and select the correct workflow there. The information workflow is standard delivered for use in the flexible one.
  So, yes you probably are able with tricks to get it working in PMP but it is not supported by SAP.
  Regards and Groetjes,
  Maurice Hagen

• Username and password for Sun Access Manager 7.1

  Hi
  Thank you for reading my post
  I ge the new Java Application Platform SDK Update 2 which has access manager and portlet management inside it.
  Can you tell me what is username and password for Sun access Manager 7.1 administration cosole?
  thanks

  with me it was amadmin : admin123
  in the readme file in the addons directory:
  Done! Access the AM server URL and see if the Access Manager is working or not -
  <amserver_protocol>://<amserver_host>:<amserver_port>/amserver
  user : 'amadmin', password : <admin password>
  in a config file i found the password was admin123

• Workflow for Resource Object Management

  Hi All,
  I'm attempting to perform resource object management on an LDAP resource and have the following questions for a workflow related to this:
  1. Do I need to checkout the view for the LDAP resource to perform resource object management (by this I mean something similar to creating or updating a group within LDAP)?
  2. I will also be using a custom resource adapter to perform resource object management on that adapter. Can I assume that similar mechansims for LDAP will apply to my custom resource adapter?
  3. Can anyone point me to some standard workflows for resource object management, point any further docs (I've through the workflows, views, and forms, as well as the deployment guide for resource adapters).
  4. Does anyone have any examples of resource object managment they would be willing to share and explain.
  All input welcome, Thanks.

  Hi there, Did you manage to get some assitance with this? I am also trying to search for examples of using the Resource Object to provision new entries to an LDAP and to learn how to form workflows.

• Does sun provide a training for sun access manager customizations

  Hi,
  Is there any training available from sun for sun access manager customizations.
  I am aware of the following training from sun AM-3480
  TIA,
  Suresh

  Hi, Suresh,
  There's some material about customization in AM-3480. What areas are you interested in?
  Regards,.
  David

• Reason Codes not displaying when performing emergency access management(SPM

  Hello guru,
  I am experiencing a little problem when using superuser privilege management (emergency access) functionality in AC 10.0.
  My problem is that the reason codes created in the AC system via the reason code link in the workcenter does not appear as drop down for me when I click on the logon button in the initial screen displayed in transaction SPM_GRAC.
  Suffice to say that i do not have any reason code to pick from in the drop down for superuser privilege management in the AC system when i logon with the firefighter user to perform SPM.
  Please help me out with your suggestions.
  Thanks

  Hello guru,
  I am experiencing a little problem when using superuser privilege management (emergency access) functionality in AC 10.0.
  My problem is that the reason codes created in the AC system via the reason code link in the workcenter does not appear as drop down for me when I click on the logon button in the initial screen displayed in transaction GRAC_SPM.
  Suffice to say that i do not have any reason code to pick from in the drop down for superuser privilege management in the AC system when i logon with the firefighter user to perform SPM.
  Please help me out with your suggestions.
  Thanks

• Oracle 11g for Oracle access manager,  OID version details

  At present we have 1og db for sso and oid. I have checking in db that our exsisting OID and SSO versions are
  Oracle9iAS Single Sign-On 10.1.2.0.2
  Oracle9iAS Internet Directory
  OID 10.1.2.1.0
  We are moving to diff hosting solution and vendor is recommanding to have 11g Oracle access manager(in 11g sso is replaced by OAM) and OID.
  What is the version of OID with 11g or please refer me to the documentaion where i can greb 11g OAM, oid etc versions

  Kapardhi wrote:
  Where can i find oracle 11g server for windows7 home basic 64bit version...Oracle 11gR2 is certified on Windows 7 x64 - Professional, Enterprise, and Ultimate editions -- http://docs.oracle.com/cd/E11882_01/install.112/e24283/toc.htm#BGBEEBAD
  You can download 11gR2 from http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html
  Thanks,
  Hussein

• WLC as a Mobility Anchor for guest access - Management on DMZ or not DMZ

  When using Guest Access Cisco recommend a Mobility Anchor Controller be placed on a DMZ and the guest access wireless Lan is tunneled to this controller.  This means that 2 DMZ subnetworks are required - one for the management interface and one for the wireless lan's dynamic interface itself.
  I am trying to see if there are any disadvantages/security risks using 2 physical ports on the controller (no LAG) and placing one on a corporate network inside the firewall for management and to terminate the mobility anchor tunnel, and one outside the firewall on a DMZ for the wireless lan's dynamic interface.
  Advantages that I see are that no tunnels need to go though a firewall, management of the WLC is kept completely inside the corporate network, protected by the firewall and not left on the DMZ.
  Thanks.

  OK, so to recap;
  - place the 2nd WLC in the DMZ with only 1 port (set for dynamic AP management)?
  - Then Anchor the guest SSID (on it's DMZ IP instead of management IP as is now)
  And to make that kind of anchoring work, I have to open ports below on the firewall.. right?
  UDP port 16666 for inter-WLC  communication, and IP protocol ID 97 Ethernet in IP for client traffic.
  and:
  •TCP 161 and 162 for SNMP 
  •UDP 69 for TFTP 
  •TCP 80 or 443 for HTTP, or HTTPS for GUI access 
  •TCP 23 or 22 for Telnet, or SSH for CLI access
  Thanks to confirm that

