Enterprise Asset Management, Linear

Asset Management 1

Technical Data

Technical Name of Business Function LOG_EAM_LINEAR_1

Type of Business Function Enterprise business function

Available As Of SAP enhancement package 5 for SAP ERP 6.0

Technical Usage Central Applications

Application Component Technical Objects (PM-EQM)

Required Business Function Not relevant

This business function enables you to describe, display, and manage linear
assets. Linear assets are technical systems with a linear infrastructure whose
condition and properties can vary from section to section (dynamic
segmentation).
Examples of linear assets include:
 Pipelines
 Roads and railway tracks
 Overhead power lines / cables
You can create linear assets as technical objects (such as functional locations
and equipment) and store linear data. You can carry out maintenance tasks
for these technical objects, which result in notifications, maintenance orders,
and measurement documents, for example. This enables you to monitor what
condition your linear assets are in, identify where there is damage or a defect
(using the start point, end point, and offset), and manage all types of
maintenance tasks (planned, unplanned, and preventive).
You can enter the following information as linear data for displaying,
managing, and maintaining your linear assets:
 Start point, end point, length, and unit of measurement (for example,
kilometers, miles)
 Information on markers (such as start and end points, the distance between
a marker and the start point, the distance between a marker and the end
point), and unit of measurement
 Information on the offset (for example, horizontal or vertical offset), and
units of measurement

Integration
You can use the Simplified Management of EAM
Functions (LOG_EAM_SIMPLICITY) business function to implement business
packages that enable maintenance workers to complete their daily tasks more
quickly and easily. The following business packages simplify maintenance
processes for planned and unplanned activities as well as the access to stock
data:
 Business Package for Maintenance Worker
 Business Package for Generic EAM Functions
With the Operation Account Assignment (LOG_EAM_OLC) business function,
you can use the operation of a maintenance order or service order as the
account assignment object. As a result, you can allocate estimated, planned,
and current costs at operation level.
With the Enterprise Asset Management Part 2 (LOG_EAM_SIMP) business
function, you can use maintenance processes more easily.

Prerequisites
You have installed the following components with the version mentioned or
higher:
Component Component Only Required for the Following
Type Functions

Software EA-APPL 605

component SAP_APPL 605

Portal content Business Package for Generic EAM Create, change, and display linear
Functions reference patterns in the SAP
NetWeaver Portal or SAP NetWeaver
Business Client
 SAP ESA ECC-SE 605, namespace Enhanced Enterprise Services for
Enterprise http://sap.com/xi/EA-APPL/SE/Global Linear Data, Process
Services Component Installed Base Data
Processing

SAP SAP_APPL 605, namespace Enhanced Enterprise Services for

Enterprise http://sap.com/xi/APPL/Global2 Linear Data, Process
Services Component Product Data Maintenance
You have made the required settings in Customizing for Classification
System, Linear Asset Management and Plant Maintenance and Customer
Service.
For more information about the required Customizing settings, see Linear
Data in Master Data.

Features

Linear Data in Master Data

You can create and manage linear data for your company's linear assets in
the master data of the following technical objects:
 Functional location
 Equipment
 Measuring point
To define inspections and maintenance tasks that must be carried out in your
linear assets, you can create and manage the maintenance items in
maintenance plans with linear data.
In addition, you can create linear reference patterns as master data and
use linear data in the classification of technical objects.
Linear reference patterns are also available as portal content. If you want to
use this content, you must install the Business Package for Generic EAM
Functions and activate the Simplified Management of EAM
Functions (LOG_EAM_SIMPLICITY) business function.

Linear Data in Maintenance Documents

To carry out maintenance tasks for keeping your linear assets in operating
order, you can create and manage linear data in the following maintenance
documents:
 Maintenance notification and service notification
 Maintenance order and service order
 Operation of the maintenance or service order
 Time confirmation (individual time confirmation and collective time
confirmation)
 Measurement document
For more information, see Linear Data in Maintenance Documents.

Linear Data in Reports

You can enter linear data as selection criteria on the selection screens of
various Plant Maintenance reports. From the result list, you can then call and
process master data or maintenance documents with linear data. The SAP
List Viewer is available for displaying and formatting the lists with linear data.
You can store information on the column setup, sort criteria, and filter
conditions in layouts.
For more information, see Linear Data in Reports.

