Emergency Access Management _ Sap Blogs.pdf
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Emergency Access Management _ Sap Blogs.pdf as PDF for free.
More details
- Words: 716
- Pages: 5
Loading documents preview...
Products Products
Industries Industries
Support Support
Training Training
Community Community
Developer Developer
Partner Partner
About About
+ Actions
Home / Community / Blogs
Emergency Access Management February 2, 2014
|
891 Views |
Arif Mahamud more by this author
Retagging required Analytics | governance risk and compliance sap grc
share 0
share 0
tweet
share 0
Follow
Purpose and functionality
1. EAM allow users to take responsibility for task outside of their normal job function. 2. Allow temporary access for users when assigned with solving problem, giving them provisionally broad, but regulated access.
3. This temporary access will monitored and reviewed by the application. 4. EAM provides the ability to manage and utilize firefighting activities centrally from the access control application 5. The log files can be distributed to controller and owner via workflow for additional approval
Defining Users
1. The owner of the ID 2. The controller 3. The users who will log on through EAM.
Important Roles and Terms
1. Firefighter: a business users requiring emergency access. 2. Firefighter ID: 3. A user id with elevated priviledges. 4. Access T-code GRAC_SPM 5. Firefighting: the act of using a firefighter id. 6. Controller: review and approves (if necessary) the log file generated by the firefighter. 7. Owner: a user responsible for the firefighter id and assignment the controller of the firefighter.
Firefighter Application type:
There are two deferent applications that can be used that can be used: 1. ID based firefighter Application 2. Role Based firefighter Application.
Configure in the IMG using parameter 4000 (Application type) Only once application can be configured at a given time.
GRC Server package 1. The main application runs in the GRC server. 2. It is possible to assignment user for all system using NWBC or portal. 3. Provisioning of the emergency access can also be done via access request(Workflow)
Process
1. Firefighter access is done centrally using the GRC system. 2. Firefighter logon to the GUI back and execute t-code GRAC_SPM 3. Click on the login.
Emergency Access Architecture
Plug-in 1. Once component called plug-in that is installed in remote system. 2. Emergency Access Management access the plug-in using RFC.
Prerequisite 1. Create users and roles as needed 2. Execute program GRAC_ROLEREP_USER_SYNC
Centralized firefighter overview and prerequisites Centralized firefighter overview 1. EAM provides a centralized console through which firefighter can logon to deferent system for firefighting. 2. In id based scenarios, firefighter do not have to logon to individual client system to do firefighting.
Centralized firefighter prerequisites
1. Application type is 1 for id based firefighting 2. Set parameter group 6 super users management 3. Set parameter id 4000 4. Firefighter user must exists in the central access control system and the role SAP_GRAC_SPM_FIREFIGHTER
Centralized Logon Pad
● Access Control provides centralized logon pad for accessing the firefighter IDs in all connected back end systems The centralized logon pad allows: 1. Displaying all firefighter IDs assigned to the user 2. Logging on to all connected back end systems 3. Sending messages to other firefighters who are using a specific firefighter ID 4. Unlocking a firefighter session not closed properly
While a Firefighter Session is running 1. The status of the firefighter ID will display in red 2. The firefighter can take the following actions:
● Click Additional Activity to enter more information ● If the firefighter ID is in use by another firefighter, choose Message to send notification to the other firefighter ● Choose Unlock to unlock the firefighter ID if it is locked EAM Configuration Parameter setting 4000-Application type 4001-Default Firefighter Validity Period (Days) 4002-Send Email Immediately 4003-Retrieve Change Log 4004-Retrieve System log
4005-Retrieve Audit log 4006-Retrieve OS Command log 4007-Send Log Report Execution Notification Immediately 4008-Send FirefightId Login Notification 4009-Log Report Execution Notification 4010-Firefighter ID role name
Monitoring Emergency Access Firefighter Report types and purpose Using firefighter reports 1. Resulting change log is stored in CDHDR and CDPOS tables 2. Log data is retrieved from the client system and stored in GRC for report generation
Alert Moderator
1 Comment You must be Logged on to comment or reply to a post.
Harish Prakash November 19, 2015 at 12:58 pm
Hello It is very informative, as a improvement please could you add screen shots for each steps that would give more clarity on the topics. Thanks
Industries Industries
Support Support
Training Training
Community Community
Developer Developer
Partner Partner
About About
+ Actions
Home / Community / Blogs
Emergency Access Management February 2, 2014
|
891 Views |
Arif Mahamud more by this author
Retagging required Analytics | governance risk and compliance sap grc
share 0
share 0
tweet
share 0
Follow
Purpose and functionality
1. EAM allow users to take responsibility for task outside of their normal job function. 2. Allow temporary access for users when assigned with solving problem, giving them provisionally broad, but regulated access.