• Need running java sample for sun access manager deployed on weblogic 8.1

  Hi All,
  I have deployed amserver.war in weblogic 8.1 through amserver.war.
  I am able to login through user amAdmin. It's working fine. I have used file system at the time of configuration of access manager.
  I want to communicate with the sunaccess manager deployed on weblogic through stand alone application. for example i want to access information stored in access manager from application by passing some input. What are the configuration that i need to do for this.
  Use case: I have created a subject(user) now i want to retrieve user information that is stored in access manager or want to authenticate the user by passing the user name and password from a stand alone java application.
  Thanks & Regs,
  Deepak Dabas
  [email protected]
  Edited by: Deepak.Dabas on Jan 16, 2008 9:37 PM

  Deepak.Dabas wrote:
  Hi All,
  I have deployed amserver.war in weblogic 8.1 through amserver.war.
  I am able to login through user amAdmin. It's working fine. I have used file system at the time of configuration of access manager.
  I want to communicate with the sunaccess manager deployed on weblogic through stand alone application. for example i want to access information stored in access manager from application by passing some input. What are the configuration that i need to do for this.
  Use case: I have created a subject(user) now i want to retrieve user information that is stored in access manager or want to authenticate the user by passing the user name and password from a stand alone java application.
  please refer http://docs.sun.com/app/docs/doc/819-4675/6n6qfk0ne?a=view#gbdlr
  http://docs.sun.com/app/docs/doc/819-2139/adubn?a=view
  you need to download the client samples SUNWamclnt from sun.com
  >
  Thanks & Regs,
  Deepak Dabas
  [email protected]
  Edited by: Deepak.Dabas on Jan 16, 2008 9:37 PM

• Configure security realm for external Access Manager in App server 8.1

  Hi All,
  I would like to protect my j2ee application using access manager running on an external host.
  I would like to configure the security realm in Sun app Server 8.1 for the external Access Manager
  external host & port of AM is:
  http://svrd234d.dnn.com.au:58765
  Please verify if these are the correct settings for the agentRealm configuration on Sun App server 8.1.
  classname="com.sun.amagent.as.realm.AgentRealm"
  property name="jaas-context" value="agentRealm"
  property name="base-dn" value="ou=People,dc=dnn,dc=com,dc=au"
  property name="hostURL " value="http://svrd234d.dnn.com.au:58765"

  Did you download AS8.1 agent under http://www.sun.com/download/products.xml?id=4266924d?
  If you can unjar am_as81_agent_2_1.jar after installing the J2EE agent, you will find AgentRealm.class under com.sun.amagent.as.realm.
  Please also note that page 161 of J2EE agent guide shows how to disable AgentRealm to better fit your agent policy mode. Check it out http://docs-pdf.sun.com/816-6884-10/816-6884-10.pdf
  Jerry

• Is there a Forum for Sun Access Manager

  Please send me the forum link for Sun Access Manager

  Yes
  http://forum.java.sun.com/forum.jspa?forumID=760

• What is the web server instance directory for uninstalling access manager

  when access manager is installed on java application server?
  Thanks!
  glx

  Well, the app server instance should be in /var/opt/SUNWappserver/domains/domain1 on Solaris by default (similar paths on other platforms), but the reality is if you want to uninstall it you should run the Java ES uninstaller. The reason is the installation of Access Manager also modifies the classpath in the domain.xml amongst other things.
  The uninstaller is in /var/sadm/prod/<Java ES specfic dir> on Solaris, and somewhere similar on other platforms.
  Good luck,
  - Matt

• FIM for System Access Management

  Hi All,
  New to FIM - so, apologies for asking if it has already been answered elsewhere.
  I have an understanding to some level of what FIM architecture components are.
  I have a particular scenario and I wanted to discuss if and how FIM can support it please.
  If there is an internal system with in the company, let us say a web application with SQL server database.
  Assume the users for this application are managed locally in the database in a users table.
  The web application has a module for user management that admins can use to manage users.
  Let us assume the account on the system consists of account name, password, profile and a set of 10 roles that user can chose from.
  If I want to use FIM to manage user access to this system (and get rid of admin function on the application itself), will I be able to create a system on FIM portal with add, modify, delete and password reset functions. SO that user's can make applications
  accordingly. I would like to use FIM's built in application forms, workflow, approval processes and I am ready to build a custom adaptor that synchronization service will use to call a user management web service written by the developers of this application.
  Users dont get access to this application by default. They only apply if their job requires them to.
  Please advise.
  Regards,
  Ajay Suri

  Yes, this sounds very do-able with FIM.  The bulk of the work will probably be in writing the ECMA2 adapter to the application's web service (assuming the generic web service MA isn't suitable) but at a high level it is likely a good fit, excepting
  that standard password management in FIM presupposes that users have AD accounts.
  Steve Kradel, Zetetic LLC

• Workflow for Bank Communication Management

  Hi ,
  I need to find out any SAP workflows are responsible for the below activities in Bank communication management .
  spro-Financial Supply Chain Management- > Bank Communication Management -> Release Strategy -> Change and Release ->
  Assign Role to Release Steps  , Here i am assigning rule - 96000144 against Rel Obj  BNK_INI .
  In pfac for rule 96000144 , i am assigning responsibilities where i am maintaining Agents ( User IDs ) .
  The rule IDs  specific to amount limits are maintained in SPRO under Financial Supply Chain Management- > Bank Communication Management ->  Payment Grouping
  When in t code bnk_moni , for Bat No , the approver list has to be displayed .
  If anyone has any idea on Workflow related to Bank Communication Management , suggestion will be highly appreciated .
  Regards
  Prabhudutta

  Please check OSS 1041016, it contains documentation on BCM WF setup.
  Rememeber that release WF is needed only if you have more than one release step - first release step is always done via BNK_APP, at the moment it's hardcoded in BCM (if you have all the latest patches).
  WBR -
  Pauls