Simple MSMP workflow for Emergency Access Management
Hi,
I am not able to get the EAM to work in Access Control 10. The user is able to successfully place a access request for FFid but there is a error in the workflow logs. I have not done any customization of the MSMP for GRAC_DEFAULT_PATH and other similar stages, as I am not aware of the the specific values that need to be maintained.
I want to avoid customizing as much as possible and use what SAP offers by default. The workflow steps I am looking for is : user places a request for FFid and the request is received by the FFid Owner (Manager) and approved by him, Once approved, the FFID is provisioned automatically and the user can login to tcode GRAC_SPM and use his FFid, and the Controller gets alerted about the log.
Hi Veera,
Did you define a condition in your initiator decision table in BRF+ to route your EAM requests to firefighter path.
Do you have stage called FF Owner?
Did you create a Firefighter path in MSMP configuration with FF Owner stage in it?
Did you maintained route mapping in your MSMP workflow configuration?
Please share your BRF+ initiator decision table and MSMP workflow config screenshots to help you further.
If you are new to MSMP and BRF+ config, please check this link for understanding the concept.
MSMP - Multi Step Multi Process – GRC&#82... | SCN
Regards,
Madhu.
Similar Messages
-
Hello Gurus,
I have configured Emergency Access Management in GRC AC 10.
GRC Box (SID) : GR1 client 100
Backend ERP system : D24 client 100
The FIREFIGHTER in GRC system : FFUSER1
Z_SAP_GRAC_SUPERUSER_MGMTUSER
Z_SAP_GRC_FN_BASE
Z_SAP_GRC_NWBC
In the Backend ERP system the FIREFIGHTER ID: ABC wants to access the FIREFIGHTER(FFUSER1)
Hence in NWBC (Setup >Superuser Assignment>Firefighter ID) the assignment is done.
ABC(FIREFIGHTER ID) <--->FFUSER1(FIREFIGHTER)
Now the User login the GRC system using FFUSER1 assigned following roles
Z_SAP_GRAC_SUPERUSER_MGMTUSER
Z_SAP_GRC_FN_BASE
Z_SAP_GRC_NWBC
Z_SAP_GRAC_SPM_FFID
and runs Transaction: GRAC_SPM
and he is able to see that ABC is assigned .
Now the user clicks on "Logon" and the status changes from green to "RED".
A new SAP screen opens asking credintials for Backend ERP system D24 client 100
The User enters his own Id : ABC and password and logs in.
Runs the necessary transactions and logs out using transaction: /nex
The session in GRC is still running and now the "LOGON button" is disabled , he comes out of that screen too.
When the user tries to login again using FFUSER1 to do more task , the "LOGON Button" is seen disabled.
and clicking the "unlock" button also doesn;t help.
When checked in SM04, no live session is reflected .
How can we "enable" the LOGON button in the transaction : GRAC_SPM for the same FIREFIGHTER (FFUSER1) assigned for Firefighter ID (ABC) ??
As it is now not possible to click "LOGON" button and the status is "RED".
Please let me know your opinion .
Thank You.
Regards,
PremjitThanks to All
-
Workflow for Predefined Performance Management Process
Hi All,
We are in process of implementing Predefined Performance Management to our client, as I know we donu2019t have workflow for predefined performance management, but I saw below thread:
Performance Management Process - Workflow between participants
Please give me more clarification about configuration of Workflow for PMP, we need e-mail notifications only when ever manager is going to do some status change like approve planning phase, reject planning phase etc.
We are expecting these notifications not through portal only employees e-mail account, can you tell me where the location of the configuration is?
Thanks in advance.
-AbhiHi,
The pre-defined is not ment for changing by anyone. The template is generated and the settings are as is. You would need to go to the phap_catalog to change the template (but that option is disabled for PMP templates). Theoritically you would need to change the status flow tab and select the correct workflow there. The information workflow is standard delivered for use in the flexible one.
So, yes you probably are able with tricks to get it working in PMP but it is not supported by SAP.
