topic fire fighter in Application Development and Automation Discussions

fire fighter

Former Member — Mon, 21 Jul 2008 06:12:39 GMT

Guys,

From my understanding the use of fire fighter is for emergency access in PRD. For that we can just create separate ID in sap system with almost sap_all authorization (not sap_all) and access PRD whenever there is a need.But why we need sap VIRSA fire fighter or SAP GRC super user privilege management?.

Re: fire fighter

Former Member — Mon, 21 Jul 2008 07:18:36 GMT

Virsa Firefighter allows for tracking of who connects where, and what they do while connected. If you assign a generic SAP "super user", you loose these important tracking and auditing features... unless, of course, you create your own tracking system (for instance by activating a user exit upon login, demanding the person who logs in using the "super user" to identify him/herself and store some vital info such as time, date, ip address of the terminal used to connect and so on). Also, you'd need to turn security audit logging on.

Firefighter gives you all of these security mechanisms in one package, one which tastes good to your auditors, too...

Trond

Re: fire fighter

Former Member — Mon, 21 Jul 2008 12:22:23 GMT

More specifically, Virsa firefighter will tell you which tcodes were executed and may be able to tell you which master tables were accessed (I believe table logging has to be activated). And its all bundled into one report.

Re: fire fighter

Former Member — Tue, 22 Jul 2008 14:22:49 GMT

We use the Fire Fighter ids to assign to our suport staff a unique FF ID to each individual so that they can use to access authorizations beyond their normal access; this allows them to address issues in a timely manner and most importantly, we receive an audit report of what they actually executed; this allows us to provide emergency support quickly and with the audit reporting facility obtain what the user has executed and review it; this sits well with the auditors when they want to know how we handle emergency needs and how is it monitored

Jerry Synoga

Ryerson Inc.

630-758-2021

Re: fire fighter

Former Member — Tue, 29 Jul 2008 08:56:34 GMT

FireFighter uses the STAT tables that are created by the program RSCOLL00. Therefore if the information you require is not captured in these tables then FireFighter does not report on it.

AC 5.x FireFighter does NOT require table logging to be turned on.

Re: fire fighter

Former Member — Mon, 04 Aug 2008 23:04:41 GMT

It is crucial with Firefighter that access be temporary and a strong structure be developed for evaluating the Firefighter logs. Without these two items Firefighter actually becomes a audit liability for your IT department. The only concern with using a SAP Most approach can be the creation of SOD's within Firefighter or access to sensitive data. Internal and External audit are reviewing Sod's which exist within Firefighter accounts and the authorizations available.