Skip to Content
avatar image
Former Member

EAM Access Setup

Hi All ,

I have a very basic question on FF definition .  We decided that all consultant should have access as FF User .

Would that mean in NWBC I need to specify each of their SAPUID under the respective FireFighter ID..

Example Fire Fighter ID : FFIDXX01




Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    Oct 31, 2014 at 03:58 AM

    Hi Amir

    You need to step back and figure out the design and usage of the accounts. Options can include:

    Aproach 1

    Each user has is granted a FF Id. Therefore, if you have 300+ support users then you will need 300+ FF Ids.

      • Benefits: if your users are required to use FF frequently, then they might each need their own so they don't lock each other out. A FF Id can only be used by one user at a time
      • Benefit:  you can map each person to a specific controller (more controllers potentially)
      • Drawback: large number of FF Ids and you might have some users who rarely need FF access.
      • Log review would be the same effort as it's based on usage
      • Naming convention of FF Id -  most places try to have a convention of User Id + FF (eg FF_12345 is assigned to user 12345) depending on characters you can play with.
      • FF Access can be a lot more specific to the user's support requirement (restrict what they can do on the FF Id).

      E.g 300 Users = 300 FF Ids

      Approach 2

      Multiple users have are granted to FF Id. You group users into their job function and assign them to the FF Ids.

      • Benefit - less administration compared to option 1
      • Drawback - users may compete for access to a FF Id
      • Process wise - you would advise your users that they will see multiple Ids in their logon cockpit and tell them to chooose the first available one
      • Log review would be the same effort as it's based on usage
      • Naming convention of FF Id tries to differentiate the account purpose (e.g. Finance would be FF_FI01 through to FF_FI10 if you created 10 FICO roles. You could even have FF_FIAP01 for Accounts Payable functions only). Either way, it's to make administration easier.

      Example: You have 300+ support users across 10 modules. Therefore, at a minimum you would need 10 FF Ids and multiple User to FF Id assignments. Due to the 300+ people you might allow multiple FF Ids for each module (i.e. 3 FF Ids for Finance).

      Approach 3

      You have a hybrid of the two areas to overcome the shortcoming of both. For high volume areas like security you might assign each user their own FF Id (1 to 1 mapping) whilst other areas you might assign a shared Id.

      The FF Logs which User accesses which FF Id so you are all good there.

      Depending on your business requirements, you might want to enable ARQ workflow for FF requests to manage the administration and allow controllers to approve. Part of your design is also if the Support Users are permanently assigned the FF Id are must request them when they need them.



      Add comment
      10|10000 characters needed characters exceeded

      • Hi Amir

        Glad you figured out how best to proceed

        however they won’t logging into GRC prior logging into ECC instead directly to GRC .

        That just means you need to configure decentralised FF (available as of 10.0 SP10) for users to launch FF via the ERP instead.



    1. Oct 31, 2014 at 03:06 AM

      Hello Amir,                        

      I don't think it is best practice to give FF access to all consultants

      The below link gives you information about FF assignments in EAM


      Configure Emergency Access (EAM) in GRC 10



      Add comment
      10|10000 characters needed characters exceeded