Regards and Groetjes,
Maurice Hagen -
Username and password for Sun Access Manager 7.1
Hi
Thank you for reading my post
I ge the new Java Application Platform SDK Update 2 which has access manager and portlet management inside it.
Can you tell me what is username and password for Sun access Manager 7.1 administration cosole?
thankswith me it was amadmin : admin123
in the readme file in the addons directory:
Done! Access the AM server URL and see if the Access Manager is working or not -
<amserver_protocol>://<amserver_host>:<amserver_port>/amserver
user : 'amadmin', password : <admin password>
in a config file i found the password was admin123 -
Workflow for Resource Object Management
Hi All,
I'm attempting to perform resource object management on an LDAP resource and have the following questions for a workflow related to this:
1. Do I need to checkout the view for the LDAP resource to perform resource object management (by this I mean something similar to creating or updating a group within LDAP)?
2. I will also be using a custom resource adapter to perform resource object management on that adapter. Can I assume that similar mechansims for LDAP will apply to my custom resource adapter?
3. Can anyone point me to some standard workflows for resource object management, point any further docs (I've through the workflows, views, and forms, as well as the deployment guide for resource adapters).
4. Does anyone have any examples of resource object managment they would be willing to share and explain.
All input welcome, Thanks.Hi there, Did you manage to get some assitance with this? I am also trying to search for examples of using the Resource Object to provision new entries to an LDAP and to learn how to form workflows.
-
Does sun provide a training for sun access manager customizations
Hi,
Is there any training available from sun for sun access manager customizations.
I am aware of the following training from sun AM-3480
TIA,
SureshHi, Suresh,
There's some material about customization in AM-3480. What areas are you interested in?
Regards,.
David -
Reason Codes not displaying when performing emergency access management(SPM
Hello guru,
I am experiencing a little problem when using superuser privilege management (emergency access) functionality in AC 10.0.
My problem is that the reason codes created in the AC system via the reason code link in the workcenter does not appear as drop down for me when I click on the logon button in the initial screen displayed in transaction SPM_GRAC.
Suffice to say that i do not have any reason code to pick from in the drop down for superuser privilege management in the AC system when i logon with the firefighter user to perform SPM.
Please help me out with your suggestions.
ThanksHello guru,
I am experiencing a little problem when using superuser privilege management (emergency access) functionality in AC 10.0.
My problem is that the reason codes created in the AC system via the reason code link in the workcenter does not appear as drop down for me when I click on the logon button in the initial screen displayed in transaction GRAC_SPM.
Suffice to say that i do not have any reason code to pick from in the drop down for superuser privilege management in the AC system when i logon with the firefighter user to perform SPM.
Please help me out with your suggestions.
Thanks -
Oracle 11g for Oracle access manager, OID version details
At present we have 1og db for sso and oid. I have checking in db that our exsisting OID and SSO versions are
Oracle9iAS Single Sign-On 10.1.2.0.2
Oracle9iAS Internet Directory
OID 10.1.2.1.0
We are moving to diff hosting solution and vendor is recommanding to have 11g Oracle access manager(in 11g sso is replaced by OAM) and OID.
What is the version of OID with 11g or please refer me to the documentaion where i can greb 11g OAM, oid etc versionsKapardhi wrote:
Where can i find oracle 11g server for windows7 home basic 64bit version...Oracle 11gR2 is certified on Windows 7 x64 - Professional, Enterprise, and Ultimate editions -- http://docs.oracle.com/cd/E11882_01/install.112/e24283/toc.htm#BGBEEBAD
You can download 11gR2 from http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html
Thanks,
Hussein -
WLC as a Mobility Anchor for guest access - Management on DMZ or not DMZ
When using Guest Access Cisco recommend a Mobility Anchor Controller be placed on a DMZ and the guest access wireless Lan is tunneled to this controller. This means that 2 DMZ subnetworks are required - one for the management interface and one for the wireless lan's dynamic interface itself.
