Financial Management Blogs by Members
Dive into a treasure trove of SAP financial management wisdom shared by a vibrant community of bloggers. Submit a blog post of your own to share knowledge.
cancel
Showing results for 
Search instead for 
Did you mean: 
GRCwithRaghu
Explorer
3,888

FFID's were a commonly used by many users in a system. Users can request for FFID and upon approval by the owner. In many cases, FFIDs are mis-used and owners without validating the actual requirement may approve the request. To avoid this risk, SAP introduced a new process which can be enabled with parameter 4026 - Configure which connector uses dedicated/single Firefighter ID (Refer to SAP Note: 3036192 for more detailed information.)

Enabling this will ensure that enterprises can setup the Firefighter ID according to their organization policies. Parameter 4026 provides 4 possible parameter values:

 

Parameter value

Description

ALL ONE

All SUPMG connectors with one dedicated FFID per system

ALL DEDI

All SUPMG connectors with many dedicated FFID per system

CONF ONE

Configured connectors with one dedicated FFID per system

CONF DEDI

Configured connectors with many dedicated FFID per system

NONE

No connectors with dedicated FFID per system (disabled)

Note:  Keep in mind that this setting only applies when you're asking for FFIDs through the Access Request feature/interface. Administrators can still assign as many FFIDs as they need to each user from NWBC (direct method).

Let’s delve deep on each of these options:

Parameter Value - ALL ONE

When the parameter value is set to “ALL ONE” - All SUPMG connectors with one dedicated FFID per system, the "One FFID per user per system" setting is activated for ALL systems within the SUPMG integration scenario. Under this configuration, a user is limited to having only one FFID per system.

User may request for the FireFighter ID via the Access Request form as shown below:

GRCwithRaghu_0-1714885884534.png

Image - Access Request form with FFID request selection

Once a FFID is assigned to a user, it's no longer an option for selection and is taken off the list of available FFIDs for other users. This ensures that the same FFID isn't chosen or requested by multiple users. See the example below:

GRCwithRaghu_1-1714885884539.png

Image - Available FFID screen with blank entries

Similarly, other users can’t see the same FFID as it has an active assignment.

Parameter Value - ALL DEDI

When the parameter value is set to “ALL DEDI” - dedicated FFID's per system is switched on to ALL system in the SUPMG integration scenario. With this setting, a user can have multiple FFIDs in the same system, but once the FFID is assigned/active to one user, it is not visible for the other users.

GRCwithRaghu_2-1714885884541.pngImage – EAM Launchpad with 2 different FFIDs

Parameter Value - NONE

The functionality is switched off, meaning there's no filtering or validation in place. You're free to assign as many FFIDs as necessary to as many users as needed. This reflects the current operation methodology of the EAM application.

Parameter Value – CONF ONE

One FFID per user per system is switched on to only CONFIGURED system. A user can only have a single FFID in a configured system, and many in the non-configured systems.

Parameter Value – CONF DEDI

Dedicated FFID's per system is switched on to CONFIGURED system. A user can have many FFID in all the systems, however one FFID is only assigned to a single user in a configured system.           

In conclusion, the introduction of parameter 4026 in SAP GRC Access Control offers organizations the ability to tailor their Firefighter ID (FFID) assignment processes according to their specific needs and security policies. By enabling this parameter, administrators gain control over how FFIDs are allocated and managed within their systems. Go ahead and explore more on how this new feature can simplify the way you are working with the EAM application.

3 Comments
Labels in this area