GRC AC 10 EAM - Distiguish between a firefighter id and a regular user id logon by looking at it

Hello,
I have a requirement where users want to see a change in SAP screen( color/warning/note)  while using a firefighter id.
Reason behind the requirement is that some users are not logging off after using the firefighter id and by mistake using the firefighter id as their own user id for their day to day jobs.
We are conducting training sessions for users but wanted to check if anyone has worked on the same requirement before .
I know SAP GUI settings to get different color codes for development, staging and production sap system but we can not use this for firefighter id globally.
Mark

Hi Mark
Changing screen colours are unlikely to really help and I thought those settings are stored against the SAPGUI settings. You could talk to Basis/Developer to see if they have any suggestions in that space.
I have not done this before (and Basis/ABAP might shoot me down for performance issues) but is it possible for a custom program that runs in background and checks for active FF sessions? it can track and every xx minute display a pop up to remind them they are in FF.
The challenge here will be users legitimately in FF Ids will get frustrated. It could be improved with a check box for 'don't remind me again for this session'.
You still rely on training of users and controllers of what FF should be used for in your company. Security authorisations provide additional restriction.
Regards
Colleen

Similar Messages

  • Difference between a master DVD and a regular DVD

    Can anyone explain to me the difference between a master DVD and a regular DVD. What is the workflow from FCP to compressor then DVDSP as far as bitrate settings etc? Thanks in advance!!

    LOL - I wouldn't let it worry you... we all start somewhere.
    When you click on 'Build and Format' you get a window appearing which lets you set all kinds of different parameters. At the bottom you will see two drop down boxes. Choose 'Hard Drive' in the top one, and '.img' in the second. This will tell DVDSP to create a disc image and put it in the location that you then specify. When done, you can double click this image and it will open like a DVD disc would - if you have got DVD Player running then your project will run as if it was on a physical disc (although slightly quicker).

  • Possible to segment traffic between 2 interfaces? And other questions...

    I would like to set my G5 up as a server utilizing a second connection and to keep traffic seperated between this server connection and my regular internet connection (would be wireless). I'm pretty sure this alone is fairly straightforward and can be accomplished by setting up the new interface and moving it down to the bottom of the connection list with wireless at the top. That should keep all non-specific traffic from flowing out the ethernet/server connection - I think.
    If the above works the way I stated then I would also want to firewall ONLY the ethernet/server connection (the wireless has it's own hardware firewall). AND - this is the tricky part - I also want to add a fake interface that has a fake IP and bind that to the "real" ethernet/server connection. The reason for that is because I need a static IP to bind the service to. I know if the connection list thing works to flow the traffic that if I had an external router on the server connection, this wouldn't be needed. I'd already have a fake IP to bind to and I wouldn't have to run the firewall on the Mac. But I don't and I'd rather not have to buy one.
    So can this be done through the network/sharing preferance panes? If so, are there any "gotchas" I should be aware of? If not, is there any software tool out there that would make setting this up easier/faster? I'm not opposed to doing it all via command line, but I'm a bit rusty with my linux/unix admin knowledge. Plus I'm not 100% certain how to set all that up command line wise without screwing up OS X!
    Thanks.

    I'm not sure I fully understand what you are attempting to accomplish. Lets see if I have the general idea.
    You have a single G5, that you want to use as both your desktop machine and also to provided specific services, such as web, email, etc.
    You have some type of hardware firewall/security appliance.
    You have some type of wireless access point.
    You don't seem to have any type of router or switch in your configuration.
    You want all of your server based traffic to be sent and received on it's own Ethernet port. You want your personal Internet traffic to be sent and received on your wireless connection.
    So my questions are:
    Where is the server traffic going to, coming from? Who is accessing the server, is it users on the Internet, or just computers on your own LAN (which you didn't mention).
    If your server is to allow data from or send to the Internet, then you need to have a way to route the traffic there. Do you have more then one method to access the Internet, or will all traffic, both personal and server being going though the same Internet access pipe?
    If it is all going through the same pipe, and you only have the single computer, I don't understand why you wish to segment the traffic.
    If on the other hand you have multiple computers on your LAN. then segmenting traffic may make sense. This would allow access to your server and keep your LAN well secure.
    Anyway, to get to specifics, you'll need to use the terminal app to bind specific services to specific IP's and ports on your Mac. You will also need to manually configure the firewall to be able to select specific connection ports and bindings. However, while I think it can be done, I'm not sure it makes a great deal of sense.
    I would be more inclined to suggest a router or switch that can provide VLAN support, or a router that provides true DMZ support, would be a good way to go.
    Anyway, a little more info would be helpful.
    Oh and if I have this totally worng in what I think your doing.. My mistake.
    Tom N.

