Purpose

SAP has enabled the feature to execute Fire Fighter for web-based transactions using WEB-GUI Firefighter functionality. Now FF users can execute NWBC, FIORI and other web-based transactions using WEB-GUI FF. Web GUI is enabled for the cases where some web apps are not accessible via SAP GUI. In this blog, I am going to provide the step-by-step process for enabling WEBGUI firefighter, pre-requisites, limitations and usage.

Configuration

This configuration is applicable for centralized Firefighter configurations in SAP GRC 12.0, SP17

Activation steps

Actions needs to be performed in GRC system

GRC Team

Go to SPRO à IMG à Governance, Risk and Compliance à Access Control à Maintain Connector Settings

Select the connector à Assign Attributes to the connectorFor Embedded Fiori systems and Fiori systems we have to add SESSION_MANAGER and /UI2/FLP parameter

For the systems, where Fiori is not there, we just have to add SESSION_MANAGER

Basis Team

Offline coActivate below SICF services:

/default_host/sap/bc/gui/sap/its/webgui

/default_host/sap/public/myssocntl

/default_host/sap/public/bc/ur

/default_host/sap/public/bc/its/mimes

Below RZ10 parameters needs to be maintained with mentioned parameter values.

Actions needs to be performed in PLUG-IN system

Basis Team

Activate below SICF services

/default_host/sap/bc/gui/sap/its/webgui

/default_host/sap/public/myssocntl

Below RZ10 parameters needs to be maintained with mentioned parameter values

~NO_LOGON_USEREXIT = 1 parameter needs to be maintained under GUI configuration in WEBGUI SICF service under path “/default_host/sap/bc/gui/sap/its/”

Click on GUI configuration and maintain the ~NO_LOGON_USEREXIT=1

Whitelisting of WEBGUI URL’s is required – where basis team confirmed on the process.Go to Uconcockpit transaction.Cross verify, if paths are whitelisted or not. If not kindly whitelist the required pathAdd entry – https *.azure.intra.xxxxxx, port = * /sap/bc/gui/sap/its/* and whitelist if any path is blocked with below parameters. *.azure.intra.xxxx port = *Activate and ask GRC team to validate in all systems.

Below is the reference Screenshot.

Fiori Team

Create a Fiori Tile “GRC_FireFighter WebGUI” for end user and create a portal role to access the WEBGUI FF functionality by clicking on that Tile.

Pre-requisite to access FFID via Web GUI

FFID for required plug-in system should be assigned to FF users.To access any backend systems WEBGUI FF ID, user should login to Fiori portal link to access GRC-Firefighter- WEBGUI tile.

Limitations

Web-Gui Browser needs to be closed and should be refreshed during logout.SAP has limited the FF login using multiple FF IDs for same FF user and system. (Reference SAP note: 2672041 – GRC 12.0: Web Based Emergency Access Management)Not all FF logs will be captured related to web applications, especially for Web Dynpro tiles (Reference SAP note: 2952305 about FF log limitation)

Functionality availability

If you have different backend system then below table provides information about what the functionality available in the corresponding system on like WEBGUI FF logon, WEGGUI TCODES, GUI Tiles, WDA tiles, UI5 tile, BRF+, SOAMANAGER, NWBC, CRM_UI etc. and this may change going forward.

System

WEBGUI FF logon- GRC

WEBGUI TCODES

GUI tile

WDA tile

UI5 tile

BRF+

SOAMANAGER

NWBC

CRM_UI

Available

MDG

Available

CRM

Available

EWM

Available

Fiori

Available

GRC

Available

Summary

In this blog, I explored the significance of enabling SAP WEBGUI Firefighter features, configuration, pre-requisite, limitation, functionality available.

In upcoming blog, I will provide fixes of all issues that encountered during the WEBGUI FF functionality testing.

