09-07-2006 2:18 PM
09-07-2006 4:09 PM
The way the firefighter tool works is it allows you to give special authorizations (ie SAP_ALL) to User ID which in turn can be used as required. When this ID is used the actions perfomed by this ID are record. In addition, emails are sent to predefined email accounts to inform the necessary people that an Firefighter ID has been used.
To initiate the use of a firefighter ID one would log into the required SAP system with your normal ID, then call the firefighter transaction and then log in using the firefighter ID in a separate session called by the firefighter tool. From that point on all actions are recorded. And can be viewed as required.
I have documentation for the earlier versions of firefighter and can forward those to you if you would like. I'm not sure how much the tool has changed as I have been away from it for some time. If any one can add to what I have provided please do so.
11-28-2006 12:33 AM
My email id is xxx(at)xxx(dot)com
could you please email me the documents as well?
I thank you.
Niloufer
Can we PLEASE stop doing that? Thank you.
Message was edited by:
Frank Koehntopp
08-08-2007 3:50 PM
Hi Mike I would really appreciate if you could send me documentation on VIRSA.My email is <b><email removed by moderator></b>
thanks,
Jim
09-07-2006 4:21 PM
Hi Mike
Thanks for your response. Correct me if I'm wrong. Basically what firefighter ID does is just record user actions. Do you know when this firefighter ID comes in handy or whats the purpose of it?Also do we need to assign any particular roles to this user firefighter ID? I would appreciate it if you can send me the documents <b><email removed by moderator></b>
09-07-2006 4:41 PM
The only actions that are recorded are those of the firefighter ID. The firefighter ID does not record any other actions for any other users.
A good example of what a fire fighter ID could be used for is Basis access. There are additonal tasks that a Basis person is allowed to perform in a non-Production system versus a Production system (as I am sure you are aware). There are times though that he/she may need elevated access to perform a critical task. At that point the firefighter ID is accessed and their actions recorded.
As far as the type of access that you would assign, keeping with the same Basis person example, take a look at what you have defined for your Basis person(s) in your Production environment. Compare that access to what he/she has in QA (and/or Dev). The delta identified is the elevated access that may be required as baseline authorization for the firefighter ID. Of course this is only an example and you would have to tailor it to suite your requirements.
Documents emailed.
09-08-2006 5:49 PM
Mike,
Can you please email me the documents related to Firefigher to <b><email removed by moderator></b>?
Thanks in advance
Sudhan Shan
09-09-2006 1:23 AM
11-14-2006 7:05 PM
Hi Mike,
This is Raj Bathula.Can you please email the documents regarding the firefighter to xxx@xxx.
Message was edited by:
Frank Koehntopp
09-07-2006 4:34 PM
we do face many situations when we have to give SAP_ALL or equal access to a user to resolve an emergency issue.
these situations are hard moments for a security administrator. this firefighter ID allows security \
people not get blamed because all activities get traced.
and the user using it will be responsible for anything.
Multiple firefighterID's can be used seperating them by application to get rid of congestion in emergency situations.
If a Firefighter ID is getting used you can keep a message to get it opened for you immediately after its free. and remember trace/log files will be counted under
the user account who is using it.
09-07-2006 4:49 PM
Hi,
In addition to the others comments, the fire fighter id may not necessarily have SAP ALL or SAP * in it. It can be an id with access greater than what the developers or individual people have on the system.
Cheers,
Kedar
09-07-2006 8:09 PM
In addition to the above use of Firefighter ... it'll especially come handy to be SOX compliant while not limiting the job roles.
Eg. A certain company employes a single person to 'Update vendor master' & 'post vendor payments' and as per SOX there is a SOD violation here as that person can create a dummy vendor and post payment to it.
So ideally you segregate the jobs thus assign a different person to post the payments.
If the company does not want to change the business process however needs to be compliant .. FireFighter comes handy as the same person is given additional access with the firefighter and the actions (Payments posted to the vendors with firefighter) are emailed so the concerned body is aware of any risks/fraudulent payments... thus SOX compliant.
09-07-2006 5:12 PM
09-07-2006 9:42 PM
hi Prasant
Can you email me at <b><email removed by moderator></b> . I have few other questions that I want to ask if u dont mind. I would appreciate it.
Thanks
09-08-2006 6:01 PM
Hello Mike,
Can you please send the documents at <b><email removed by moderator></b>as well. Thanks in advance.
regards.
Ruchit.
Message was edited by: Ruchit Khushu
09-09-2006 7:21 AM
09-09-2006 10:06 PM
Hi Mike,
Can you please fwd the same to my ID as well.
Thanks in advance for the documents.
Br,
Sri
09-09-2006 10:10 PM
Mike,
Can you please email me the documents related to Firefigher to <b><email removed by moderator></b> ?
Thanks in advance
Pritesh..
09-10-2006 6:22 PM
Dear all,
Please do not distribute copyright material. All material that is publicly available can be downloaded from:
help.sap.com
service.sap.com
Please add the link to the resource so that everyone using the forum can access it. Therefore we do not need to create these long lists of email addresses in a thread.
Additionally, I would suggest that you consider removing your email address from the thread. As you may know, bots are crawling the net to find email addresses they can spam.
Best regards,
Christian
01-16-2007 10:39 PM
Can someone please email the documents to my email ID xxx@xxx.com
Would you please check the links I provided?
Thank you.
Message was edited by:
Frank Koehntopp
01-30-2007 8:58 PM
hi
can you please send me that document at xxx@xxx.com
thanks
Message was edited by:
Frank Koehntopp
10-11-2006 7:45 PM
Hello Gurus,
Could somebody provide the link for FireFighter Documention in the resource available. Thanking you in advance.
Balu.
10-12-2006 9:17 AM
Here's a link to the GRC solutions page:
http://www.sap.com/solutions/grc/brochures/index.epx
Documentation should be available with the product downloads.
Frank.
11-23-2006 4:42 PM
Can any one please send any documents realted to Virsa or any link .....to xxx@xxx...
Message was edited by:
Frank Koehntopp
11-27-2006 8:39 AM
Hi All,
Can some send me the Documents on Fire Fighters..
Thanks in Advance .
11-27-2006 9:59 AM
Again:
Please do not distribute copyright material. All material that is publicly available can be downloaded from:
help.sap.com
service.sap.com
Please add the link to the resource so that everyone using the forum can access it. Therefore we do not need to create these long lists of email addresses in a thread.
If we are to build a community here, we need to try and collect answers to questions in the forum, not via email.
Thank you & best regards,
Frank.
03-12-2007 3:47 PM
Can somebody mail me Virsa security related docs to <b><email removed by moderator></b>?
Thanks in advance.