  • What is the difference between HP 500 series and 110 series?

    I'm not Tech savvey so I'm confused about the differences between the HP 500 and 110 series. The thecnical specks look simmilar so which is better? 

    Allanti wrote:
    I'm not Tech savvey so I'm confused about the differences between the HP 500 and 110 series. The thecnical specks look simmilar so which is better? 
    A true comparison would need the model numbers (not the series) to be specific.  Overall, the 110 series is considered the entry-level or value line while the 500 series is the mid-range line.

  • GRC 10 EAM - Unable to assign Firefighter roles to owners

    Greetings SAP gurus,
    I am currently on a new GRC 10 installation and having issues with the Emergency Access Management (EAM) component previously known as FireFighter or SPM.  Note: We are trying to implement the Firefighter ''Role-Based" Approach.
    Issue: We are unable to assign EAM roles to owners within NWBC. Click on 'Assign owners to Firefigher ID's and provision Firefighter ID's to firefighters' via the Access Management Tab within NWBC, option Superuser Assignment. Click on Assign.  We are able to find the owners, but when I search for roles to assign, I get the error, 'No records found for the search criteria entered''.
    We are on SP7.
    Items completed:
    1) All post installation tasks were completed correctly, i.e. BC sets activated, connector groups created and working.
    2) EAM roles created on target system and imported via BRM.
    3) EAM role properties edited for "Firefighting' usage in BRM, role owners defined, functional areas defined, business process and sub process areas defined.
    4) Access control owners (i.e. role owners and controllers) defined.
    5) The ID being used for configuration is currently assigned all GRC_NWBC roles available.
    6) The connector groups are working fine and we are using for the Access risk Analysis component which is working fine.
    7) The post EAM configuration steps has been completed.
    Has anyone else experienced a similar issue?  I look forward to your responses.
    Rgds,
    Prevlin Moodley

    Hello Prevlin,
    Are you using a FF role owner for the assignment. This might be helpful:
    [Note 1289579 - Firefighter Owner additional authorization for Role based FF|https://service.sap.com/sap/support/notes/1289579]
    Cheers,
    Diego.

  • Communication between PC/RM Backend and ERP System

    Hi,
    Is it possible to have communication between PC/RM Backend and ERP System by cresting RFCUSER with user type communications data instead of Dialog user.
    Because of audit policy , none of DIALOG user should have SAP_ALL profile.
    Is there a option to set up communications  between PC/RM Backend and ERP System without a Dialog user setting.
    Pravin

    Hi Pravin,
       You are right and the user should be always communication or system. GRC AC allows for the user to be communication or system. Can you try with PC/RM RFC user and see if it works? It should work
    Alpesh

  • GRC AC 10 - Reassign FF ID Owner to FF IDs Assigned to Users

    Hello
    We need to reassign the FF ID Owner for a set of FF IDs that are already assigned to users. Is there a way to do this in mass? The only way I currently know how to do it is to either remove the assignment from all users, change the owner then reassign to users or to go into each individual FF ID user assignment and update the owner within there. We have quite a few updates to make and would like to save time if possible.

    Hi Stacey
    Reassign fuctionality has been introduced in GRC 10.1 EAM.
    You can reassign the onwer/controller/users already assigned to any number of FFID's
    Kindly refer the detailed document
    GRC10.1 How Reassign functionality works in Emergency Access Management in GRC
    Let me know if any questions.
    Regards
    Sachin Awasthi

  • Difference between SAP Access Control and IDM

    Hi Expert,
    I have one question What is the difference between SAP Access Control and SAP Identity Management ?

