Purpose

SAP has enabled the feature to execute Fire Fighter for web-based transactions using WEB-GUI Firefighter functionality. Now FF users can execute NWBC, FIORI and other web-based transactions using WEB-GUI FF. Web GUI is enabled for the cases where some web apps are not accessible via SAP GUI. In this blog, I am going to provide the step-by-step process for enabling WEBGUI firefighter, pre-requisites, limitations and usage.

Configuration

This configuration is applicable for centralized Firefighter configurations in SAP GRC 12.0, SP17

Activation steps

Actions needs to be performed in GRC system

GRC Team

Go to SPRO à IMG à Governance, Risk and Compliance à Access Control à Maintain Connector Settings

Select the connector à Assign Attributes to the connectorFor Embedded Fiori systems and Fiori systems we have to add SESSION_MANAGER and /UI2/FLP parameter

For the systems, where Fiori is not there, we just have to add SESSION_MANAGER

Basis Team

Offline coActivate below SICF services:

/default_host/sap/bc/gui/sap/its/webgui

/default_host/sap/public/myssocntl

/default_host/sap/public/bc/ur

/default_host/sap/public/bc/its/mimes

Below RZ10 parameters needs to be maintained with mentioned parameter values.

Actions needs to be performed in PLUG-IN system

Basis Team

Activate below SICF services

/default_host/sap/bc/gui/sap/its/webgui

/default_host/sap/public/myssocntl

Below RZ10 parameters needs to be maintained with mentioned parameter values

~NO_LOGON_USEREXIT = 1 parameter needs to be maintained under GUI configuration in WEBGUI SICF service under path “/default_host/sap/bc/gui/sap/its/”

Click on GUI configuration and maintain the ~NO_LOGON_USEREXIT=1

Whitelisting of WEBGUI URL’s is required – where basis team confirmed on the process.Go to Uconcockpit transaction.Cross verify, if paths are whitelisted or not. If not kindly whitelist the required pathAdd entry – https *.azure.intra.xxxxxx, port = * /sap/bc/gui/sap/its/* and whitelist if any path is blocked with below parameters. *.azure.intra.xxxx port = *Activate and ask GRC team to validate in all systems.

Below is the reference Screenshot.

Fiori Team

Create a Fiori Tile “GRC_FireFighter WebGUI” for end user and create a portal role to access the WEBGUI FF functionality by clicking on that Tile.

Pre-requisite to access FFID via Web GUI

FFID for required plug-in system should be assigned to FF users.To access any backend systems WEBGUI FF ID, user should login to Fiori portal link to access GRC-Firefighter- WEBGUI tile.

Limitations

Web-Gui Browser needs to be closed and should be refreshed during logout.SAP has limited the FF login using multiple FF IDs for same FF user and system. (Reference SAP note: 2672041 – GRC 12.0: Web Based Emergency Access Management)Not all FF logs will be captured related to web applications, especially for Web Dynpro tiles (Reference SAP note: 2952305 about FF log limitation)

Functionality availability

If you have different backend system then below table provides information about what the functionality available in the corresponding system on like WEBGUI FF logon, WEGGUI TCODES, GUI Tiles, WDA tiles, UI5 tile, BRF+, SOAMANAGER, NWBC, CRM_UI etc. and this may change going forward.

System

WEBGUI FF logon- GRC

WEBGUI TCODES

GUI tile

WDA tile

UI5 tile

BRF+

SOAMANAGER

NWBC

CRM_UI

Available

MDG

Available

CRM

Available

EWM

Available

Fiori

Available

GRC

Available

Summary

In this blog, I explored the significance of enabling SAP WEBGUI Firefighter features, configuration, pre-requisite, limitation, functionality available.

In upcoming blog, I will provide fixes of all issues that encountered during the WEBGUI FF functionality testing.

