cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

EAM - Best Practices

Go to solution
leos
Active Participant

on ‎05-21-2015 1:53 PM

0 Kudos

G'Day All,

I would like to draw upon your collective knowledge in regards to the best practices that needs to be adhered to while implementing/using firefighter (EAM). I acknowledge that there is already an abundance of information as to the technical side of the things here on SCN, so to be specific I am more interested in:

  1. Identification/Justification of usage of firefighting (what truly qualifies considering this is a form of Mitigation Control)
  2. Firefighter Log Report Review
    • Workflow 
    • Audit trails
    • Archiving  
  3. Key Tables related to usage, tracking and audit purposes. For example:
    • GRACFFLOG
    • GRACFFCTRL
    • GRACFFREPMAPP
    • GRACREQ
    • GRACREQOWNER
    • GRFNMWRTAPPR
  4. Anything you deem necessary or encountered that is worth sharing

Regards,

Leo..

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

alessandr0
Active Contributor
‎05-21-2015 2:03 PM
0 Kudos

Hi Leo,

first of all.. welcome back 🙂

Regarding your post... did you check my process documents for firefighters? Maybe they are helpful for an overview.

http://scn.sap.com/community/grc/blog/2014/03/03/firefighter-id-lifecycle

http://scn.sap.com/community/grc/blog/2014/03/07/firefighter-id-user-assignment-lifecycle

Also check the documents regarding mitigating controls and internal controls:

http://scn.sap.com/docs/DOC-53355

http://scn.sap.com/docs/DOC-56548

Looking forward to your feedback.


Cheers,

Ale

Show replies
Show replies
leos
Active Participant
‎05-21-2015 2:27 PM
0 Kudos

Thanks Ale. I know its been quite a while 🙂

I did go through all of the documentation under EAM in your useful documents section and I read these last year but I shall go through them again.

Just quickly though, how does the third option (Log display) of Notification method for the Controller work? I know the other two (Email & Workflow) but how do Controller's get/check the logs using this option and can they approve/add comments etc?

Cheers

Leo..


alessandr0
Active Contributor
‎05-21-2015 4:43 PM
0 Kudos

Dear Leo,

log display means that no automated notification is sent to the controller. The log can be seen in the reports in NWBC.

Hope this answers your question in short

Cheers,

Ale

leos
Active Participant
‎05-22-2015 7:27 AM
0 Kudos

Thanks Ale, appreciate it.

Cheers

Leo..

Answers (1)

Answers (1)

alessandr0
Active Contributor
‎05-27-2015 8:38 AM
0 Kudos

Dear Leo,

I will provide a document regarding the audit trails from a high level perspective in the next days. Therefore I will move your request to the collaboration topic (hope you don't mind).

Cheers,

Alessandro

Show replies
Show replies
leos
Active Participant
‎05-27-2015 5:08 PM
0 Kudos

Sure Ale, please go for it.

While you are at it, can you specify what's the ideal/recommended escalation time for FF log reviews please? I mean given the importance of it what do you reckon makes the ideal time. 24-48hrs sounds reasonable but then what happens when someone logs in Friday evening or something? 

Also the frequency of the background jobs (log collection and workflow sync)??

This isn't just pointed at you, anyone's free to chip in.

Regards,

Leo..

alessandr0
Active Contributor
‎05-28-2015 7:18 AM
0 Kudos

Dear Leo,

regarding the frequency I would recommend to run the log sync hourly. Escalation time depends pretty much on your definition.. and as far as I have seen in several companies it is different from one company to another. Personally I recommend to set it to 3 days (72 hours) as this should be an acceptable time frame for a controller.

Regards,

Alessandro

leos
Active Participant
‎05-28-2015 8:17 AM
0 Kudos

Thanks Ale. Appreciate your feedback.

Regards,

Leo..

Former Member
‎05-28-2015 1:40 PM
0 Kudos

Leo/ Alessandro,

We have our incremental syncs scheduled for hourly except for the portal sync, which apparently takes several hours to run. (The others are all a minute or less.)  If you have to do a portal sync, I suggest scheduling it separately, after you see how long it takes in your landscape.

Gretchen

leos
Active Participant
‎05-28-2015 2:05 PM
0 Kudos

Thanks Gretchen, appreciate your input on this.

Regards,

Leo..

Ask a Question