Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Fire fighter configuration

Former Member

‎09-17-2016 11:34 AM

0 Kudos

Hi,

I need to configure Fire fighter user mechanism in ECC system and need relevant document or links for reference.

I tried searching and could find only GRC related info but we are not using GRC in our landscape at present.

Kindly help to get the relevant document or links for the same

Thanks & Regards

Nikhil

5 REPLIES 5

Former Member

‎09-20-2016 4:31 PM

0 Kudos

Nikhil,

FireFighter access is provided to carry out business critical activity while the logs of the activity performed will be logged and audited either immediately or at a later stage.

Can you please elaborate on your requirement on accomplishing it without GRC.

Best regards,

Arun

Former Member
In response to Former Member

‎09-21-2016 9:50 PM

0 Kudos

Hi Arun,

Yes, its for same purpose but we don't have GRC in scope.

So wanted to understand an alternative way of firefighter setup

Regards,

Nikhil

Former Member
In response to Former Member

‎09-21-2016 10:09 PM

0 Kudos

Nikhil,

It is certainly possible to do a custom firefighter solution, but it is a lot of custom coding and monitoring. There is a reason why most SAP customers who want a firefighting capability use EAM in SAP GRC Access Control. You would need a program that will monitor/ log the activity of all the IDs that are assigned a role with *FIRE* in the name, if you are going with a role-based firefighter, then that activity log has to be reviewed and approved by someone, perhaps sent by email to the manager of the Firefighter user, and s/he has to return an approval, and all of *that* activity has to be logged and reported on, so you need programs for all of that. Really, configuring EAM in SAP GRC is much easier than maintaining all of that custom code. I used to work at an SAP customer that created a custom firefighting solution, and it took a lot of hand holding.

Gretchen

JanSchlichting
Active Participant

‎09-22-2016 8:39 AM

0 Kudos

Hello,

our fire fighter fighter solution is "homebrew".

We have firefighter users who are locked.

If you need one (first level support can not help, last level sees the use of fixing a table etc), you get a ticket.

This one you send to the basis guys who unlocked the user and create two password parts. Two people get the password parts. If you use this user for fixing tables protocollation is turned on and off.

After fixing the problem the user will be locked. The business will also have a look on the protocol file.

So you have a documentation in your ticket system and you have two times "4 eyes".

Works well in daily life.

And it is true what Gretchen has said: You have to build some one stuff: A SM30 variant who turns table protocollation on / off for etc...

Regards

Former Member
In response to JanSchlichting

‎09-22-2016 8:48 AM

0 Kudos

Hello,

same for us. And an additional and important task, set audit configuration too.

Best regards,

Andy