Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

fire fighter

Go to solution
Former Member

‎07-21-2008 7:12 AM

0 Kudos

Guys,

From my understanding the use of fire fighter is for emergency access in PRD. For that we can just create separate ID in sap system with almost sap_all authorization (not sap_all) and access PRD whenever there is a need.But why we need sap VIRSA fire fighter or SAP GRC super user privilege management?.

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎07-29-2008 9:56 AM

0 Kudos

FireFighter uses the STAT tables that are created by the program RSCOLL00. Therefore if the information you require is not captured in these tables then FireFighter does not report on it.

AC 5.x FireFighter does NOT require table logging to be turned on.

5 REPLIES 5

Go to solution
Former Member

‎07-21-2008 8:18 AM

0 Kudos

Virsa Firefighter allows for tracking of who connects where, and what they do while connected. If you assign a generic SAP "super user", you loose these important tracking and auditing features... unless, of course, you create your own tracking system (for instance by activating a user exit upon login, demanding the person who logs in using the "super user" to identify him/herself and store some vital info such as time, date, ip address of the terminal used to connect and so on). Also, you'd need to turn security audit logging on.

Firefighter gives you all of these security mechanisms in one package, one which tastes good to your auditors, too...

Trond

Go to solution
Former Member
In response to Former Member

‎07-21-2008 1:22 PM

0 Kudos

More specifically, Virsa firefighter will tell you which tcodes were executed and may be able to tell you which master tables were accessed (I believe table logging has to be activated). And its all bundled into one report.

Go to solution
Former Member

‎07-22-2008 3:22 PM

0 Kudos

We use the Fire Fighter ids to assign to our suport staff a unique FF ID to each individual so that they can use to access authorizations beyond their normal access; this allows them to address issues in a timely manner and most importantly, we receive an audit report of what they actually executed; this allows us to provide emergency support quickly and with the audit reporting facility obtain what the user has executed and review it; this sits well with the auditors when they want to know how we handle emergency needs and how is it monitored

Jerry Synoga

Ryerson Inc.

630-758-2021

Go to solution
Former Member

‎07-29-2008 9:56 AM

0 Kudos

FireFighter uses the STAT tables that are created by the program RSCOLL00. Therefore if the information you require is not captured in these tables then FireFighter does not report on it.

AC 5.x FireFighter does NOT require table logging to be turned on.

Go to solution
Former Member

‎08-05-2008 12:04 AM

0 Kudos

It is crucial with Firefighter that access be temporary and a strong structure be developed for evaluating the Firefighter logs. Without these two items Firefighter actually becomes a audit liability for your IT department. The only concern with using a SAP Most approach can be the creation of SOD's within Firefighter or access to sensitive data. Internal and External audit are reviewing Sod's which exist within Firefighter accounts and the authorizations available.