Information GRC Tool: SAP Fire Fighter 50000 foot view
Problem: Giving extra access to user for limited time.
Example: User want to open a period in production but only needs the access for one of the month . The user will call the help desk for additional access. Then the additional access is given but there is not insight on what the user actually did. There is also additional cost in manually assigning access to user
Tool Information: The Fire fighter tool lets the user have additional access for limited amount of time and also logs the access.
Implementation: New roles are created with additional access and linked to the select group of user. The user is added in fire fighter tool and assigned a supervisor. This will enable the supervisor to get email when the user utilizes the additional access through fire fighter. The user can be enabled access for limited time or longer time.
Implementation Strategies:
1. The enabling access to the fire fighter should be assigned to functional team so the decision making process can rest with knowledgeable people
2. The logs should be reviewed by functional leads and audit group so they can analyze how often the access is used. This analysis can reveal if the transaction should be added to the users current roles or remain in Fire Fighter role
Advantages:
1. Emergency access Can be properly managed and tracked
2. Additional access can be provided to certain users who are back up
3. Production support and pre go live trouble ticket calls can be reduced
4. Can be used as mitigation control
Caution: The tool should not be used as substitute for poor sap security role design.