Uploaded on

SAP GRC 10 online Training at keylabs is result oriented training. Keylabs has SAP Certified consultants to provide SAP online Training on SAP All modules. Contact: US: +1-908-366-7933 , India: …

SAP GRC 10 online Training at keylabs is result oriented training. Keylabs has SAP Certified consultants to provide SAP online Training on SAP All modules. Contact: US: +1-908-366-7933 , India: +91-9550645679 , info@keylabstraining.com, Skype :keylabstraining

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. GRC 10 ONLINE TRAININGinfo@keylabstraining.comUSA: +1-908-366-7933India: +91-9550645679Skype : keylabstrainingwww.keylabstraining.com
  • 2. ACCESS CONTROL 10.0: INTRODUCTIONAccess Control 10.0: IntroductionSAP BusinessObjects Access Control is an enterprise software application thatenables organizations to control access and prevent fraud across the enterprise,while minimizing the time and cost of compliance.The application streamlines compliance processes, including access risk analysisand remediation, business role management, access request management,superuser maintenance, and periodic compliance certifications. It deliversimmediate visibility of the current risk situation with real-time data.Access Control 10.0 is part of newly released SAP Governance Risk & Compliance(GRC) 10.0 which also comprised of Process control 10.0, Risk Management10.0 and Global Trade Services.The greatest value in GRC 10.0 is the Harmonization of Access Control, ProcessControl and Riskmanagement which ultimately results in shared processes, data and user interfacewith reduction in redundancy.www.keylabstraining.com
  • 3. ACCESS CONTROL 10.0: LANDSCAPEwww.keylabstraining.com
  • 4. www.keylabstraining.comFront end:The front-end needs a web browser or (optionally) a clientinstallation of the NetWeaver Business ClientThe web browser can be used to access the embeddedNWBC or GRC via the NetWeaver PortalThe Adobe flash player 10 is used for displayingdashboards e.g. RM heat mapOverview of SAPBusinessObjects Access Control 10.0SAPGUI 7.10 PL 15 or higher is required for administrationor customizing tasks –note that SAPGUI 7.20 isrecommended due to the end-of-maintenance of SAPGUI7.10The Crystal Reports Adapter (CRA) is required for viewing(GRC) Crystal Reports.
  • 5. www.keylabstraining.comPortal:The NetWeaver Portal 7.02 can be used optionallyThe GRC Portal Content contains the GRC Portal UI elementsto access the GRC suiteThe Portal’s AS Java can contain an Adobe Document Servicesinstance, in effect Portal and ADS may beshared on one AS Java instanceERP and Non SAP Business Applications:The GRC solutions can communicate with SAP ERP and non-SAP business applications via plug-insNW Function Modules hold the AC functions for ERP systemswithout HR (former non-HR RTA)PC relevant features are contained in the plug-inGRCPIERP, for example, for running automated controlsand the HR relevant functions for AC (former HR RTA)GTS functions are part of the SLL-PI plug-in, for example, forGTS integration into the Logistics, HR, FI/COand/or HCM processes in SAP ERPNon-SAP ERP systems can also be connected via adaptersfrom an SAP Partner company
  • 6. www.keylabstraining.comBI Content:NetWeaver BW can be used for reporting via the GRC BI ContentThe GRC BI Content is part of BI Content 7.06NetWeaver BW 7.02 is used for the GRC BI Content.Identity Management:AC can be integrated bi-directionally to IdM solutions forprovisioning and risk analysisNetWeaver IdM7.2 is required for integrating with AC 10.0Adobe Document Services:An instance of Adobe Document Services (ADS) should beaccessible from the GRC AS ABAP forgenerating offline forms .Although it is technically optional, it is highly recommended forgenerating PDF reportsThese ADS can be an existing instance and can also be sharedwith other applicationsThe Portal’s AS Java can contain an Adobe Document Servicesinstance, so Portal and ADS may be sharedon one AS Java instance.
