Hello,

I am looking for some guidance around strategy for Firefighter relating to FI/CO and PR.  Specifically, how do you recommend organizing Firefighter accounts and their authorizations?  I am using GRC 10 Access Control: ARA, UAM, EAM, BRM.

For example, I have implemented the following Firefighter accounts:

• Security - Security related authorizations
• Basis - Basis related authorizations
• ABAP - ABAP program maintenance/debugging
• Cutover - SAP_ALL Firefighter to be used during pre-approved Cutover activities

• Client Administration - SCC4 and related authorization
• Transport Administration - Import transports into Production
• Password Reset - authorization to reset passwords and unlock accounts
• Finance - umbrella FI access
• FI Open/Close Periods - opening and closing of posting periods

I am looking for guidance or advice on setting up more granular FI/CO/PR Firefighter accounts, while avoiding the headache of not having enough authorization in a single Firefighter account to get the job done.  After all, the users are accessing Firefighter in order to gain authorization above and beyond what is typically available to them.

When creating CO or PR Firefighter accounts, does it make sense to include ALL authorization objects and values from FI and MM authorization sets?  Many of the functions require a hybrid of FI/MM authorization, how to plan for this?

Audit issues to consider?

Any advice is welcome!

Thanks in advance,

Ken