cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Firefighter - Login Notification to Firefighter Users

Former Member

on ‎12-17-2015 2:28 PM

0 Kudos

Hello all,

I have a Firefighter for a specific tcode that allows maintenance of a configuration table, and I would like some of the Firefighters (users who access this Firefighter account) to actually receive login notifications just like the Controller does.  Why?  Because this account is shared by 5 people, and I would like them to all know when this particular configuration table is modified, and by whom.

However, GRC currently does not allow me to add someone as a Controller if they are currently assigned to the Firefighter account.  I understand that this is a necessary control, but is there a workaround?

I do not have much experience with GRC Access Alerts, but maybe this would provide a solution?  Any recommendations?

I've been thinking about notification agents in MSMP that would allow me to send a notification to the group, but this would take affect for all Firefighter accounts, and not just for the Firefighter account we are concerned about.

The main goal is to provide transparency and notification when this account is accessed.

Any advice or recommendations would be greatly appreciated.

Regards,

Ken


Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member222517
Explorer
‎12-17-2015 2:55 PM
0 Kudos

Hi Ken,

You may use BRF+ to define the agent rule for your log notification, where for the required FF ID the notification should go to a group of users and for rest to the controllers.

You may refer below article on BRF to give you an insight.

BRF plus Flate Rule - GRC Integration - Governance, Risk and Compliance - SCN Wiki

Thanks,

Priyanka

Show replies
Show replies
kevin_tucholke1
Contributor
‎12-17-2015 3:24 PM
0 Kudos

Priyanka: 

The LOGIN NOTIFICATION is not part of MSMP.  Your notificaiton would work on the Log Review side.

Ken:

Thinking about your scenario, would you want this at the LOGIN time or at the LOG REVIEW time?

MSMP would be for Log Review and SUBMISSION may be an available event on the Global Parameters where Priyanka's suggestion would work.

You could use an Alerting process but you would need to have a specific risk created for the scenario you are trying to alert on but it would be for EVERY change to that table no matter who did it.

Thanks,

Kevin Tucholke

Principal Consultant

SAP America

Former Member
‎12-17-2015 3:36 PM
0 Kudos

Thanks, Kevin.  I want notification at time of login.  I will configure a new Critical Action risk for this particular tcode, and then I will configure the Access Alert.

kevin_tucholke1
Contributor
‎12-17-2015 4:21 PM
0 Kudos

Ken:

Just to be clear, the alerting process will be AFTER the login.  As the Action Usage report will need to run, then the Alerting job.

If you want it at login, you may need to raise a customer incident to see if this is possible.

Cheers

Kevin

Former Member
‎12-17-2015 4:26 PM
0 Kudos

Thanks, Kevin.  Understood.

However, I have configured my access alert, and it is showing in my NWBC report, but I do not have any notification being sent to the risk owner.  I have included "send notification"  in the program execution for GRAC_ALERT_GENERATION, but I do not have any outbound messages in SOST for the alert.  Currently investigating note 1728869, but wanted to check to see if you have had this issue before?

GRC 10.0 SP13

-Ken

Ask a Question