  • 7. NEW AND ENHANCED FEATURES:1) Enhanced Visualization and Streamlined Navigation – Thisenhancement provides a common look and feel with configurablerole-based user access for GRC functions from the SAP Portal orSAPNetWeaver Business Client (NWBC). Streamlined user navigationwith shared work centers emphasizes function rather thancomponent. This significantly reduces duplication of menu items(e.g., one inbox, not three) and makes possible sharing of data andfunctions. Menu items seen by the individual user within eachwork center is controlled by the user’s GRC role(s). This alsoenablesdata shared across components to be viewed differently by differentuserswww.keylabstraining.com
  • 8. NEW AND ENHANCED FEATURES:Improved Reporting – GRC reporting leveragesthe Business Suite ABAP List Viewer (ALV) –Crystal integration framework to present andpersonalize ABAP (WebDynpro) reports andconvert into Crystal reports. This lowers theTCO and extends the benefits of Crystal withoutthe need for a separate BOE server. It alsoreduces the time spent by business users onreporting needs. Custom Crystal reports withembedded graphics can also be created easilywith Crystal Designer.www.keylabstraining.com
  • 9. SEPARATION OF DUTIESSeparation of duties (SoD) is the concept ofhaving more than one person required tocomplete a task. In business the separationby sharing of more than one individual in onesingle task shall prevent from fraud and error.The concept is alternatively calledsegregation of dutieswww.keylabstraining.com
  • 10. SOD RISK MANAGEMENT PROCESSOVERVIEWSAP has developed a three-phase approach to riskmanagement. By applying this method, it ispossible to implement a process for segregation ofduties (SoD) risk management.The process beginsby defining the risks, and building and validatingrules.www.keylabstraining.com
  • 11. SOD RISK MANAGEMENT PROCESS OVERVIEWwww.keylabstraining.com
  • 12. www.keylabstraining.comSegregation of Duties and Critical Actions:In a Sarbanes Oxley Act regulated environment, business need todefine their access controls based on segregation of duties (SoD). Insome cases, it is challenging to define SoDs because in many cases,processes are shared among business areas. Below are examples ofrisks in non-segregated duties
  • 13. www.keylabstraining.comRule Building and Validation :After risk recognition, the second step in Phase One of theSoD Risk Management process is Rule Building andValidation.
  • 14. www.keylabstraining.com
  • 15. www.keylabstraining.comRule Building Process:Rules include risks, functions, and business processes. The maincomponents of the rule building process are shown below. Access Controlautomatically generates the rules as permutations of the different actionsand permissions derived from the combined functions.
  • 16. www.keylabstraining.comFunctions:Functions include specific actions commonly used for a job role or set oftasks, for example Maintain General Ledger Master Records or PostJournal Entry. Authorization to perform certain combinations of functionsresults in a risk.
  • 17. www.keylabstraining.comRule Structure:Actions and permissions combine to form functions. Functions in certaincombinations result in a risk. Risks are associated with business processesand all the components come together to form rules. Rules are collected in arule set.
  • 18. PHASE TWO OVERVIEWwww.keylabstraining.comThe purpose of this phase is to provide business processanalysts and business process owners with alternatives forcorrecting or eliminating risk.Risk AnalysisDuring Risk Analysis, perform a security analysis to identifyrisks for:Simple rolesComposite rolesUsersReview the roles to determine how certain personnel mightbe restricted from performing undesired activities bychecking:ObjectsFieldsValues
  • 19. PHASE 2 FIGUREwww.keylabstraining.com
  • 20. RISK REMEDIATION OVERVIEWwww.keylabstraining.comThe purpose of the remediation phase is to determine alternatives for eliminating issuesin roles.The recommended approach is to resolve issues in the following order:Single rolesThis is the simplest place to startPrevents SoD violations from being reintroducedComposite rolesUsersRisk RemediationUse a simulation to perform a "what if" analysis on the assignment or removal of useractionsUse the Management view or Risk Analysis reports for analysisSecurity Administrators should document the planBusiness Process Owners should be involved and approve the planSimulationSimulation allows you to preview the result of changes to roles and user actions to see ifyourchanges create new risk situations before implementing them Decide whether to add orremove a value
  • 21. MITIGATION CONTROLSwww.keylabstraining.com
  • 22. EXAMPLES OF MITIGATION CONTROLSwww.keylabstraining.comExamples of Mitigation ControlsReview of strategies and authorization limitsReview of user logsReview of exception reportsDetailed variance analysisEstablish insurance to cover impact of a security incidentTypes of Mitigation ControlsPreventative Controls: minimize the likelihood or impact of a risk before itactually occursDetective Controls: alert when a risk takes place and enable the responsibleperson to initiate corrective measuresBest PracticesSegregate creation and approval from assignmentUse mitigation as a last resort for exceptions left over from remediation effortsthat have legitimate business reasons to not use SoD controls
  • 23. CONTINUOUS COMPLIANCEwww.keylabstraining.com
  • 24. THE GRC ARCHITECTUREwww.keylabstraining.comGRC solutions share a common technology platform and can be installed ona single NetWeaver ABAP system.
