Financial Management Blogs by Members
Dive into a treasure trove of SAP financial management wisdom shared by a vibrant community of bloggers. Submit a blog post of your own to share knowledge.
Showing results for 
Search instead for 
Did you mean: 
Active Contributor

In this article, I will provide an overview of the Emergency Access Management reports and which information can be seen. GRC provides six reports specifically for EAM, e.g. the consolidate log report shows firefighting activities which have been executed while using firefighter. The consolidate log report is far the best and used for management review from the firefighter controller (if workflow is in place). The consolidated log report has all the captured information from the backend system in a consolidated view. Following a short overview of the captured information and where it comes from.


Transaction Log

Captures transaction executions from transaction STAD. System, Firefighter, Firefighter ID, Reason Code, Transaction, Date and Owner are read.


System Log

Captures debug and replace information from transaction SM21.


Change Log

Captures change log from change document objects which are stored in table CDPOS and CDHDR.


Security Audit Log

Captures security audit log from transaction SM20.


OS Command Log

Captures changes to OS commands from transaction SM49. For further investigation or to get more information about the activities performed in the backend system these transactions might be helpful.


Other reports are:

Invalid Superuser Report - shows expired, locked and deleted firefighter IDs.

Firefighter Log Summary - shows firefighter ID session details (only available for ID-Based firefighter, see also my blog post about Types of Firefighter).

Reason Code and Activity Report - shows reason and activity details.

SOD Conflict Report for Firefighter IDs - shows SoD conflicts (risk analysis) for firefighting sessions.


Please contribute in this blog post and share your experience and know-how about firefighter reporting.