cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Role Based FireFighter with GRC 10.0 (CEA)

Go to solution
Former Member

on ‎09-29-2011 9:12 AM

0 Kudos

Does anyone know how the Role Based functionality of FireFighter exactly works besides putting the application type parameter to Role Based in SPRO?

The manuals explain that the FF users log in to the remote system with their own users, but how are the FF roles or roles that are enabled for Firefighting assigned to these users and how will the log file know which activity to record?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎10-06-2011 4:33 PM
0 Kudos

Good question, and the answer is not pretty.

In Role-Based Firefighter Application, the firefighter ID on the target system contains the user's regular access plus his/her firefighter access.

Reporting turns on when the user runs a transaction in the firefighter role.

If the transaction is in both the user's regular access and the firefighter role, reporting will turn on because the firefighter role access is in use.

The reports only track firefighter role usage. So if a user runs a firefighter transaction but also uses access defined in the user's regular access, the only thing recorded is the transaction.

If your company is not completely married to the idea of using Role-Based Firefighter Application, I suggest you consider the ID-Based Firefighter Application. In this, there are separate firefighter IDs on the target system and a firefighter gains access to them by going into GRC and completing a form showing how the firefighter ID will be used, and then the GRC system will let the firefighter into the target system using that firefighter ID.

Show replies
Show replies
Former Member
‎10-10-2011 6:21 PM
0 Kudos

Thanx for your reply Edward. The question that remains is how does the system know which role is the FF role that contain the transaction and need to be recorded in the log file when used....

In the ID based functionality there is a parameter setting (GRC10) that identifies a standard SPM rol in the remote system for the FF ID with RFC authorization, but there is no parameter to 'enable' roles as FF roles.

Former Member
‎10-18-2011 9:07 AM
0 Kudos

This should be the scenario to implement Role Based FF:

1. Config Parameter - 4000 - Application Type should be 2 (role based)

2. FF (user id) created in remote system

3. Sync job for FF in GRC BOX (to sync up user/FF in GRC Box)

4. Role Import - import roles using in ERM. Once imported make sure

setting/checkbox 'Enabled Can_Be flag' is checked. Also make sure, role

is set as production in GRC Box.

5. Assign imported role to the user/FF in GRC box

6. Now directly log into the Plug_in/Remote using Firefighter .

7, Perform the transactions using FF in remote system.

8. Synch the transaction details using SPM sync Job.

Former Member
‎10-20-2015 5:23 PM
0 Kudos

This message was moderated.

Answers (0)

Ask a Question