  • 25. GRC COMPONENTSwww.keylabstraining.comComponentsGRC 10.0 runs on AS ABAP 7.02SP6 or higher. The installation components arebroken out as follows:Access Control, Process Control, and RiskManagement are contained in one ABAP add-onGRCFND_AGlobal Trade Services resides in a separate add-on SLL-LEGNota Fiscal Eletronica has its own add-on SLL-NFEContent Lifecycle Management (CLM) containsfunctions for transporting GRC business data, forexample, Access Control rules or Process Controlcontrols. CLM has the same version requirementsas the GRC 10.0 solution and is installed duringthe GRC installation. CLM can be disabled if notrequired.GRC customizing is transported using the
  • 26. ACCESS CONTROL 10.0 ARCHITECTUREwww.keylabstraining.comNetWeaver ABAP is the underlying platformHarmonized with the other GRC 10.0 applicationsLeverages existing NWABAP investments:Role comparison at Action or Permission levelComparison between roles within Access ControlHarmonization with Process Control and Risk Management allows users toleverage master data
  • 27. ACCESS CONTROL ARCHITECTURECOMPONENTSwww.keylabstraining.comAccess Control constitutes a set of core components:Access Risk Analysis and ManagementCompliance Certification ReviewRole ManagementRole MiningSuperuser Access ManagementAccess Control Repository
  • 28. GRC COMMON COMPONENTSwww.keylabstraining.comAccess Control uses a set of GRC common components as part of theharmonization of the GRC suite. These components are also availableto Process Control and Risk Management:GRC Master DataWorkflowReports and Dashboards
  • 29. NETWEAVER COMPONENTSwww.keylabstraining.comAccess Control uses ABAP Web Dynpro as the user interface or UItechnology.The GRC solution can be presented to end users by using either NWBC(NetWeaver Business Client) or through the use of SAP Portal.Configuration for Access Control is executed using the SAP IMG via theSAP GUI, which is common across the GRC suite.Access Control connects to SAP and non-SAP systems with adapter orIdM systems using the integration framework.The ABAP database is the common repository for all Access Control data.
  • 30. www.keylabstraining.com
  • 31. SECURITY AND AUTHORIZATIONSwww.keylabstraining.comYou are planning a solution and must be able to explain object-levelsecurity, authorization requirements, and identify delivered roles and securityobjects.Object-Level SecurityObject-Level Security gives you the ability to limit access for end users to what theyneed to see at a granular level. you can limit access by function, risk, user, oranyother authorization objects available within role maintenance.
  • 32. www.keylabstraining.comAuthorizationsTo configure the IMG, you need:PFCG role(s) relative to specific components to beconfiguredPFCG role(s) sufficient to configure SAP workflow andother non-GRC technologiesPFCG role(s) on GRC and non-GRC systems to set upContinuous MonitoringTo access GRC 10.0 solutions, you must have at leastthe following:Portal authorization or NWBC authorizationApplicable PFCG base roles
  • 33. www.keylabstraining.comPFCG role(s) relative to specific components (AC, PC, RM) to be usedUsing Access Control with GRC SolutionsIf you use Access Control with other GRC solutions, you can leveragethis functionality to:Manage PFCG roles used with GRCCreate GRC usersAssign GRC PFCG roles to usersPerform SoD analysis for PFCG role authorizationsAssignment of entity-level authorization (via application roleassignment) and ticket-based authorization (via substitution or transfer)must be done in the respective component.
