GRC V10 SPM: login notification
Hi experts,
we created a lot of Z-objects via SE61 (saved+activated). As well we mapped the MSMP-objects. Everythings fine and work well. We transported every object to the PRD and all Z-objects for MSMP where used. But the login-notification is not a relevant MSMP-event. So where is it possible to change the SAP-object to our Z-object for the login notification of the SPM?
I cannot find the relevant configuration setting in SPRO. Any ideas?
I am talking about the objects: GRAC_SPM_NOTIFICATION + GRAC_SPM_LOG_NOTIFICATION which are used for the login notification events.
Thanks,
Alexa
HI Alexa
You will need to configure the custom notification message in the IMG
Path: Governance, Risk and Compliance > Access Control > Workflow for Access Control > Maintain Custom Notification Messages
Screen shot below is the example you will need for the FF Login Notification Event
The Document Object is the SE61 custom message you created
Note, if you are implemented decentralised FF then you will need to configure this message in the plug-in configuration via IMG path:
Governance, Risk and Compliance (Plug-In) > Access Control > Maintain Custom Notification Messages for Emergency Access (Plug-In)
The program looks for this configuration first based on the message class before using the SAP standard as default.
The message classes you need to create entries for can be found by searching in the matchcode
0AC_SPM_INSTRUCTION 000 SPM workflow instruction
0AC_SPM_LOG_NOTIFY 000 SPM Log notification
0AC_SPM_NOTIFICATION 000 SPM Login Notification
Similar Messages
-
Option with GRC 5.3 CUP to consolidate the Login Notif. for Xple Systems
Hi,
We are setting up a GRC environment for provisioning accounts for users in Dev and Test SAP systems. We are planning to use a single request to provision accounts to 15-20 systems simultaneously and we are checking ways to consolidate the login notification to the user.
With our current setting to auto provision the account, the user will get separate mails for each systems. Is there any tweak that will help in consolidating the different mails for different systems to a single one with the same UID and password.
I know there may not be any standard way of doing this, but then there can be fresh ideas from experts.
Thanks, AnilSorry, Anil. There is no way to configure those provisioning emails. You can change the wordings or remove them but you won't be able to consolidate them.
Regards,
Alpesh -
Unsuccessful Login Notification Does Not Reset To Zero
Dear all,
os: OUL5x64
ebs R12 12.0.6
db 10.2.0.4
when users connect to the application and login with the wrong password
On 12.0.6 in Production:
When attempting to login the applications Find that Unsuccessful login notification always
displays a cumulative count of unsuccessful logins every time. It does not reset to zero
after you successfully login.
Please advise how to fix this notification.
Thanks,Hi,
Please see (Note: 848921.1 - Unsuccessful Login Notification Does Not Reset To Zero).
Regards,
Hussein -
Good day,
OK, it seems that I am missing something with GRC 10. We are upgrading from CC4.0 to GRC 10. I believe I have everything configured through SPRO correctly. I can run a risk analysis on end users and I get results. I am now at the point where I put the mitigations into the system but I have seem to run into a snag. When I go to master data > Mitigation, I start to fill in the information but when I try to add a AC Owner I get "No Results Found".
I have tried adding a Owner to a risk and then going back, I have also added a user under "Access Management" tab with "Access Control Owners". I have reviewed almost every node in SPRO and I can not seem to find where I am missing something.
I am sure it is simple since I can not find any documentation on this almost anywhere. We are currently running GRC v10 SP5. We are only planning to use the RAR (5.3 term) portion of AC not the other part (Example: Risk Terminator). Please let me know if there is a simple solution to get a user populated in the AC Owner tab.
Kind Regards,
PaulSome of the GRC Roles ..
SAP_GRAC_ACCESS_APPROVER Role for Access Request Approver
SAP_GRAC_ACCESS_REQUESTER Role for End user
SAP_GRAC_ACCESS_REQUEST_ADMIN Role for Access Request Administrator
SAP_GRAC_ALERTS Generate, clear and delete SOD Alerts
SAP_GRAC_ALL Super Admin for AC
SAP_GRAC_BASE Base Role for all Access Control Users.