PurposeSAP has enabled the feature to execute Fire Fighter for web-based transactions using WEB-GUI Firefighter functionality. Now FF users can execute NWBC, FIORI and other web-based transactions using WEB-GUI FF. Web GUI is enabled for the cases where some web apps are not accessible via SAP GUI. In this blog, I am going to provide the step-by-step process for enabling WEBGUI firefighter, pre-requisites, limitations and usage. Configuration This configuration is applicable for centralized Firefighter configurations in SAP GRC 12.0, SP17 Activation stepsActions needs to be performed in GRC systemGRC TeamGo to SPRO à IMG à Governance, Risk and Compliance à Access Control à Maintain Connector SettingsSelect the connector à Assign Attributes to the connectorFor Embedded Fiori systems and Fiori systems we have to add SESSION_MANAGER and /UI2/FLP parameterFor the systems, where Fiori is not there, we just have to add SESSION_MANAGERBasis TeamOffline coActivate below SICF services: /default_host/sap/bc/gui/sap/its/webgui /default_host/sap/public/myssocntl /default_host/sap/public/bc/ur /default_host/sap/public/bc/its/mimesBelow RZ10 parameters needs to be maintained with mentioned parameter values. Login/accept_sso2_ticket = 1 login/create_sso2_ticket = 2Actions needs to be performed in PLUG-IN systemBasis TeamActivate below SICF services /default_host/sap/bc/gui/sap/its/webgui /default_host/sap/public/myssocntlBelow RZ10 parameters needs to be maintained with mentioned parameter values login/accept_sso2_ticket = 1 login/create_sso2_ticket = 2~NO_LOGON_USEREXIT = 1 parameter needs to be maintained under GUI configuration in WEBGUI SICF service under path “/default_host/sap/bc/gui/sap/its/”Click on GUI configuration and maintain the ~NO_LOGON_USEREXIT=1Whitelisting of WEBGUI URL’s is required – where basis team confirmed on the process.Go to Uconcockpit transaction.Cross verify, if paths are whitelisted or not. If not kindly whitelist the required pathAdd entry – https *.azure.intra.xxxxxx, port = * /sap/bc/gui/sap/its/* and whitelist if any path is blocked with below parameters. *.azure.intra.xxxx port = *Activate and ask GRC team to validate in all systems.Below is the reference Screenshot.Fiori TeamCreate a Fiori Tile “GRC_FireFighter WebGUI” for end user and create a portal role to access the WEBGUI FF functionality by clicking on that Tile. Pre-requisite to access FFID via Web GUIFFID for required plug-in system should be assigned to FF users.To access any backend systems WEBGUI FF ID, user should login to Fiori portal link to access GRC-Firefighter- WEBGUI tile.LimitationsWeb-Gui Browser needs to be closed and should be refreshed during logout.SAP has limited the FF login using multiple FF IDs for same FF user and system. (Reference SAP note: 2672041 – GRC 12.0: Web Based Emergency Access Management)Not all FF logs will be captured related to web applications, especially for Web Dynpro tiles (Reference SAP note: 2952305 about FF log limitation)Functionality availabilityIf you have different backend system then below table provides information about what the functionality available in the corresponding system on like WEBGUI FF logon, WEGGUI TCODES, GUI Tiles, WDA tiles, UI5 tile, BRF+, SOAMANAGER, NWBC, CRM_UI etc. and this may change going forward.SystemWEBGUI FF logon- GRCWEBGUI TCODESGUI tileWDA tileUI5 tileBRF+SOAMANAGERNWBCCRM_UIS4AvailableAvailableAvailableAvailableAvailableAvailableAvailableAvailableNAMDGAvailableAvailableAvailableAvailableAvailableAvailableAvailableAvailableNACRMAvailableAvailableNANANAAvailableAvailableAvailableAvailableBWAvailableAvailableNANANANANAAvailableNAEWMAvailableAvailableAvailableAvailableAvailableAvailableAvailableAvailableNAFioriAvailableAvailableAvailableAvailableAvailableAvailableAvailableAvailableNAGRCAvailableAvailableNANANAAvailableAvailableAvailableNA SummaryIn this blog, I explored the significance of enabling SAP WEBGUI Firefighter features, configuration, pre-requisite, limitation, functionality available.In upcoming blog, I will provide fixes of all issues that encountered during the WEBGUI FF functionality testing. Read More Technology Blogs by Members articles

#SAP

#SAPTechnologyblog

M	T	W	T	F	S	S
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

The best mousepad I’ve ever used.

Data As a Corporate Asset—the GenAI-era Take (Part 2)

Mr. Maeda’s Cozy AI Kitchen – The Book of AI, with Rob Chambers

Building Generative AI Apps with Azure Cosmos DB [Pt 8]

Enabling WEBGUI Firefighter in SAP GRC

Purpose

Configuration

Activation steps

Actions needs to be performed in GRC system

GRC Team

Basis Team

Actions needs to be performed in PLUG-IN system

Basis Team

Fiori Team

Pre-requisite to access FFID via Web GUI

Limitations

Functionality availability

Summary

More From Author

ALV TO EXCEL-SAP|ABAP

Amazon launches a generative AI tool for audio ads in the U.S.

Activating Altiverse/Metaverse [+1]

SAP Trading Partner Management – Part II – Data

SOLUTION MANAGER TEST SUITE – Step-by-Step Guide for Test Manager Workflow in SAP Solution Manager

You May Also Like:

ALV TO EXCEL-SAP|ABAP

Amazon launches a generative AI tool for audio ads in the U.S.

Activating Altiverse/Metaverse [+1]

Desert Delirium – Dario’s Rampage Randoms

Bike Check: The Auguste Causse Toujours is the Downcountry Bikepacking Bike I Didn’t Know I Wanted

Review: WTB’s Revised Tough Casing Tires

Dogs of Rampage 2024

Mobile App Development Course with React Native, Supabase, Next.js

Top Tagged

Purpose

Configuration

Activation steps

Actions needs to be performed in GRC system

GRC Team

Basis Team

Actions needs to be performed in PLUG-IN system

Basis Team

Fiori Team

Pre-requisite to access FFID via Web GUI

Limitations

Functionality availability

Summary

SAP Trading Partner Management – Part II – Data

SOLUTION MANAGER TEST SUITE – Step-by-Step Guide for Test Manager Workflow in SAP Solution Manager