  • 34. INSTALLATIONwww.keylabstraining.comInstallation Prerequisites –ServerNetWeaver AS ABAP 7.02 SP6 or higherInstallation Prerequisites –Back-endFor ERP systems that will install Access Control Plug-In the followingprerequisites must be met:For SAP ERP system 4.6C, the system must be at SAP_BASIS Support Pack 55For SAP ERP 4.70 system, the system must be at SAP_BASIS Support Pack 63For ERP 2004 system, the system must be at SAP BasisSupport Pack 18For ERP 6.0 system, the system must be at SAP_BASIS Support Pack 13For NetWeaver systems that will install Access Control Plug-In thefollowing prerequisites must be met:For SAP Basis 4.6C, the system must be at SAP_BASIS Support Pack 55For NW 6.20 system, the system must be at SAP_BASIS Support Pack 63For NW 6.40 system, the system must be at SAP_BASIS Support Pack 18For NW 7.00 system, the system must be at SAP_BASIS Support Pack 13For NW 7.01, the system must be at SAP_BASIS Support Pack 02For NW 7.02, the system must be at SAP_BASIS Support Pack 01For SAP Basis 710 system, the system must be at SAP_BASIS Support Pack 04
  • 35. WHERE TO OBTAIN THE GRC 10.0 SOFTWAREwww.keylabstraining.comhttp://service.sap.com/swdc
  • 36. CONTENT OF THE INSTALLATION ZIPwww.keylabstraining.com
  • 37. ACCESS CONTROL INSTALLATION NOTESwww.keylabstraining.comInstallation NotesSAP Note 1490996: Install SAP GRC Access Control 10.0 on SAP NW 7.02SAP Note 1500168: Install SAP GRC Access Control 10.0 Plug-In on SAPBASIS 46C NWSAP Note 1497971: Install SAP GRC Access Control 10.0 Plug-In on SAPBASIS 620 NWSAP Note 1501882: Install SAP GRC Access Control 10.0 Plug-In on SAPBASIS 640 NWSAP Note 1500689: Install SAP GRC Access Control 10.0 Plug-In on SAPBASIS 700 NWSAP Note 1503749:Install SAP GRC Access Control 10.0 Plug-In on SAPBASIS 710 NWSAP Note 1500169: Install SAP GRC Access Control 10.0 Plug-In on SAPBASIS 46C ERPSAP Note 1497972: Install SAP GRC Access Control 10.0 Plug-In on SAPBASIS 620 ERP
  • 38. INSTALLATION OF MAIN COMPONENTS OFAC/PC/RM 10.0www.keylabstraining.comGeneral Steps:1.Main installation components:GRCFND_A2.Download the installationpackages from ServiceMarketplace3.Install with the transactionSAINT4.Follow the detailed instructionsfrom the SAP Note 14909965.Apply the most recent SupportPackages
  • 39. INSTALLATION OF PLUG-IN FOR AC/PC 10.0 ON ERPwww.keylabstraining.comGeneral Steps:1.Main installation components:GRCPINWGRCPIERP2.Download the installationpackages from SMP3.Install with the transactionSAINT4.Follow the detailed instructionsfrom the SAP Notes 1500689 and15006905.Apply the necessary SupportPackages if there is anyNote: Plug-Ins vary depending onback end ERP system.Attention:The AC 10.0 plug-ins will upgrade any existing RTA from previousAC releases.This means that any AC instance on running 5.X will stop working after theplug-insare installed.
  • 40. GRC 10.0 POST-INSTALLATIONwww.keylabstraining.com1.Client Copy2.Activating Applications in Client3.Check SAP ICF Services4.Activating BC Sets5.Creating the Initial User in the ABAP System6.Activate Profile of Roles Delivered by SAP7.Activate Common Workflow
  • 41. CLIENT COPYwww.keylabstraining.comT-code which starts from SCC*1. Choose Administration --> System administration -->Administration >Client admin.>Client Copy-->Local Copy.2. Select a copy profile.3. Enter the source client.click the tick mark it will take some time ....you can refer the link belowhttp://help.sap.com/printdocu/core/print46c/en/data/pdf/bcctscco/bcctscco.pdf
  • 42. ACTIVATING APPLICATIONS IN CLIENTwww.keylabstraining.comCall the customizing withtransaction SPROChoose SAP ReferenceIMGExpand the Governance,Risk and Compliance >General Settings nodeand choose ActivateApplications in ClientChoose New Entries
  • 43. ACTIVATING APPLICATIONS IN CLIENTwww.keylabstraining.comClick the first row and select the GRC solution(s) requiredfor your projectThen choose the ActivecheckboxClick SaveNote: you may have to create a transport requestEXAMPLE IS OF GRC –PC,YOU MAY NEED AC IFYOU NEED ONLY ACCCESS CONTROL
  • 44. CHECK SAP ICF SERVICESwww.keylabstraining.comCall transaction SICFClick the Execute icon
  • 45. CHECK SAP ICF SERVICESwww.keylabstraining.comExpand the node default_host-> sap ->publicRight click publicand choose ActivateServiceChoose Activate Service for all sub-nodes
  • 46. CHECK SAP ICF SERVICESwww.keylabstraining.comProceed likewise with the nodedefault_host-> sap -> bcActivate all sub-nodes too
  • 47. CHECK SAP ICF SERVICESwww.keylabstraining.comNow activate the node default_host-> sap -> grcAlso activate all sub-nodes
  • 48. ACTIVATING BC SETSwww.keylabstraining.comCall transaction SPRO againClick SAP Reference IMGClick Existing BC Sets in the nextscreen
  • 49. ACTIVATING BC SETSwww.keylabstraining.comSelect a BC SetClick “BC Sets for Activity”
  • 50. ACTIVATING BC SETSwww.keylabstraining.comFrom the menu choose Goto >Activation TransactionThese BC sets can also be activated via transaction codeSCPR20
  • 51. ACTIVATING BC SETSwww.keylabstraining.comActivate the corresponding BC sets.Proceed likewise for all required PC, RM, and/or AC BC setsFor a complete list of BC Sets please refer to the PC/RM/AC install guide!NOTE:BELOW EXAMPLE IS FOR ACTIVATION ON TIME FRQUENCYFOR GRCPC:PROCESS CONTROL.
