Skip to Content
avatar image
Former Member

SPM 5.3: Role Based FF

Dear all,

Has anyone used the role based fire-fighter before? I have assigned a role to the firefighter owner in /VIRSA/VFAT, but, unlike the firefighter ID, there is no logon button. Can someone explain how to use role based fire-fighter ?

Thanks & regards,

Debbie

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Sep 23, 2009 at 12:03 PM

    Hi Debbie,

    I am assuming that the firefighter role has been created and mapped for the respective user. As of my understanding there is no separate log in tab unlike the user based firefighter. Only the audit trails can be found in CUP for the reference purpose. Like any other T-code execution, he can also perform the firefighter task in the same ID. Therewould be no separate logon button here.

    If your question is anything else, please revert back.

    Hi Experts,

    Please correct me, if I am wrong.

    Thanks,

    Gurugobinda

    Edited by: gurugobinda harichandan parida on Sep 23, 2009 5:34 PM

    Edited by: gurugobinda harichandan parida on Sep 23, 2009 5:34 PM

    Add comment
    10|10000 characters needed characters exceeded

    • Sure:

      - there is no recording of when a user tries to do something critical, much less WHY he does it. You have to check the logs and aks.

      - the psycholgical hurdle through the reason code/text popup is no longer there which creates carelessness

      It's a matter of awareness - in my opinion role based FF is just creating data to satisfy auditors, but has no effect on users risk awareness whatsoever.

      Frank.

  • avatar image
    Former Member
    Sep 29, 2009 at 11:18 AM

    Hi Debbie,

    We have implemented at several clients who went the "Role based" firefighter route based on their preference!!

    To date there has been no issues and it works fairly well.

    Bare in mind that the end-user would normally submit a CUP request for access to a particular FireFighter role and specify the validity period. Once the role is granted to the end-user, the Firefighter owner would then inform the end-user that access has been granted and then the end-user would now have the additional access required.

    It works fairly well in a real-world production enviroment provided that the validity periods are specified accordingly.

    Hope this answers your query.

    Rgds,

    Prevo.

    Add comment
    10|10000 characters needed characters exceeded