I am trying to see if there are any disadvantages/security risks using 2 physical ports on the controller (no LAG) and placing one on a corporate network inside the firewall for management and to terminate the mobility anchor tunnel, and one outside the firewall on a DMZ for the wireless lan's dynamic interface.
Advantages that I see are that no tunnels need to go though a firewall, management of the WLC is kept completely inside the corporate network, protected by the firewall and not left on the DMZ.
Thanks.OK, so to recap;
- place the 2nd WLC in the DMZ with only 1 port (set for dynamic AP management)?
- Then Anchor the guest SSID (on it's DMZ IP instead of management IP as is now)
And to make that kind of anchoring work, I have to open ports below on the firewall.. right?
UDP port 16666 for inter-WLC communication, and IP protocol ID 97 Ethernet in IP for client traffic.
and:
•TCP 161 and 162 for SNMP
•UDP 69 for TFTP
•TCP 80 or 443 for HTTP, or HTTPS for GUI access
•TCP 23 or 22 for Telnet, or SSH for CLI access
Thanks to confirm that -
Need running java sample for sun access manager deployed on weblogic 8.1
Hi All,
I have deployed amserver.war in weblogic 8.1 through amserver.war.
I am able to login through user amAdmin. It's working fine. I have used file system at the time of configuration of access manager.
I want to communicate with the sunaccess manager deployed on weblogic through stand alone application. for example i want to access information stored in access manager from application by passing some input. What are the configuration that i need to do for this.
Use case: I have created a subject(user) now i want to retrieve user information that is stored in access manager or want to authenticate the user by passing the user name and password from a stand alone java application.
Thanks & Regs,
Deepak Dabas
[email protected]
Edited by: Deepak.Dabas on Jan 16, 2008 9:37 PMDeepak.Dabas wrote:
Hi All,
I have deployed amserver.war in weblogic 8.1 through amserver.war.
I am able to login through user amAdmin. It's working fine. I have used file system at the time of configuration of access manager.
I want to communicate with the sunaccess manager deployed on weblogic through stand alone application. for example i want to access information stored in access manager from application by passing some input. What are the configuration that i need to do for this.
Use case: I have created a subject(user) now i want to retrieve user information that is stored in access manager or want to authenticate the user by passing the user name and password from a stand alone java application.
please refer http://docs.sun.com/app/docs/doc/819-4675/6n6qfk0ne?a=view#gbdlr
http://docs.sun.com/app/docs/doc/819-2139/adubn?a=view
you need to download the client samples SUNWamclnt from sun.com
>
Thanks & Regs,
Deepak Dabas
[email protected]
Edited by: Deepak.Dabas on Jan 16, 2008 9:37 PM -
Configure security realm for external Access Manager in App server 8.1
Hi All,
I would like to protect my j2ee application using access manager running on an external host.
I would like to configure the security realm in Sun app Server 8.1 for the external Access Manager
external host & port of AM is:
http://svrd234d.dnn.com.au:58765
Please verify if these are the correct settings for the agentRealm configuration on Sun App server 8.1.
classname="com.sun.amagent.as.realm.AgentRealm"
property name="jaas-context" value="agentRealm"
property name="base-dn" value="ou=People,dc=dnn,dc=com,dc=au"
property name="hostURL " value="http://svrd234d.dnn.com.au:58765"Did you download AS8.1 agent under http://www.sun.com/download/products.xml?id=4266924d?
If you can unjar am_as81_agent_2_1.jar after installing the J2EE agent, you will find AgentRealm.class under com.sun.amagent.as.realm.
Please also note that page 161 of J2EE agent guide shows how to disable AgentRealm to better fit your agent policy mode. Check it out http://docs-pdf.sun.com/816-6884-10/816-6884-10.pdf
Jerry -
Is there a Forum for Sun Access Manager
Please send me the forum link for Sun Access Manager
Yes
http://forum.java.sun.com/forum.jspa?forumID=760 -
What is the web server instance directory for uninstalling access manager
when access manager is installed on java application server?