  • 52. ACTIVATING BC SETSwww.keylabstraining.comWhen activating always use “Expert” mode
  • 53. CREATING THE INITIAL USER IN THE ABAP SYSTEMwww.keylabstraining.comCall transaction SU01, create a userAssign following role to access GRC applications, such as AC•SAP_GRC_FN_BASEAssign following power user role to the person doing thecustomization of the product•SAP_GRC_FN_ALLAssign following role to the business users•SAP_GRC_FN_BUSINESS_USERAssign following role if you use NWBC as front end UI instead ofPortal•SAP_GRC_NWBC
  • 54. ACTIVATE PROFILE OF ROLES DELIVERED BY SAPwww.keylabstraining.com•Activate profile of roles delivered by SAP via transactionPFCG if you want to use them directly•For the list of the roles, please refer to Security Guide -here is an example of the SAP-GRC-NWBC role•Please use transaction “SUPC” for mass profilegeneration in case you want to generate profiles formultiple roles
  • 55. ACTIVATE COMMON WORKFLOWwww.keylabstraining.comCall transaction SPROagainClick SAP Reference IMGAccess Workflow node under Governance, Riskand Compliance > General SettingsExecute Perform Automatic WorkflowCustomizing
  • 56. ACTIVATE COMMON WORKFLOW PERFORMAUTOMATIC WORKFLOW CUSTOMIZINGwww.keylabstraining.comExecute Perform AutomaticWorkflow CustomizingMake sure that all tasks aregreen after the generation asshow in the screenshotNote: you may have to create atransport requestDuring the activation procedureyou might receive an errormessage, then check thecreated system user „WF-BATCH“ in SU01 if the user hassufficient roles assigned –seeSAP Note 1251255and theGRC Security Guide.You may need to run programRHSOBJCH to fix HR controltables
  • 57. ACTIVATE COMMON WORKFLOW PERFORMAUTOMATIC WORKFLOW CUSTOMIZINGwww.keylabstraining.comMaintain the Prefix Numbers to your needs or like shownin the screenshot
  • 58. ACTIVATE COMMON WORKFLOWPERFORM TASK-SPECIFIC CUSTOMIZINGwww.keylabstraining.comExecutePerformTask-SpecificCustomizingExpand theGRCnode.Click the AssignAgents link atthe right side ofthe GRCnode.Note: if no folders are visible below the “GRC“ folder please run report“RS_APPL_REFRESH” in SE38
  • 59. ACTIVATE COMMON WORKFLOWPERFORM TASK-SPECIFIC CUSTOMIZINGwww.keylabstraining.comAssign Task as General Taskvia Task Attribute.Make sure all tasks that arenot using Background taskhave been assigned asGeneral Task.
  • 60. ACTIVATE COMMON WORKFLOWPERFORM TASK-SPECIFIC CUSTOMIZINGwww.keylabstraining.comClick Activate event linking
  • 61. ACTIVATE COMMON WORKFLOWPERFORM TASK-SPECIFIC CUSTOMIZINGwww.keylabstraining.comClick the Properties iconSet the Linkage Status to NoerrorsMake sure Event linkageactivated is checked.Set Error feedback to Do notchange linkageBe sure to activate all WS.
