Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Best Practices for using FireFighter Id's

Former Member
0 Kudos

Experts,

I was just wondering what is the best practice in assigning FireFighter Id's to developers in a company, I mean do most of the developers have their own firefighter Id's or do they share a common FirefFighter (for example: a single FireFighter to a small group of developers or people).

Please suggest how this works in your companies.

Will reward points for helpful answers.

Thanks,

1 ACCEPTED SOLUTION

Former Member
0 Kudos

Hi Naveen,

In such cases where the users will have to work in the same time, you need to assign each developer his own firefighter id.

Indeed, when a firefighter id is in use by one user, it cannot be used by another user !

So, more generally:

- If the activity covered by the firefighter id is to be used occasionaly and by one user at a time, then go for one firefighter id for multiple users;

- In other cases, go for an FF id for each user.

Rgds,

Karim

5 REPLIES 5

Former Member
0 Kudos

Dear Naveen,

The privileged-user access management functionality of SAP GRC Access Control is enabled by the Virsa FireFighter application for SAP.

Virsa FireFighter for SAP can grant <b>privileged access to select users</b>, which could not be accomplished from outside the target applications. It is typically deployed on the production system to ensure proper super-user handling. Only the reporting component runs outside of the SAP application.

Why do you want to give priviledged access to all the users first of all. Even if you want to you should not share the credentials.

Hope this will help.

Regards,

Naveen.

0 Kudos

Naveen,

I am not saying that all the end users need access to FF Id's I am talking about the developers and other Project team members...

0 Kudos

Why do you want to give priviledged access to all the users first of all.

I was going through this thread and wanted to put some comments. In my opinion there might be numerous situations when developers team need change/update authorization on production system to fix critical problems. and it is also possible that more than one developer requires this authorization.

There may be some other situation when a developer needs to logon to production system to check production system performance. Sometimes critical transactions require developers assistance to resolve issues in production environment.

So as Naveen (first) said he has a situation where more than one developer needs to work on production system, according to me it is a valid scenario.

Another thing that Naveen (second) mentioned,

Even if you want to you should not share the credentials

To my knoweledge the firefighter user credentials which include password as well is not required to be known by the user. any user who is assigned a firefighter ID doesn not require to enter user or password or any other credentials. So user credentials are never shared among different users.

I hope i made a valid point.

Best Regards,

Amol Bharti

Former Member
0 Kudos

Hi Naveen,

In such cases where the users will have to work in the same time, you need to assign each developer his own firefighter id.

Indeed, when a firefighter id is in use by one user, it cannot be used by another user !

So, more generally:

- If the activity covered by the firefighter id is to be used occasionaly and by one user at a time, then go for one firefighter id for multiple users;

- In other cases, go for an FF id for each user.

Rgds,

Karim

Former Member
0 Kudos

Thanks Karim, Thatz what I was looking for...