Thanks!
glxWell, the app server instance should be in /var/opt/SUNWappserver/domains/domain1 on Solaris by default (similar paths on other platforms), but the reality is if you want to uninstall it you should run the Java ES uninstaller. The reason is the installation of Access Manager also modifies the classpath in the domain.xml amongst other things.
The uninstaller is in /var/sadm/prod/<Java ES specfic dir> on Solaris, and somewhere similar on other platforms.
Good luck,
- Matt -
FIM for System Access Management
Hi All,
New to FIM - so, apologies for asking if it has already been answered elsewhere.
I have an understanding to some level of what FIM architecture components are.
I have a particular scenario and I wanted to discuss if and how FIM can support it please.
If there is an internal system with in the company, let us say a web application with SQL server database.
Assume the users for this application are managed locally in the database in a users table.
The web application has a module for user management that admins can use to manage users.
Let us assume the account on the system consists of account name, password, profile and a set of 10 roles that user can chose from.
If I want to use FIM to manage user access to this system (and get rid of admin function on the application itself), will I be able to create a system on FIM portal with add, modify, delete and password reset functions. SO that user's can make applications
accordingly. I would like to use FIM's built in application forms, workflow, approval processes and I am ready to build a custom adaptor that synchronization service will use to call a user management web service written by the developers of this application.
Users dont get access to this application by default. They only apply if their job requires them to.
Please advise.
Regards,
Ajay SuriYes, this sounds very do-able with FIM. The bulk of the work will probably be in writing the ECMA2 adapter to the application's web service (assuming the generic web service MA isn't suitable) but at a high level it is likely a good fit, excepting
that standard password management in FIM presupposes that users have AD accounts.
Steve Kradel, Zetetic LLC -
Workflow for Bank Communication Management
Hi ,
I need to find out any SAP workflows are responsible for the below activities in Bank communication management .
spro-Financial Supply Chain Management- > Bank Communication Management -> Release Strategy -> Change and Release ->
Assign Role to Release Steps , Here i am assigning rule - 96000144 against Rel Obj BNK_INI .
In pfac for rule 96000144 , i am assigning responsibilities where i am maintaining Agents ( User IDs ) .
The rule IDs specific to amount limits are maintained in SPRO under Financial Supply Chain Management- > Bank Communication Management -> Payment Grouping
When in t code bnk_moni , for Bat No , the approver list has to be displayed .
If anyone has any idea on Workflow related to Bank Communication Management , suggestion will be highly appreciated .
Regards
PrabhuduttaPlease check OSS 1041016, it contains documentation on BCM WF setup.
Rememeber that release WF is needed only if you have more than one release step - first release step is always done via BNK_APP, at the moment it's hardcoded in BCM (if you have all the latest patches).
WBR -
Pauls
Maybe you are looking for
-
Test Cases required for BW Statistics to test in QA annd DEV.
HI All, I am currently working on a support Project. My client has completed installing of Bw statistics in DEV and transported it to QA way back in 2006.Currrently before moving the BI Statistics data to PRD we have to test it in DEV and QA. How to
-
Short dump while changing the end date of infotype 0167 through PA30
Hi all, I am getting short dump while changing the end date of infotype 0167(Health Plans) through Tcode PA30. dump descript is as below An exception occurred that was not caught. Runtime Errors UNCAUGHT_EXCEPTION Except. CX_HR
-
Does anyone know of a way to make the "preset" field in the Print dialog box always default to a particular value? The current behavior, in Leopard at least, is for the preset field to be set to the previous choice. I typically print using a preset c
-
How do i make a new unrelated tab open next to my current tab?
How do i make a new unrelated tab open next to my current tab? i can't find an extension that does this
-
Is it possible to increase internet access speed of Mackbook Pro OS X 10.5.8 whilst using telstra prepaid wirless broadband internet stick in Darwin, Australia? How can i do this?