cancel
Showing results for 
Search instead for 
Did you mean: 

GRC EAM logon error - Plan version current plan was set

cavalcante96
Explorer
0 Kudos
566

Hello guys!

I have a SAP GRC DEV environment connected to an SAP QAS environment.

All settings for EAM have been made. When I have to log in through the GRAC_EAM transaction, I click on Login for the assigned FF, enter the reason Code, after that a pop up does not open with the screen connected to the target system. Instead, the message "plan version current plan was set."

Accepted Solutions (1)

Accepted Solutions (1)

cavalcante96
Explorer
0 Kudos

Guys!

I got the solution. Make sure that the port 3200 and 3300 is allowed between SAP and GRC.

You can check it creating a RFC in both systems:

GRC -> SAP

SAP -> GRC

kumarkp
Explorer
0 Kudos

Hi Lucas

Great the issue was resolved and thank you for providing the solution.

Could you mention the solution points bit elaborately to understand better.

Thanks

Pkumar

cavalcante96
Explorer
0 Kudos

First you need to check if the RFC from GRC to SAP (GRC => SAP) is working correctly. Ports 3200 and 3300 must be unlocked for RFC to work correctly. This RFC from GRC to SAP (GRC => SAP) must be maintained.

Second, create an RFC from SAP to GRC (SAP => GRC), just to verify that the reverse route is also available for connection. If you create an RFC and the connection does not work, check ports 3200 and 3300 from SAP to GRC (SAP => GRC). This RFC does not need to be maintained, it will only serve to check whether the connection test and the authorization test are working.

For the above cases, you may need to work with the network/security team.

The Firefighter user must have the SAP_GRAC_SUPER_USER_MGMT_USER role assigned.

The Firefighter ID user must have the SAP_GRAC_SPM_FFID role assigned. This role must be configured in parameter 4010 in the SPRO transaction.

Note: These roles are SAP standards roles, you must create your own with your naming convention.

Note: I did not mention the fact that it is necessary to assign a Firefighert Owner/Controler and assign the Firefighter ID to the Firefighter user using access request. Among other things like reason codes etc...

Hasan_Bostanoglu
Explorer
0 Kudos

Hi Lucas,

How can i check ports are open for rfc ?

cavalcante96
Explorer
0 Kudos

Hi, Hasan!

It can be checked by Network Security Team, or someone who is responsible for network firewall.

Answers (2)

Answers (2)

cavalcante96
Explorer
0 Kudos

First you need to check if the RFC from GRC to SAP (GRC => SAP) is working correctly. Ports 3200 and 3300 must be unlocked for RFC to work correctly. This RFC from GRC to SAP (GRC => SAP) must be maintained.

Second, create an RFC from SAP to GRC (SAP => GRC), just to verify that the reverse route is also available for connection. If you create an RFC and the connection does not work, check ports 3200 and 3300 from SAP to GRC (SAP => GRC). This RFC does not need to be maintained, it will only serve to check whether the connection test and the authorization test are working.

For the above cases, you may need to work with the network/security team.

The Firefighter user must have the SAP_GRAC_SUPER_USER_MGMT_USER role assigned.

The Firefighter ID user must have the SAP_GRAC_SPM_FFID role assigned. This role must be configured in parameter 4010 in the SPRO transaction.

Note: These roles are SAP standards roles, you must create your own with your naming convention.

Note: I did not mention the fact that it is necessary to assign a Firefighert Owner/Controler and assign the Firefighter ID to the Firefighter user using access request. Among other things like reason codes etc.

kumarkp
Explorer
0 Kudos

Hi Lucas

Sorry for the late reply. Thanks for sending the detailed steps for the requested message.

Regards

PKumar

kumarkp
Explorer
0 Kudos

Hi Lucas

Can you check this note.1769547 - Firefighter login not possible message Plan version Current plan was set.

Regards

Pkumar