on 04-15-2015 7:40 PM
Hello All,
We are implementing the GRC Access Control 10.1
We have a requirement in EAM, as below.
Example:
We have provided one day validity for FF id, Firefighter has completed
his activity in one hour, after that firefighter OR security team has to close the FF
access forcefully.
security team is not intrested to keep the FF access for full one day (after completion of work).
Kindly let us know, this functionality is avaiable in GRC access
control
10.1. or not.
Thanks in advance.
Regards,
Karunakar
Hi Karunakar,
As per your requirement you have to define a process where user after finishing the Firefighter activities required should inform the Security/Support team and they should revoke the access from the user from frontend.
Closing FF session forecefully means are you thinking about killing a session which is active using SM04, it can lead to issue like logs missing etc.
Better to have a proper process defined as well as make sure FF IDs usage process is defined and documented clearly which should be used for only specific issues.
Regards,
Madhu.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Karunakar,
As madhu babu rightly pointed out killing the session with SM04 leads to incomplete logs.
So, there are two solutions here.
1). Once the FF id usage is over, the user can inform the Security Team to Revoke the access.
2). Whenever the usage of FF id is over, Security team can be available while solving the issue and once the issue is solved they can revoke the access but again it will take some of the man hours of Security which I guess the team might not be interested in.
Anyways, the logs are getting generated and moving to the controller.
Regards,
Deepak M
Hello All,
Thanks for the suggestions.
Here we will provide FF access for one day validity, and controller has to get FF log once in a day (end of the day - system time).
If i schedule batch job - FireFighter Log Synce once in a day (then FF log will get to controller once in a day) is it works or every time Firefighter logs off FF log will get generated and log will be generated and sends to controller.
Thanks in advance.
Regards,
Karunakar
Hello karunakar,
It is recommended to schedule the job hourly cos if there are many FF Ids used in a day and the job scheduled daily it might not pull all the chunk of logs and push it to the controller properly and might run into some performance issues.
Go through this note and plan scheduling your batch job accordingly.
1617529 - Best Practices For Improving Performance of EAM Log Sync job
Let me know if you need any other information.
Regards,
Deepak M
Hi Karunakar,
FF log report is sent after the update job has run(if 4007 set as YES).Closing the session forcefully is not a good practice. The security team can ask the FF user to exit the FF id, and then remove assignment/validity of the FF id.
The job picks up log from STAD(using CDHDR and CDPOS), and updates the log table. The Controller then receives Workflow/Mail as per FF log review Request configuration
Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.