    Ali,
    That's a good question, but a tough one.
    While both applications can do most of what the other can do, it's a matter of specialization in my opinion.
    Access Control is all about managing and controlling access to SAP system roles and has the ability to report on role conflicts for compliance and reporting purposes. (I'm sure I'm leaving a lot out, but maybe a GRC / AC expert can fill in more details)
    SAP IDM is about managing the user life cycle with regards to landscape and enterprise systems. It will handle the creation, update and ultimately the removal (or de-provisioning) of users in SAP ABAP, SAP JAVA, LDAP, JDBC, and API based applications.  It will also do Role Management through a web based UI (User management is web based as well). and as of the latest Service pack for SAP IDM 7.2, it will do attestation (limited certification) as well. It is a definite upgrade to CUA as it will work with a greater variety of systems, include workflows and approvals.
    GRC will do some provisioning, but it's somewhat limited, as is IDM's compliance abilities.
    The applications are designed to work together, however it does not have a great track record and the integration is typically heavily modified to work as desired.
    If you have specific questions, feel free to post / DM.  Obviously I am more knowledgeable about IDM, but I'll be happy to help you in any way possible.
    Regards,
    Matt

  • Error while adding a used relationship between the New DC and the Web DC

    Hi Gurus
    We are getting the Error in NWDS while Adding  a used relationship between the New DC and the Web DC.
    Steps what we are Done
    1. Create the custom project from inactiveDC's
    2.creating the project for the component crm/b2b in SHRAPP_1
    3.After that we changed the application.xml and given the contect path.
    4.Then we tried to add Dependency to the custom create DC we are getting the error saying that illegal deppendency : the compartment sap.com_CUSTCRMPRJ_1 of DC sap.com/home/b2b_xyz(sap.com.CUSTCRMPRJ_1) must explicitly use compartment sap.com_SAP-SHRWEB_1 of DC sap.com/crm/isa/ like that it was throwing the error.
    so, we skip this step and tried to create the build then it is saying that build is failed..
    Please help us in this regard.
    Awaiting for ur quick response...
    Regards
    Satish

    Hi
    Please Ignore my above message.
    Thanks for ur Response.
    After ur valuble inputs we have added the required dependencies and sucessfully created the projects, then building of the  projects was also sucessfully done and  EAR file was created.
    We need to deploy this EAR file in CRM Application Server by using the interface NWDI.
    For Deploying the EAR into NWDI, we need to check-in the activites what i have created for EAR. once i check-in the activites ,the NWDI will deploy the EAR into CRM Application Server.
    In the Activity Log we are able to check the Activities as Suceeded but the Deployment column is not showing any status.
    When i  right click on my activity Id the deployment summery is also disabled.
    So finally my Question is that where can i get the deployment log file, and where can i check the deployment status for my application..
    Any pointers in this regard would be of great help..
    Awaiting for ur valuble Responses..
    Regards
    Satish

  • The difference between VGA, DVI-D and ADC?

    Hi.
    The difference between VGA, DVI-D and ADC and which should be used with a T244 widescreen monitor into a Quicksilver G4 with a GeForce2 MX nVIDIA (0x10de) card. What's a good upgrade card if the above is not good enough?
    Thank you for your input.
    Walter

    Look at this link http://en.wikipedia.org/wiki/DigitalVisualInterface
     Cheers, Tom

  • The difference between AIR-ANT5135D-R and AIR-ANT5135DB-R

    Hi,
    Anyone know what is the difference between AIR-ANT5135D-R and  AIR-ANT5135DB-R ?
    From the dynamic configuration tools for 1252 and 1242, AIR-ANT2422DB-R is inside one of the antenna option.
    However, I can't find it in the "Cisco Aironet Antennas and Accessories Reference  Guide"
    http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/product_data_sheet09186a008008883b.html
    Inside the document there is only AIR-ANT5135D-R.
    likewise for the 2.4 GHz,  AIR-ANT2422DB-R is inside the dynamic configuration tools and not inside "Cisco Aironet Antennas and Accessories Reference  Guide"
    Any help would be appreciated
    Thanks,
    Richard

    Found the difference, AIR-ANT5135DB-R and       AIR-ANT2422DB-R are  non-articulating antennas.
    Thanks!
    Richard

  • The difference between Telepresence Content Server and MSE 3500

    Good day! Could someone explain me what's the difference between Telepresence Content Server and MSE 3500? Why do I need to obtain two these devices for sorting out my tasks? I want to understand gist of the first and the second devices.