SAP_GRAC_CONTROL_APPROVER Create AC MIT control, approve, assign, alert and perform Risk analysis
SAP_GRAC_CONTROL_MONITOR Ability to assign MIT control to Risk and perform risk analysis
SAP_GRAC_CONTROL_OWNER Create AC MIT control.
SAP_GRAC_DISPLAY_ALL Display Access To All AC Objects.
SAP_GRAC_END_USER End User as a GRC Guest
SAP_GRAC_FUNCTION_APPROVER Approve Function for Workflow
SAP_GRAC_NWBC View Access Control Information Architecture.
SAP_GRAC_REPORTS Ability to run all AC reports.
SAP_GRAC_RISK_ANALYSIS Ability to Perform Risk Analysis
SAP_GRAC_RISK_OWNER Risk maintainence And Risk Analysis
SAP_GRAC_ROLE_MGMT_ADMIN Role Management Admin
SAP_GRAC_ROLE_MGMT_DESINGER Role Management Designer
SAP_GRAC_ROLE_MGMT_ROLE_OWNER Role Owner
SAP_GRAC_ROLE_MGMT_USER Role Management Business User
SAP_GRAC_SUPER_USER_MGMT_USER Super User Firefighter
SAP_GRAC_SUPER_USER_MGMT_ADMIN Super User Administrator Role
SAP_GRAC_SUPER_USER_MGMT_CNTLR Super User Controller Role
SAP_GRC_MSMP_WF_ADMIN_ALL MSMP Overall Administrator
SAP_GRC_MSMP_WF_CONFIG_ALL MSMP Overall Configurator
SAP_GRAC_RULE_SETUP Ability to define Access Rules
SAP_GRAC_SETUP Ability to setup Access Control
SAP_GRC_FN_BASE GRC - Base role to run applications
Hope it helps ..
Vikas -
WebServices in GRC v10.0
Hi all,
I have three questions to WebServices regarding SAP GRC v10.0:
1. Is it possible with v10 to check permissions via WebServices (SAPGRC_AC_IDM_*) only with the RAR component? In v5.3 it was only possible, if CUP was installed too.
2. Contain the WebService SAPGRC_AC_IDM_RISKANALYSIS in v10 a analysis of critical permissions? In v5.3 only SoDs and critical actions was checked.
3. What is the task of the parameter includeCrossSystemsAnalysis of the WebService VirsaCCRiskAnalysisService in v10? In v5.3 the value of this WebService has no impact to the SoD check (it SHOULD be:
includeCrossSystemsAnalysis == true ==> cross system SoD check
includeCrossSystemsAnalysis == false ==> single system SoD check
But doesn't matter what's the value of the parameter. There is always a cross system check. Has this changed in v10.0?
Regards
PeterHi Peter,
AFAIK the web services have not yet been published.
If you had the web service return violations without the requirement for CUP, what would you do with that information?
I hear that question a lot, I would really like to understand the ideas behind it.
To one of your other questions: cross system check is only possible for dedicated cross system risks. If there are no such risks defined, this will not yield any results no matter what the value of the parameter is.
Thanks,
Frank. -
I want to disable login notification in my browser?
I enabled login notification, so now I have to name my computer to sign into facebook.
See http://www.etalkindia.com/talk/computer-software-troubleshooting/257-using-hindi-internet-windows-xp-hindi-typewriter-layout-tutorial.html
-
Login Notifications, Email Alert
I need login notifications just like facebook. I want to know if somebody else is using my skype account. is this too much to ask. This is for everybody's peace of mind. A much needed security please.
We are installing a PC at a remote location where users have been known to not always play by the rules. The PC will automatically log into a locked down standard user, but there are some users that might want to access the Admin account. We have auditing enabled, but would also like to get an email alert when someone attempts to log into the admin account.I was able to stumble across this article on HowToGeek: http://www.howtogeek.com/123568/how-to-get-email-notifications-whenever-someone-logs-into-your-compu...It explains how to get an email when someone logs in, but not for failed login attempts.The PC is running Windows 7 Pro in a workgroup setup.
This topic first appeared in the Spiceworks Community -
Hi,
I need some information about implementing integration with SAP GRC v10 and SoD. Does anyone of you has any experience in that configuration?