PurposeSAP has enabled the feature to execute Fire Fighter for web-based transactions using WEB-GUI Firefighter functionality. Now FF users can execute NWBC, FIORI and other web-based transactions using WEB-GUI FF. Web GUI is enabled for the cases where some web apps are not accessible via SAP GUI. In this blog, I am going to provide the step-by-step process for enabling WEBGUI firefighter, pre-requisites, limitations and usage. Configuration This configuration is applicable for centralized Firefighter configurations in SAP GRC 12.0, SP17 Activation stepsActions needs to be performed in GRC systemGRC TeamGo to SPRO à IMG à Governance, Risk and Compliance à Access Control à Maintain Connector SettingsSelect the connector à Assign Attributes to the connectorFor Embedded Fiori systems and Fiori systems we have to add SESSION_MANAGER and /UI2/FLP parameterFor the systems, where Fiori is not there, we just have to add SESSION_MANAGERBasis TeamOffline coActivate below SICF services: /default_host/sap/bc/gui/sap/its/webgui /default_host/sap/public/myssocntl /default_host/sap/public/bc/ur /default_host/sap/public/bc/its/mimesBelow RZ10 parameters needs to be maintained with mentioned parameter values. Login/accept_sso2_ticket = 1 login/create_sso2_ticket = 2Actions needs to be performed in PLUG-IN systemBasis TeamActivate below SICF services /default_host/sap/bc/gui/sap/its/webgui /default_host/sap/public/myssocntlBelow RZ10 parameters needs to be maintained with mentioned parameter values login/accept_sso2_ticket = 1 login/create_sso2_ticket = 2~NO_LOGON_USEREXIT = 1 parameter needs to be maintained under GUI configuration in WEBGUI SICF service under path “/default_host/sap/bc/gui/sap/its/”Click on GUI configuration and maintain the ~NO_LOGON_USEREXIT=1Whitelisting of WEBGUI URL’s is required – where basis team confirmed on the process.Go to Uconcockpit transaction.Cross verify, if paths are whitelisted or not. If not kindly whitelist the required pathAdd entry – https *.azure.intra.xxxxxx, port = * /sap/bc/gui/sap/its/* and whitelist if any path is blocked with below parameters. *.azure.intra.xxxx port = *Activate and ask GRC team to validate in all systems.Below is the reference Screenshot.Fiori TeamCreate a Fiori Tile “GRC_FireFighter WebGUI” for end user and create a portal role to access the WEBGUI FF functionality by clicking on that Tile. Pre-requisite to access FFID via Web GUIFFID for required plug-in system should be assigned to FF users.To access any backend systems WEBGUI FF ID, user should login to Fiori portal link to access GRC-Firefighter- WEBGUI tile.LimitationsWeb-Gui Browser needs to be closed and should be refreshed during logout.SAP has limited the FF login using multiple FF IDs for same FF user and system. (Reference SAP note: 2672041 – GRC 12.0: Web Based Emergency Access Management)Not all FF logs will be captured related to web applications, especially for Web Dynpro tiles (Reference SAP note: 2952305 about FF log limitation)Functionality availabilityIf you have different backend system then below table provides information about what the functionality available in the corresponding system on like WEBGUI FF logon, WEGGUI TCODES, GUI Tiles, WDA tiles, UI5 tile, BRF+, SOAMANAGER, NWBC, CRM_UI etc. and this may change going forward.SystemWEBGUI FF logon- GRCWEBGUI TCODESGUI tileWDA tileUI5 tileBRF+SOAMANAGERNWBCCRM_UIS4AvailableAvailableAvailableAvailableAvailableAvailableAvailableAvailableNAMDGAvailableAvailableAvailableAvailableAvailableAvailableAvailableAvailableNACRMAvailableAvailableNANANAAvailableAvailableAvailableAvailableBWAvailableAvailableNANANANANAAvailableNAEWMAvailableAvailableAvailableAvailableAvailableAvailableAvailableAvailableNAFioriAvailableAvailableAvailableAvailableAvailableAvailableAvailableAvailableNAGRCAvailableAvailableNANANAAvailableAvailableAvailableNA SummaryIn this blog, I explored the significance of enabling SAP WEBGUI Firefighter features, configuration, pre-requisite, limitation, functionality available.In upcoming blog, I will provide fixes of all issues that encountered during the WEBGUI FF functionality testing. Read More Technology Blogs by Members articles

#SAP

#SAPTechnologyblog

M	T	W	T	F	S	S
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

Advancing AI: AMD and Oracle deliver full stack performance

The Easy Way to Type Accents Without Wasting Hours

Multimodal Live API demo: GenList

Sip and Sync with Azure – Coming in 2025

Enabling WEBGUI Firefighter in SAP GRC

Purpose

Configuration

Activation steps

Actions needs to be performed in GRC system

GRC Team

Basis Team

Actions needs to be performed in PLUG-IN system

Basis Team

Fiori Team

Pre-requisite to access FFID via Web GUI

Limitations

Functionality availability

Summary

More From Author

DOCKING CONTAINER

SAP Developer News 2024 Year In Review Part 2

LLM Distraction

SAP Trading Partner Management – Part II – Data

SOLUTION MANAGER TEST SUITE – Step-by-Step Guide for Test Manager Workflow in SAP Solution Manager

You May Also Like:

DOCKING CONTAINER

SAP Developer News 2024 Year In Review Part 2

LLM Distraction

PELANGI99 | Pengertian Sosial Media

10 Things I Loved in 2024: Mike Kazimer

Reichmann’s Carbon-Lugged Senduro is Ultra Adjustable

2024 Pinkbike Awards: Performance of the Year Nominees

Video: Will Ceramic Coating Save Your Bike From Being Ruined?

Top Tagged

Purpose

Configuration

Activation steps

Actions needs to be performed in GRC system

GRC Team

Basis Team

Actions needs to be performed in PLUG-IN system

Basis Team

Fiori Team

Pre-requisite to access FFID via Web GUI

Limitations

Functionality availability

Summary

SAP Trading Partner Management – Part II – Data

SOLUTION MANAGER TEST SUITE – Step-by-Step Guide for Test Manager Workflow in SAP Solution Manager