Enterprise Services
The following enhanced operations are available for processing linear data:
 Process component Product Data Maintenance:
o IndividualMaterialERPChangeRequestConfirmation_In_V1
o IndividualMaterialERPCreateRequestConfirmation_In_V1
o IndividualMaterialByIDQueryResponse_In_V1
o IndividualMaterialERPCreateCheckQueryResponse_In_V1
 Process component Installed Base Data Processing:
o InstallationPointERPCreateRequestConfirmation_In_V1
o InstallationPointERPCreateCheckQueryResponse_In_V1
o InstallationPointERPChangeRequestConfirmation_In_V1
o InstallationPointERPChangeCheckQueryResponse_In_V1
o InstallationPointERPByIDQueryResponse_In_V1
 Configuring Emergency Access Management
Prerequisites:
A) Validate that GRC Plug-in is properly installed in satellite
 If you are using GRC10.0 (GRCFND_A 10.0) then the valid plugin is GRCPINW V1000_731.
 If you are using GRC10.1 (GRCFND_A 10.1) then the valid plugin is GRCPINW V1100_731.
B) Validate that GRC Plug-in User Exit is created per SAP Note
1545511 – “Firefighter User Exit”
Despite the Firefighter ID password is changed by the application each time you start the firefighter (you
can check it via change documents in the target system), Firefighter Ids need to be restricted from
Logging in into SAP System directly via SAP GUI. For this purpose either we need to create and modify
the SAP User Login Exit.

Please visit the SNOTE 1545511 for more information on “User Exit”

C) Validate that the GRC Plug-in configuration contains

Param ID Sequence Param Value
4000 0 1

4008 0 YES

4010 0 SAP_GRAC_SPM_FFID

(SPRO > SAP Reference IMG > Governance, Risk and Compliance (Plug-In) > Access Control >
Maintain Plug-In Configuration Settings)

D) Validate that the trusted connection is properly created between

PG1 and satellite system.
Please take help from Basis team to validate that RFC connections are set up properly.

Steps to Configure EAM:

Adding connector to the SUPMG Scenario

Here we are assuming that we have already created the connectors in “Create
Connectors” and “Maintained the connectors and Connection types” in Common
Component Settings:
Go to ->SPRO->Governance, Risk and Compliance->General Settings->Integration Framework -
>Maintain Connection settings

In the Integration Scenario select SUPMG and click on green button.

Select SUPMG in “Sub scenario definition” and click on “Scenario-Connector Link”

Click on New Entries and add the connector in Target Connector field and click on Save.

Maintain Configuration parameters:

Goto -> SPRO -> Governance Risk and Compliance -> Access Control -> Maintain Configuration Settings
Set the parameters from 4000 to 4010 as shown below:
Changes in the parameters table will be included in a transport request, you should release the transport
to your QA/PROD systems when you finish the EAM tests and adapt the parameters according to your
requirements.

New parameters introduced in GRC 10.1 are given below :

4012 (Default users for forwarding the Audit Log workflow):

4013 (Firefighter ID owner can submit request for Firefighter ID owned):

4014 (Firefighter ID controller can submit request for Firefighter ID controlled):

4015 (Enable Decentralized Firefighting)

Significance of Parameter 4010:

The purpose here is to identify the application that the user, who is logging on to the target system is a
Firefighter ID. You have to create the role SAP_GRAC_SPM_FFID that you’ve set in parameter 4010 in
all the target systems with the exact name provided there. Usually, you need to copy it from the standard
SAP_GRC_SPM_FFID (as it contains RFC authorizations).

Only the users who have that role assigned in the target system will be available for selection in the GRC
Box as Firefighters IDs.

Required roles in the GRAC EAM:

You need access to role SAP_GRAC_SUPER_USER_MGRAD in GRC system for creation and
maintenance of FF id owners, controllers, reason codes and Fire Fighter users.
Assign the below roles in GRC system:.
SAP_GRAC_SUPER_USER_OWNER -> Assign this role to the Fire Fighter ID owner.
SAP_FIREFIGHTER_ALL -> Assign this role to Fire Fighter users who will be using FF id.

Create the Fire Fighter ID in the target systems with the below details:
Fire fighter ID: FF_XX_ID (XX might FI for Finance, MM for Purchasing team etc…)

FName: Fire Fighter

LName : FI ID
Email: (XXXXX)@sapsecurityguru.com

User type: Service

User group: Super

Decimal notation: 1,234,56.78

Date Format: DD MM/YYYY

Synchronization:
Go to ->SPRO->Governance, Risk and Compliance->Access Control->Synchronization Jobs:

Authorization Sync :
The synchronization updates the data for the following:

 Resource Sync – permissions, resources, and descriptions for authorization objects.

 Action Sync – descriptions for actions, and permissions and resources for authorization objects.
 Resource Class Sync – permissions and resources for authorization object classes and their relationships.
 Resource Extension – organization level, activities, and descriptions for resource extensions.
 Default (SU24) Values Sync – default authorization objects and field values for actions.
In the connector Field, select the connector using F4 search and execute:
Repository Sync:
This activity allows you to select from the following synchronization options:
 Profile Sync – This is required for the SOD Risk Analysis of Profiles.
 Role Sync – This is required for the SOD Risk Analysis of Roles.
 User Sync – This is required for the SOD Risk Analysis of Users.
 Role Search Sync – This is required for enabling fuzzy-type role search for the Request Access, FIORI
application.