We have only base information in SAP UM Connector doc and on metalink either. Dooes anyone work with SAP GRC v10 and OIM 11g?
best
mpSee if this helps:
http://www.oracle.com/technetwork/testcontent/oimconnectordatasheet-saperp-134222.pdf
regards,
GP -
I have to tell Firefox that I am logging in from "home" every time I log into Facebook. Firefox will not let me unclick ""Send me an email" under Login Notifications in Facebook "My Account" settings. Why? (to both questions)
It started last week - I normally use Chrome to play my games in Facebook - but I started getting "Sorry, this feature isn't available
right now"..... When I used IE..... no problem - a friend said to install Foxfire, which I did, but I made the mistake of having my bookmarks and whatever transferred from Google as it is the browser I used most often and it has all my bookmarks, but
now it does the same thing when I try to log into Facebook. - I have no problem with any other website. I deleted both Google and Foxfire and tried to start over - I cleared History and checked all the boxes hoping that this would help - but it did not.
I can't understand why I can get in with IE, but not Google or Foxfire. Do you have any suggestions.......
On Friday, it started working again - and everything was fine. But on Sunday evening I ran the History Clean in Google and when
I went to log back in, I couldn't and got the same "Sorry" message and has stayed this way since.
I ran a Norton scan of the entire computer, a Hitman scan, a CCleaner scan, ... all to no avail. Problem still exists.
I tried to run a restore program prior to the problem, but I am getting error messages like mad.
there has been two Windows Updates in this time frame and I don't know if this has anything to do with it or not - but my Restore program does not work.
NYCsDancer -- if its working via Internet Explorer, we can't help you much. Most of the time it has to do with Cookies, or your Java Version. I'd reach out to Google's forums for assistance with Chrome
https://support.google.com/chrome/?hl=en#topic=3227046
or Firefox support for assistance with Firefox
https://support.mozilla.org/en-US/products/firefox
Or as S.Sengupta said reach out to the Facebook Help center....
Entrepreneur, Strategic Technical Advisor, and Sr. Consulting Engineer - Strategic Services and Solutions Check out my book - Powershell 3.0 - WMI: http://amzn.to/1BnjOmo | Mastering PowerShell Coming in April 2015! -
GRC AC v10 SPM WF - Workflow Item not showing up in WF Inbox
GRC AC v10 - SP12
The outlook email notification for the Workflow Item goes out, but there is nothing in the NWBC Inbox for the WF Item. Subsitution is setup correctly.
Any ideas?
-johnHi John
this is probably be a silly question but what substitution did you set up for ZFF_CTL_01? I assume the item is in that user's inbox. Which user is meant to be receiving?
I also noticed this KB article (1589130) which mentions the delegated person needs GRAC_REQ authorisation. Have you checked if security access issue?
There was also mention that the delegated approver does not appear in the MSMP instance runtime (your screen shot suggests same situation unless you have not set up the delegation). SP14 delivers the fix or refer to 1915928 - UAM: Delegated Approver is not visible in the Instance status
Possibly have a look at both of them to see if they resolve your issue.
Regards
Colleen -
Delay sending email to controller regarding FF_ID login notification
Hi all,
We have just donde the configuration for SPM and we are experiencing some delay (about 5, 7 minutes sometimes) regarding email notifications to controller when FF_ID login is done.
Anyone of you have ever experienced this? Is there something that can be configured or depends on the system load?
Many thanks for all. Best regards and happy weekend.
ImanolHi,
It depends on the backend background job frequency which is scheduled for email. Suppose the job is scheduled to run at the interval of five minutes and the login is done just after the completion of job, then mail will wait till next job gets triggered. Check the job schedule.
Let us know if there is any other reason and solution....because it is just my understanding but not my expereienced analysis.
Regards,
Sabita -
GRC AC: regular Email notification about role or account expiration
Hello all,
Is it possible to use GRC AC for sending email notifications to users about role or account expiration?
For example 1 week before SAP account expired.
Or should we use some external application for this job?
Thanks,
Anton,Hi Anton,
CUP is not designed to for sending email notifications to users about role or account expiration.
If you want this functionality, please open an enhancement request following the note below.
Note # 1083615 - GRC Access Control Enhancement Process.
