SAP GRC 10.0 Emergency Access Management
When you want to provide elevated access to the user for a limited number of days then you have to provide a temporary role or create a separate id so they can perform these transactions. Without an SAP GRC 10.0 System, you will do this manually recording the activity in a Spreadsheet or capturing in s Trouble ticket. This is a very manual process and potential for a lot of Compliance issues.
The main function of SAP GRC 10.0 Emergency Access Management is to allow users to control the elevated access and also make the process compliant and transparent. Moreover, this access can be
- approved by the specific person before the access is provided
- User able to document the reason for login to the system with Elevated Access
- Auditor or Process owner able to monitor the Activity
- Finally, enforce a review process
SAP GRC 10.0: centralized or decentralized
SAP GRC 10.0 provides two different types of emergency access which can be used either centralized or decentralized. Following a short description of both types which can be configured in IMG using parameter 4000 (Application Type). Only one type can be configured at a given time.
SAP USER ID-Based Firefighting
With SAP User ID-Based Firefighter each Firefighter ID has its own user master record with roles assigned directly to the Firefighter ID. The End-user (Firefighter) executes a transaction code and the particular firefighter user id is attached to the user. It is possible for multiple users to check-out each Firefighter ID (which is authorized to the end-user) but only one user can have a Firefighter ID checked out at any time. A reason code and the expected activity must be documented prior to gaining Firefighter access. Once the user activates the Fire Fighter ID the changes in SAP from the STAD Logs, CDPOS Table Logs, Tables and under the Firefighter ID. It is important to highlight that everything is documented with the Firefighter ID and not the user’s normal user ID.
SAP Role-Based Firefighting
Each role which is defined as Firefighter Role can be assigned directly to a user. This can be done through Access Request Management (ARM) if in place or directly in SU01. To use the Firefighter a user doesn’t have to check out a separate ID. Transactions and change histories are logged with the user’s own ID, which is an advantage in relation to the ID-based Firefighter. The end-user is not aware when he is utilizing emergency/firefighter access as he does not have to check out an ID and uses his own ID all the time.
[vc_row css=”.vc_custom_1512575306373{margin-top: 50px !important;}”][vc_column width=”1/3″][vc_cta h2=”Free Step by Step SAP License Optimization Guide” shape=”square” add_button=”bottom” btn_title=”click here” btn_style=”flat” btn_color=”default” btn_i_icon_fontawesome=”stm-diamond” btn_css_animation=”left-to-right” css_animation=”left-to-right” btn_add_icon=”true” css=”.vc_custom_1512579904776{padding-top: 50px !important;padding-right: 35px !important;padding-bottom: 50px !important;padding-left: 35px !important;background-color: #3a80f1 !important;}” btn_link=”url:http%3A%2F%2Fexpressgrc.com%2Ffree-sap-license-optimization-guide%2F||” el_class=”c_action”]SAP Customer is liable to pay 70 Million additional SAP licensing fees as a result of what is broadly known as Indirect Access.[/vc_cta][/vc_column][vc_column width=”1/3″][vc_cta h2=”Free SAP GRC 10.0 Step by Step Guide” shape=”square” add_button=”bottom” btn_title=”download here” btn_style=”flat” btn_color=”default” btn_i_icon_fontawesome=”stm-diamond” btn_css_animation=”left-to-right” css_animation=”bottom-to-top” btn_add_icon=”true” css=”.vc_custom_1512579856805{padding-top: 50px !important;padding-right: 35px !important;padding-bottom: 50px !important;padding-left: 35px !important;background-color: #f1b500 !important;}” btn_link=”url:http%3A%2F%2Fexpressgrc.com%2Fsap-grc-10-1-step-step-guide%2F||” el_class=”c_action”]Are you fed up with being not able to get job? Tired of being disappointed in yourself, because you just can’t seem to get started in the career as SAP GRC Consultant?[/vc_cta][/vc_column][vc_column width=”1/3″][vc_cta h2=”Financial Loss due to Fraud Risk” shape=”square” add_button=”bottom” btn_title=”click here” btn_style=”flat” btn_color=”default” btn_i_icon_fontawesome=”stm-diamond” btn_css_animation=”left-to-right” css_animation=”right-to-left” btn_add_icon=”true” css=”.vc_custom_1512579731433{padding-top: 50px !important;padding-right: 35px !important;padding-bottom: 50px !important;padding-left: 35px !important;background-color: #1d9e3f !important;}” btn_link=”url:http%3A%2F%2Fexpressgrc.com%2Ffree-sap-process-control-step-step-guide%2F||” el_class=”c_action”]Using the right kind of SAP Controls in the right way can be trans formative for any SAP System[/vc_cta][/vc_column][/vc_row]