on 09-23-2009 10:02 AM
Dear all,
Has anyone used the role based fire-fighter before? I have assigned a role to the firefighter owner in /VIRSA/VFAT, but, unlike the firefighter ID, there is no logon button. Can someone explain how to use role based fire-fighter ?
Thanks & regards,
Debbie
Hi Debbie,
We have implemented at several clients who went the "Role based" firefighter route based on their preference!!
To date there has been no issues and it works fairly well.
Bare in mind that the end-user would normally submit a CUP request for access to a particular FireFighter role and specify the validity period. Once the role is granted to the end-user, the Firefighter owner would then inform the end-user that access has been granted and then the end-user would now have the additional access required.
It works fairly well in a real-world production enviroment provided that the validity periods are specified accordingly.
Hope this answers your query.
Rgds,
Prevo.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Debbie,
I am assuming that the firefighter role has been created and mapped for the respective user. As of my understanding there is no separate log in tab unlike the user based firefighter. Only the audit trails can be found in CUP for the reference purpose. Like any other T-code execution, he can also perform the firefighter task in the same ID. Therewould be no separate logon button here.
If your question is anything else, please revert back.
Hi Experts,
Please correct me, if I am wrong.
Thanks,
Gurugobinda
Edited by: gurugobinda harichandan parida on Sep 23, 2009 5:34 PM
Edited by: gurugobinda harichandan parida on Sep 23, 2009 5:34 PM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Thanks for your input. It is now working. However, I tried deleting the record with role assigned to the firefighter via SPM, the role in SU01 is not deleted. Is this a bug? Or, additional steps need to be taken to manually remove the role from SU01 ?
Just curious, any organizations out there are using role based firefighter ?
Regards,
Debbie
Sure:
- there is no recording of when a user tries to do something critical, much less WHY he does it. You have to check the logs and aks.
- the psycholgical hurdle through the reason code/text popup is no longer there which creates carelessness
It's a matter of awareness - in my opinion role based FF is just creating data to satisfy auditors, but has no effect on users risk awareness whatsoever.
Frank.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.