Best Regards,
Sirish Gullapalli. -
GRC Request Rejected - Closing Notification Incorrect
Hi All,
I came across a scenario where if the entire request has been rejected by the approver, then closing notification shows "No provisioning logs avaialble"
This is wrong as it should show proper message for rejected requests.
We are on GRC SP13. I found a SAP note which talks about this issue, but it is applicable for SP9.
1708300 - UAM : Incorrect message in the request closing email
1594181 - MSMP Notification Closing template correction
If anyone has come across the same issue, please help with this issue
Regards,
Sai.Hi Sai,
Your expectation is correct, but %PROVISIONING% catches the data only once request is processed as per provisioning setting, wherein case of rejections it does not reaches to provisioning stage, so it does not catches reason Rejected/cancelled.
Solution:
You can check with SAP to modify the logic for provisioning to catch these reasons through %PROVISIONING% variable through notification rule GRAC_NOTIF_VAR_RULE_AR
Solution with present situation:
Remove notification event END_OF_REQUEST from "Process Global Settings" as well as from notification settings at stage level.
If you have two stages:
Notification setting for stage 1:
Notification Event: Rejected-->>Template ID: GRAC_AR_REJECTED or the custom one if you want text changes-->>GRAC_USER
Notification Event: Approved-->>select template as per your requirement of notification
Notification setting for Stage 2:
Notification Event: Rejected-->>Template ID: GRAC_AR_REJECTED or the custom one if you want text changes-->>Recipient ID: GRAC_USER
Notification Event (As for last stage): Approved-->>Template ID: GRAC_AR_CLOSE (Standard with variable %PROVISIONING%)-->>Recipient ID: GRAC_USER also for Requester.
This way user will get provisioning details only for approved requests and text for rejection for rejected requests.
BR,
Mangesh -
Failed Login Notification via SMTP
Hello,
I am looking for a way to generate an SMTP message in response to a failed login attempt (admin interface access or failed user login attempt). Any suggestion on how I might make this happen is appreciated.
Thanks.Hi.
I'm not sure what device type you're talking about, but if it's SNMP capable, most IOS devices support traps on failed logins, or if that's not supported, and syslogging is, the device (again, if running IOS) can send a syslog trap for the failed login attempt to a NMS server that supports email notification of events (such as Ciscoworks (LMS)-Device Fault Manager).
Is this the kind of thing you're looking for?
HTH,
-Joe -
GRC 10 Work Inbox Notification or Universal Work List instead of SMTP
Hi,
I wanted to check with you all if there is a possibility to get SAP internal Work Inbox or UWL notification instead of outlook/SMTP notification.
The scenarios this will be required for us are
1. User ID details communication at the end of the request.
2. Notification if access is approved/ rejected.
3. Notification for Firefighter approved or rejected.
4. BRM role approval notification
Kindly let me know if we can pull the notification from Outlook/SMTP to internal SAP Mailbox.
Regards,
Prasad ChaudhariHi Guru,
If I am not wrong the items mentioned send notification to outlook/smtp and not work inbox. The work inbox will get request for approval and uar/sod review.
Are you talking of some parameter/settings to change this behaviour?
Thanks,
Prasad Chaudhari
Maybe you are looking for
-
I want to make performance fast of this query.
Hello friends, I have used following queries in my 9 screen interactive report.Output/result is perfect but performance became damn slow. I have used........(note : T2 is internal table) SELECT VBELN INTO (T2-VBELN) FROM VBAK WHERE AUART IN AUART AND
-
Using Metadata to generate view as conventional folder structure
Can Metadata be used to generate a view as the conventional folder drill-down? I have a list with metadata for different projects, releases, content type etc and I would like to view them in folder structure with different hierarchies, i.e. using pro
-
Hello. One (of the two) USB ports is not working. Now what? Please help. Thanks. :-) OSX 10.9.4
-
G4 (MDD) running OS X 10.4.11 - Just got a Zoom H2 digital recorder - when I try to connect to USB (via powered hub) I get a low-power warning and no luck connecting (even with the H2 plugged in via A/C). It works fine when I plug directly into the U
-
I am getting a short dump ASSIGN_LENGTH_0 , program error - Assign with length 0 in program SAPLSNR3 while installing Business content. I have selected in data flow before and after Can anyone tell what this error relates to.