cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Firefighter ID force closer after completion of activity

Go to solution
Former Member

on ‎04-15-2015 7:40 PM

0 Kudos

Hello All,

We are implementing the GRC Access Control 10.1

We have a requirement in EAM, as below.

Example:

We have provided one day validity for FF id, Firefighter has completed

his activity in one hour, after that firefighter OR security team has to close the FF

access forcefully.


security team is not intrested to keep the FF access for full one day (after completion of work).



Kindly let us know, this functionality is avaiable in GRC access

control

10.1. or not.

Thanks in advance.

Regards,

Karunakar

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

madhusap
Active Contributor
‎04-16-2015 3:30 AM
0 Kudos

Hi Karunakar,

As per your requirement you have to define a process where user after finishing the Firefighter activities required should inform the Security/Support team and they should revoke the access from the user from frontend.

Closing FF session forecefully means are you thinking about killing a session which is active using SM04, it can lead to issue like logs missing etc.

Better to have a proper process defined as well as make sure FF IDs usage process is defined and documented clearly which should be used for only specific issues.

Regards,

Madhu.

Show replies
Show replies
former_member185447
Active Contributor
‎04-16-2015 7:33 AM
0 Kudos

Hello Karunakar,

As madhu babu rightly pointed out killing the session with SM04 leads to incomplete logs.

So, there are two solutions here.

1). Once the FF id usage is over, the user can inform the Security Team to Revoke the access.

2). Whenever the usage of FF id is over, Security team can be available while solving the issue and once the issue is solved they can revoke the access but again it will take some of the man hours of Security which I guess the team might not be interested in.

Anyways, the logs are getting generated and moving to the controller.

  • Any specific reason why the security team is not interested to allow the users to have FF Id for a full day?
  • Also, Do you use FF Ids in emergency situations or even in a day to day basis?

Regards,

Deepak M

Former Member
‎04-16-2015 7:41 PM
0 Kudos

Hello All,

Thanks for the suggestions.

Here we will provide FF access for one day validity, and controller has to get FF log once in a day (end of the day - system time).

If i schedule batch job - FireFighter Log Synce once in a day (then FF log will get to controller once in a day) is it works or every time Firefighter logs off FF log will get generated and log will be generated and sends to controller.

Thanks in advance.

Regards,

Karunakar

former_member185447
Active Contributor
‎04-17-2015 2:35 AM
0 Kudos

Hello karunakar,

It is recommended to schedule the job hourly cos if there are many FF Ids used in a day and the job scheduled daily it might not pull all the chunk of logs and push it to the controller properly and might run into some performance issues.

Go through this note and plan scheduling your batch job accordingly.

1617529 - Best Practices For Improving Performance of EAM Log Sync job

Let me know if you need any other information.

Regards,

Deepak M

Former Member
‎04-17-2015 3:16 PM
0 Kudos

Hi Karunakar,

FF log report is sent after the update job has run(if 4007 set as YES).Closing the session forcefully is not a good practice. The security team can ask the FF user to exit the FF id, and then remove assignment/validity of the FF id.

The job picks up log from STAD(using CDHDR and CDPOS), and updates the log table. The Controller then receives Workflow/Mail as per FF log review Request configuration

Regards

Former Member
‎04-17-2015 10:49 PM
0 Kudos

thanks all

madhusap
Active Contributor
‎04-18-2015 5:55 AM
0 Kudos

Hi Karunakar,

Once you get the required details or solution, please mark the discussion as Answered and close the thread. This will help others with same queries to find the solution easily.

Regards,

Madhu.

Answers (0)

Ask a Question