3. This temporary access will monitored and reviewed by the application. 4. EAM provides the ability to manage and utilize firefighting activities centrally from the access control application 5. The log files can be distributed to controller and owner via workflow for additional approval
Defining Users
1. The owner of the ID 2. The controller 3. The users who will log on through EAM.
Important Roles and Terms
1. Firefighter: a business users requiring emergency access. 2. Firefighter ID: 3. A user id with elevated priviledges. 4. Access T-code GRAC_SPM 5. Firefighting: the act of using a firefighter id. 6. Controller: review and approves (if necessary) the log file generated by the firefighter. 7. Owner: a user responsible for the firefighter id and assignment the controller of the firefighter.
Firefighter Application type:
There are two deferent applications that can be used that can be used: 1. ID based firefighter Application 2. Role Based firefighter Application.
Configure in the IMG using parameter 4000 (Application type) Only once application can be configured at a given time.
GRC Server package 1. The main application runs in the GRC server. 2. It is possible to assignment user for all system using NWBC or portal. 3. Provisioning of the emergency access can also be done via access request(Workflow)
Process
1. Firefighter access is done centrally using the GRC system. 2. Firefighter logon to the GUI back and execute t-code GRAC_SPM 3. Click on the login.
Emergency Access Architecture
Plug-in 1. Once component called plug-in that is installed in remote system. 2. Emergency Access Management access the plug-in using RFC.
Prerequisite 1. Create users and roles as needed 2. Execute program GRAC_ROLEREP_USER_SYNC
Centralized firefighter overview and prerequisites Centralized firefighter overview 1. EAM provides a centralized console through which firefighter can logon to deferent system for firefighting. 2. In id based scenarios, firefighter do not have to logon to individual client system to do firefighting.
Centralized firefighter prerequisites
1. Application type is 1 for id based firefighting 2. Set parameter group 6 super users management 3. Set parameter id 4000 4. Firefighter user must exists in the central access control system and the role SAP_GRAC_SPM_FIREFIGHTER
Centralized Logon Pad
● Access Control provides centralized logon pad for accessing the firefighter IDs in all connected back end systems The centralized logon pad allows: 1. Displaying all firefighter IDs assigned to the user 2. Logging on to all connected back end systems 3. Sending messages to other firefighters who are using a specific firefighter ID 4. Unlocking a firefighter session not closed properly
While a Firefighter Session is running 1. The status of the firefighter ID will display in red 2. The firefighter can take the following actions:
● Click Additional Activity to enter more information ● If the firefighter ID is in use by another firefighter, choose Message to send notification to the other firefighter ● Choose Unlock to unlock the firefighter ID if it is locked EAM Configuration Parameter setting 4000-Application type 4001-Default Firefighter Validity Period (Days) 4002-Send Email Immediately 4003-Retrieve Change Log 4004-Retrieve System log
4005-Retrieve Audit log 4006-Retrieve OS Command log 4007-Send Log Report Execution Notification Immediately 4008-Send FirefightId Login Notification 4009-Log Report Execution Notification 4010-Firefighter ID role name
Monitoring Emergency Access Firefighter Report types and purpose Using firefighter reports 1. Resulting change log is stored in CDHDR and CDPOS tables 2. Log data is retrieved from the client system and stored in GRC for report generation
Alert Moderator
1 Comment You must be Logged on to comment or reply to a post.
Harish Prakash November 19, 2015 at 12:58 pm
Hello It is very informative, as a improvement please could you add screen shots for each steps that would give more clarity on the topics. Thanks
Related Documents
Emergency Access Management _ Sap Blogs.pdf
February 2021 1
Grc12 Configuring Emergency Access Management
February 2021 1
Sap Access Management
February 2021 1
Making Sap Grc Access Control
February 2021 1
Grc Access Control - Access Risk Management Guide
February 2021 1
Mastering Sap Inventory Management
February 2021 1More Documents from "everlast_666"
Emergency Access Management _ Sap Blogs.pdf
February 2021 1