cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SPM 5.3: Role Based FF

Former Member

on ‎09-23-2009 10:02 AM

0 Kudos

Dear all,

Has anyone used the role based fire-fighter before? I have assigned a role to the firefighter owner in /VIRSA/VFAT, but, unlike the firefighter ID, there is no logon button. Can someone explain how to use role based fire-fighter ?

Thanks & regards,

Debbie

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎09-29-2009 12:18 PM
0 Kudos

Hi Debbie,

We have implemented at several clients who went the "Role based" firefighter route based on their preference!!

To date there has been no issues and it works fairly well.

Bare in mind that the end-user would normally submit a CUP request for access to a particular FireFighter role and specify the validity period. Once the role is granted to the end-user, the Firefighter owner would then inform the end-user that access has been granted and then the end-user would now have the additional access required.

It works fairly well in a real-world production enviroment provided that the validity periods are specified accordingly.

Hope this answers your query.

Rgds,

Prevo.

Show replies
Show replies
former_member771067
Active Participant
‎09-23-2009 1:03 PM
0 Kudos

Hi Debbie,

I am assuming that the firefighter role has been created and mapped for the respective user. As of my understanding there is no separate log in tab unlike the user based firefighter. Only the audit trails can be found in CUP for the reference purpose. Like any other T-code execution, he can also perform the firefighter task in the same ID. Therewould be no separate logon button here.

If your question is anything else, please revert back.

Hi Experts,

Please correct me, if I am wrong.

Thanks,

Gurugobinda

Edited by: gurugobinda harichandan parida on Sep 23, 2009 5:34 PM

Edited by: gurugobinda harichandan parida on Sep 23, 2009 5:34 PM

Show replies
Show replies
Former Member
‎09-24-2009 8:35 AM
0 Kudos

Hi,

Thanks for your input. It is now working. However, I tried deleting the record with role assigned to the firefighter via SPM, the role in SU01 is not deleted. Is this a bug? Or, additional steps need to be taken to manually remove the role from SU01 ?

Just curious, any organizations out there are using role based firefighter ?

Regards,

Debbie

Former Member
‎09-28-2009 5:53 PM
0 Kudos

My understanding would be that the role would expire once the validity period is finished in the same way as an ID does.

I have not really played with the FF role assignments though so I could be wrong.

koehntopp
Product and Topic Expert
Product and Topic Expert
‎09-29-2009 7:58 AM
0 Kudos

Role based Firefighters are a bad idea.

People will not be aware that they're doing something special, and the reasonn why they need more access is not documented.

My recommendation: stay away from that.

Frank.

Former Member
‎10-02-2009 5:52 AM
0 Kudos

Frank,

I agree with you on your point, but would you please tell me your reasons behind your reasoning that it's a bad idea?

Thanks,

Santosh

koehntopp
Product and Topic Expert
Product and Topic Expert
‎10-02-2009 1:42 PM
0 Kudos

Sure:

- there is no recording of when a user tries to do something critical, much less WHY he does it. You have to check the logs and aks.

- the psycholgical hurdle through the reason code/text popup is no longer there which creates carelessness

It's a matter of awareness - in my opinion role based FF is just creating data to satisfy auditors, but has no effect on users risk awareness whatsoever.

Frank.

Ask a Question