    In addition to what Jonathan posted above, here is a Capture Transform Share Solution Guide that goes over a little bit of what the TCS and MXE are and some possible deployment scenarios.
    In short, TCS is used to record video conferences or lectures that can be streamed on demand or live using various streaming or distribution methods.  One such distribution method is using the MXE 3500 to ingest the recordings from TCS and convert them to different media types and add in-video content such as logos etc.  However, from the MXE, you can't send the video back to the TCS for viewing, you'd need to send that off to another viewing portal such as Show and Share.

  • The difference between SSO/NSF(GR) and NSR

    Hello
    I have question about the differnce between SSO/NSR(GR) and NSR.
    In my understanding SSO/NSR is stateful switchover from Active to Backup
    Mainly take over teh startup configuration and FIB TCAM table and so on.
    But this protocol need to re-establish the routing table and topology database etc.
    But if NSR functions when stateful switchover happens then it takes over routing table
    and toplogy database etc. right? 
    If so, I think BGP peer down/up (flapping) , OSPF/EIGRP neighbor state change does not happen right?

    ITS is used for accessing R/3 through browser....to implement SSO from Portal to access backend R/3 systems over ITS you need to follow certains step ...
    1. Create RFC Destination in J2EE Engine RFC JCo Provider
    2. Create RFC Destination in the R/3   Transaction: SM59
    3. Maintain Portal Server Settings for the Portal
    4. Maintain Single Sign-On in the R/3 System
    5. Export  R/3 Certificate to the Portal System
    6. Import  R/3 Certificate to the Portal
    7. Create  R/3 System in the Portal
    8. Configure User Management in the Portal
    9. Export Portal Certificate from Portal
    10. Import Portal Certificate to the R/3 System
    11. Set Up Repository Manager for R/3 in the Portal
    12. Maintain User management as SAP Logon Ticket in the Portal
    Hope I have answered your query in proper way.......
    If you want step by step details pl s let me know
    Swapnil

  • RFC connection error between BW 3.5 and ECC 6.0

    Hi gurus,
    We've defined an RFC destination between BW 3.5 and ECC 6.0. Connection test  (SM59) is ok, but authorization one fails and ALEREMOTE users block. These users on both systems have good profiles. We look ST22 and find a runtime error on CALL_FUNCTION_REMOTE_ERROR. We've cleaned source system on BW and RFC destination and we've created one more time, but error doesn't disappear. We've looked OSS but don't find anything.
    Any idea? Is there any other place (users, RFC) where we have to change user password on system?
    Thanks a lot!
    Regards,
    Iván.
    Edited by: Iván Cabezas Castillo on Nov 6, 2009 12:09 PM

    Solved!
    This is because of the incompatibility of password handling between
    640 and 700 systems.
    We have to use a maximum 8 character long password with only capital letters (numbers are also allowed) for the user "ALEREMOTE".
    1. Change the password for the user in SAP R/3.
    2. Maintain the password in SAP BW for the RFC destination (transaction SM59 - Logon/Security tab)
    3. Authorization test is now successful.
    (SM59 - Test - Authorization).
    Regards!

  • What is difference between  Service map iview and Workset Map iview

    Hi Experts,
                        Can anyone tell me the difference between  service map iView and Workset Map iView.
    When I am creating these iViews, its seams both are same. I canu2019t find difference still, can anyone help me out of this
    Thanks in Advance
    Janardhan

    Hi,
    Service Map Iview:The Service Map iView is an ERP-specific variant of the portal Workset Map iView. It serves as a central point of entry and guided access to the services of SAP service modules such as the Manager Self Service (MSS) module, or the Employee Self Service (ESS) module.
    Workset Map iview:A Workset Map is the equivalent of a site map, providing users with explicit information on the functionality that is available in a given workset. It is based on an iView, and serves as a central point of entry and guided access to the contents of a workset.
    if you want to more info pls go thr the below thread
    Workset Map iView
    i hope it will help you
    Thanks,
    Sreeni.

Maybe you are looking for