Ansicht
Dokumentation
GRCAC_MAINT_PARAM - Maintain Configuration Parameters
Fill RESBD Structure from EBP Component Structure BAL_S_LOG - Application Log: Log header dataThis documentation is copyright by SAP AG.
In this IMG activity you configure the parameters to specify log, critical transactions, role, and ID activities.
Define Remote Function Call (RFC) Destination
Superuser Privilege Management requires an RFC destination to call a specific RFC-enabled function module. Each time a ID logs in and creates a new session, the new session is opened using the RFC. The RFC destination must be basic with no access or users attached to it. Superuser Privilege Management can be configured for use with an existing SAP RFC. To define a new RFC destination, use transaction SM59.
The RFC parameter specifices the name of the remote function call.
1. After creating an RFC for Firefighter, enter this name in the Parameter Value column of the FireFighter Configuration Table.
2. Click the Save icon.
Scheduling Background Job for Logging
The Superuser Privilege Management background job monitors the use of firefighter IDs and records login events and transaction usage. The background job must be scheduled to generate and view the Firefighter Log report. To schedule a background job, use transaction SM36.
1. Run transaction SM36.
2. Enter a Job name.
3. Enter a Job class. It is recommended that you use the hightest priortiy setting.
4. Specify a Target server (optional).
5. Click Start Condition. The Start Time dialogue box appears.
6. Click Immediate.
7. Check Period job.
8. Click Period values and specify a time interval. It is recommended that you run this background job on an hourly basis.
9. Click the Save icon. The Define Background Job screen appears.
10. Click Step. The Create Step dialogue box appears.
11. Click ABAP program.
12. Enter the same job name in the Name field.
13. Enter a Variant (optional).
14. Click the Save icon. The Define Background Job reappears.
15. Click the Save icon to save the background job.
Firefighter ID Creation
A Firefighter ID is a userID with specific roles that allow the Firefighter to perform the required tasks in a firefighting situation. Use transaction SU01to create Firefighter IDs.
Create Firefighter ID users as type Service, rather than Dialog, so passwords do not expire.
Note: Firefighter IDs cannot be used for SAP logins. Do not use existing userIDs as Firefighter IDs.
Upload Role Definitions for Superuser Privilege Management Users
Superuser Privilege Management provides pre-delivered roles for all firefighter users. You can customize these roles according to specific naming conventions and needs. Below are the names and intended users of the pre-delivered firefighter roles.
| User | Role Names | Access | |
|---|---|---|---|
| Administrators | /VIRSA/Z_VFAT_ADMINISTRATOR | Configure, create and assign IDs | |
| Owners | /VIRSA/Z_VFAT_ID_OWNER | Resolves IDs issues | |
| Firefighters | /VIRSA/Z_VFAT_FIREFIGHTER | Complete activities in emergency |
These roles are delivered in a .DAT file. To install the .DAT roles, use transcation PFCG.
Assigning Roles to Users
Each user must be assigned a role.
Use transaction SU01 or PFCGto assign the firefighter roles to firefighter users. Pre-defined roles do not include the basic SAP system access required for functions such as printing, transaction SU53, and other no,,n-firefighter provisioning.
Customizing Role Definitions
When you customize user roles, try to follow the existing naming standards, so the purpose of each customized role is clear.
Conformance to Naming Standards
1. Run transcation PFCG.
2. Enter the firefighter role name (such as, /VIRSA/Z_VFAT_ADMINISTRATOR).
3. Click Copy and specify the Destination Activity Group (or Role).
4. Generate the role to ensure the related authorizations are created.
5. Repeat Step 1 through Step 4 to customize the other firefighter roles.
Customizing Role Authorizations to Your Needs
To customize the authorizations in the roles, consult your User/Security Administrator. Firefighter authorization object documentation specifies the significance of each object and field to help customize the authorizations of firefighter roles.
Maintaining Configuration Parameters
For detailed definition information on the configuration parameters refer to the Superuser Privilege Management User Guide documentation and Superuser Privilege Management Configuration Guide. The following table list the configuration parameters and the configuration settings.
| Parameter Name | Behavior | ||
|---|---|---|---|
| Retrieve Change Log | Yes - to capture transaction and change log information. | ||
| No - to capture only the transaction log information. | |||
| Critical Transaction Table from RAR Component | Yes- to use the critical transactions defined in Risk Analysis and Remediation component. | ||
| No - to use the critical transaction defined in this component. | |||
| Assign Roles Instead of IDs | Yes- to use firefighter roles. Set Default Role Expiration in Days | ||
| No - (Default) to use firefighter IDs. | |||
| Default Role Expiration in Days | Specify the number of days in which the role expires using the To/From dates. If you do not specify any days, then you must use the SAP calendar. When you assign valid From and valid To dates , these dates overrides the dates in this parameter. | ||
| Owner Additional Authorization | Yes- to allow only the defined owner of firefighter IDs to view and assign the firefighter ID. | ||
| No - to allow any owner to view and assign that firefighter ID. | |||
| Configuration Change Comment Mandatory | Yes - to make this comment mandatory. | ||
| No - to make this comment optional. | |||
| Controller Additional Authorization | Yes- to allow only the user to maintain controllers for those firefighter IDs ofr which the user is owner or adminsitrator. | ||
| No - to allow any user to maintain controllers. | |||
| Send Log Report with Critical Transaction Only | Yes - to send a log report that only contains critical transactions. | ||
| No- to send a log report that contains all transactions. | |||
| Send Log Report Execution Notification | Yes- to send an email to a controller with firefighter log information. | ||
| No - to not send email information to a controller. | |||
| Send Log Report Execution Immediately | Yes- to send log report email notification to the controller as soon as the /VIRSA/ZVFATBAK job runs. | ||
| No - if you plan to schedule the job /VIRSA/ZVFAT_LOG_REPORT report at different intervals. | |||
| Send Firefighter Login Notification | Yes- to send an email to a controller with firefighter log information. | ||
| No - to not send email information to a controller. | |||
| Send Login Notification Immediately | Yes - to send an email to a controller with firefighter login information after each login. | ||
| No- to schedule the /VIRSA/ZVFAT_LOG_NOTIFICATION report at different intervals and you plan to schedule these intervals with a different scheduling tool. |
SUBST_MERGE_LIST - merge external lists to one complete list with #if... logic for R3up General Data in Customer Master
This documentation is copyright by SAP AG.
Length: 12918 Date: 20240607 Time: 010915 sap01-206 ( 123 ms )