Select the connector name using F4 search and select sync either as Incremental or Full Sync mode.

Re-Run the Synchronization job->Repository Synch (Full synch)

Now launch the GRC application via NWBC, then search for the Firefighter ID and this should be
available in Firefighter ID list.

Define Owners for Fire Fighter Id:

Login in GRC System ->go to NWBC -> Access Management -> Access Control Owners -> Click on
Create button
Enter the Owner name in “Owner” Field and select Owner type as “Fire Fighter Owner” and save.
Define controller for FF id:
Login in GRC System ->go to NWBC -> Access Management -> Access Control Owners -> Click on
Create button

Enter the Controller name in “Owner” Field and select Owner type as “Fire Fighter Controller”
and save.
Assign Owners to Fire fighter Id:
Login in GRC System ->go to NWBC -> Access Management -> Superuser Assignment -> Owners

Click on Assign Button:

Select the Owner name in “Owner ID” field and click on Add button and the Select the fire Fighter id and
target system and save.

Assign Controller to Fire fighter Id:

Login in GRC System ->go to NWBC -> Access Management -> Superuser Assignment -> Controllers

Click on Assign Button:

Select the Controller name in “Controller ID” field and click on Add button and the Select the fire Fighter id
and target system and set the Notification by as “Workflow” .Then click on Save button.
Assign Firefighter IDs to Firefighters:
Login in GRC System ->go to NWBC -> Access Management -> Superuser Assignment -> FireFighters

Click on Assign Button:

Enter the FF id user in “Firefighter” field .Then click on Add button and select the Fire Fighter Id and save.

we normally assign the FF id through GRC access request to FF users.

Creating reason codes:

Login in GRC System ->go to NWBC -> Access Management -> Superuser Assignment -> Reason
Codes

Click on Create Button:

Enter the Reason Code in “Reason Code” field -> Select the Status as active->Enter the description in
“Description Field”->Click and Add Button and Select the Target system.

Enable Security Audit in Target system:

– Setup an Audit entry for the Firefighter account

1. In the target system, run T-Code SM19

2. Click the Display / Change button
3. Select the first available Filter in the Static Configuration
4. Set Filter active = Checked

Client = *

User = FF_*

Audit classes = All checked

5. Click Save and Distribute to all servers if prompted.

6. Have the system restarted for the logging to take effect.
Create and Schedule FF Log Batch Jobs:
Procedure Overview:
This procedure will walk you through the setups for creating the daily Firefighter sync jobs when a new
connector is created. The first steps of the procedure create the variant used for the sync jobs. The
second group of steps setup the reoccurring jobs.

Procedure:

1. Log into GRC system

2. Execute transaction SPRO
3. Open the menu path: SAP Customizing Implementation Guide -> Governance, Risk, and
Compliance -> Access Control -> Synchronization Jobs -> Firefighter Log Synch
4. Select the connector from the drop down
5. Save the variant, Ctrl + S or Save icon, with Variant Name: connector_FFLOG (i.e. PRD-
100_FFLOG), Description: same as variant name, no other changes are needed to remaining
fields.
6. Do steps 3 & 4 for all connectors being created.
7. Execute transaction SM37
8. Search for jobs named FF_LOG_SYNC*
9. Select one of the Firefighter sync jobs, select Job -> Copy and give the new job the name:
FF_LOG_SYNC_connect (i.e. FF_LOG_SYNC_PRD100)
10. Select the job created in step 8, select Job -> Change
11. Select Step, Select the GRAC_SPM_LOG_SYNC_UPDATE step and click Change
12. Change the Variant field to variant created in Step 4 and save the change.
13. Select the Green double arrow to go back
14. Select the Start Condition -> Date/Time -> Enter the appropriate start time information.
Select Save, then Save on the Change Job screen.
15. Repeat Steps 8 – 13 for each of the connectors.

Important Notes:

The FireFighter sync jobs should run one daily for all non-production systems. For production systems,
the FireFighter sync jobs should run twice a day. Two separate jobs will need to be scheduled, both at
different times to accomplish the production runs.

Make sure to space the running of the batch jobs out. You can use the SAP table TBTCO to view the
scheduled run times for all the FireFighter jobs.
Validate that Fire fighter has been configured successfully
 Login in GRC system with Fire Fighter user id.
 Execute the t-code GRAC_EAM.

Select the Target system and click on the Logon button to login using Fire Fighter.

How to Check Fire Fighter Log report ?

Login in GRC System ->go to NWBC -> Reports and Analytics -> Emergency Access Management
Reports -> Consolidated Log Report
———————-Thank you ———————–