  • 62. ACTIVATE COMMON WORKFLOWPERFORM TASK-SPECIFIC CUSTOMIZINGwww.keylabstraining.comRepeat the first four steps to activatethe solutions you need (e.g. for AccessControl “GRC-AC”)Note: task-specificcustomizing forGRC-AC isnotavailable in caseyou have the GRCplug-ins installed inyour GRC system,check the Appendixfor perfomingthecustomizing in thiscase
  • 63. POST-INSTALLATION TO FIRST EMERGENCY ACCESSwww.keylabstraining.com•RequirementsoAdding connector to SUPMG scenariooCreating users and assigning rolesoVerifying time zones•ConfigurationoMaintaining AC ownersoAssigning owners to firefighter IDsoAssigning firefighter IDs and controllers to firefightersoCreating reasons codes•Starting an emergency access session•Managing LogsoRunning log collectionoViewing the firefighter reports
  • 64. MAINTAIN CONFIGURATION SETTINGSwww.keylabstraining.com
  • 65. ADDING CONNECTOR TO SUPMG SCENARIOwww.keylabstraining.comTo create access requests it is required to have the SUPMG scenario linkedto the connector, this is done via IMG:
  • 66. CREATING USERS AND ASSIGNING ROLESwww.keylabstraining.comPlease create users and roles as needed. Remember tosynchronize again the repository (programGRAC_REPOSITORY_OBJECT_SYNC ). These roles areprovided as examples and customer roles need to be createdbased on their authorizations.In the AC systemRoleFirefighter userSAP_GRAC_SUPER_USER_MGMT_USERFirefightercontrollerSAP_GRAC_SUPER_USER_MGMT_CNTLRFirefighterownerSAP_GRAC_SUPER_USER_MGMT_OWNERIn the target systemRoleFirefighter IDSAP_GRAC_SPM_FFIDIn the AC system the Firefighter ID role is configured in ParamID4010 (Firefighter ID role name)Reminder: end users will require also the roles based onSAP_GRC_FN_BASEand SAP_GRC_FN_BUSINESS_USER
  • 67. VERIFYING TIME ZONESwww.keylabstraining.comFor logs to be properly captured the time zones in theconnected ERP systems need to be configured to match theoperating system and also the AC server time zone. This isdone in IMG under SAP NetWeaverGeneral Settings TimeZones Maintain System Settings
  • 68. CONFIGURATIONwww.keylabstraining.comMaintaining AC ownersAssigning owners to firefighter IDsAssigning firefighter IDs and controllers to firefightersCreating reasons codes
  • 69. MAINTAINING AC OWNERSwww.keylabstraining.comGo to NWBC Access Management GRC Role AssignmentsAccess Control Owners and maintain the controllers and ownersas shown below:After this is done it is possible to assign those to FireFighterIDs.
  • 70. ASSIGNING OWNERS TO FIREFIGHTER IDSwww.keylabstraining.comIn Access Management go to SuperuserAssignment and clickon Owners. Here owners are assigned to firefighter IDs.
  • 71. ASSIGNING FIREFIGHTER IDS ANDCONTROLLERS TO FIREFIGHTERSwww.keylabstraining.comNow you need to assign firefighter IDs and controllers tousers. This is done by going to SuperuserAssignmentFirefighter IDsNote: Multiple firefighter users and controllers can be assigned to amultiple firefighter ID.
  • 72. CREATING REASONS CODESwww.keylabstraining.comThe reason codes available for firefighter users are maintainedunder Superuser Maintenance Reason Codes
  • 73. STARTING EMERGENCY ACCESSwww.keylabstraining.comStarting a firefighter sessionLogin to the AC system using the firefighteruser and launch transaction GRAC_SPMYou will be able to connect to the targetsystem using the firefighter IDs previouslyassigned
  • 74. MANAGING LOGSwww.keylabstraining.comRunning Log CollectionViewing the firefighter reportsRunning log collectionForeground modeThe foreground job for log collection can be executed from the “Update FirefighterLog Button” which can be found in the following path:Reports And Analytics Super User Management Reports Consolidated LogReport
  • 75. RUNNING LOG COLLECTIONBACKGROUND MODEwww.keylabstraining.comThe Background Job for Log Collection can bescheduled periodically from SM36 using programGRAC_SPM_LOG_SYNC_UPDATE.