Skip to Content
avatar image
Former Member

Startegy for Firefighter ID

Dear ALL,

Has anyone implemented Firefighter ? ..What is strategy you are following for giving FF ID's ?

We are planning to use FF ID's for SOX compliant (To give access to conflicting Job functions).

Regards,

Priyank.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    avatar image
    Former Member
    Dec 06, 2006 at 02:45 AM

    hi Priyank,

    we have implemented FF in our envirnoment , basically we have created FF ID based on Teams and FF had the monitoring tool for audit trail - let me know if you need further info.

    regards

    shaik

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 11, 2008 at 03:13 PM

    Hi,

    I hope you have completed your project re-Firefighter implementation.

    Our company has Firefighter, but now it needs to be locked down so that only a select few have SAP_ALL access...

    How do you monitor both access and activity?

    I thank you in advance!

    Aman (using Liz's user id)

    aman.verma

    at

    Halfords.co.uk

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 16, 2008 at 12:13 AM

    Keep in mind when designing the FF process / implementation strategy that FF in not the magic bullet. I wouldn't recommend granting SAP_ALL to the FF id but instead piece meal the various type of access / FF ids, i.e. FF access are granted by functions where we have FF IDs that only grant FI-CO access and few other necessary cross functional access and no security or Basis authorizations. With this strategy, you still able to demonstrate a sense of controls to the auditors where separation of duties exist between each function.

    You should also identify who are the stakeholders (FF Controllers and FF ID Owners) for each module and responsible to review the usage logs and thus configure the apps to send logs to the FF Controllers.

    Depending on your controls / audit requirements basic FF logging may not be sufficient where FF does not provide detail of changes made using the FF ID. FF logs show tcode, programs and table (in some instances) accessed by the user with particular FF ID but it does not always provide details the actual data changed. Therefore, some additional logging may be necessary (i.e. SM19 and SM20).

    In summary, I think reckonizing all the key FF stakeholders is an important first step in designing your FF process and understand what are the controls your client is looking to meet using FF apps.

    Cheers!

    Add comment
    10|10000 characters needed characters exceeded