Scribd Logo
Importer

Bienvenue sur Scribd !

  • Emergency Access Management - SAP Blogs PDF

    Transféré par

    PabitraKumar
    85 vues5 pages

    Titre original

    Emergency Access Management _ SAP Blogs.pdf

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    85 vues5 pages

    Emergency Access Management - SAP Blogs PDF

    Transféré par

    PabitraKumar

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 5

    Products

    Products Industries
    Industries Support
    Support Training
    Training Community
    Community Developer
    Developer Partner
    Partner

    About
    About

     
    Home / Community / Blogs + Actions

    Emergency Access Management


    February 2, 2014 | 891 Views |

    Arif Mahamud
    more by this author

    Retagging required

    Analytics | governance risk and compliance sap grc

    share
    0 share
    0 tweet share
    0

    Follow

    Purpose and functionality

    1. EAM allow users to take responsibility for task outside of their normal
    job function.
    2. Allow temporary access for users when assigned with solving
    problem, giving them provisionally broad, but regulated access.
    3. This temporary access will monitored and reviewed by the
    application.
    4. EAM provides the ability to manage and utilize firefighting activities
    centrally from the access control application
    5. The log files can be distributed to controller and owner via workflow
    for additional approval

    Defining Users

    1. The owner of the ID


    2. The controller
    3. The users who will log on through EAM.

    Important Roles and Terms

    1. Firefighter: a business users requiring emergency access.


    2. Firefighter ID:
    3. A user id with elevated priviledges.
    4. Access T-code GRAC_SPM
    5. Firefighting: the act of using a firefighter id.
    6. Controller: review and approves (if necessary) the log file generated
    by the firefighter.
    7. Owner: a user responsible for the firefighter id and assignment the
    controller of the firefighter.

    Firefighter Application type:

    There are two deferent applications that can be used that can be used:

    1. ID based firefighter Application


    2. Role Based firefighter Application.

    Configure in the IMG using parameter 4000 (Application type)


    Only once application can be configured at a given time.
    GRC Server package

    1. The main application runs in the GRC server.


    2. It is possible to assignment user for all system using NWBC or portal.
    3. Provisioning of the emergency access can also be done via access
    request(Workflow)

    Process

    1. Firefighter access is done centrally using the GRC system.


    2. Firefighter logon to the GUI back and execute t-code GRAC_SPM
    3. Click on the login.

    Emergency Access Architecture

    Plug-in

    1. Once component called plug-in that is installed in remote system.


    2. Emergency Access Management access the plug-in using RFC.

    Prerequisite

    1. Create users and roles as needed


    2. Execute program GRAC_ROLEREP_USER_SYNC

    Centralized firefighter overview and prerequisites

    Centralized firefighter overview

    1. EAM provides a centralized console through which firefighter can


    logon to deferent system for firefighting.
    2. In id based scenarios, firefighter do not have to logon to individual
    client system to do firefighting.

    Centralized firefighter prerequisites


    1. Application type is 1 for id based firefighting
    2. Set parameter group 6 super users management
    3. Set parameter id 4000
    4. Firefighter user must exists in the central access control system and
    the role SAP_GRAC_SPM_FIREFIGHTER

    Centralized Logon Pad

    ● Access Control provides centralized logon pad for accessing the


    firefighter IDs in all connected back end systems

    The centralized logon pad allows:

    1. Displaying all firefighter IDs assigned to the user


    2. Logging on to all connected back end systems
    3. Sending messages to other firefighters who are using a specific
    firefighter ID
    4. Unlocking a firefighter session not closed properly

    While a Firefighter Session is running

    1. The status of the firefighter ID will display in red


    2. The firefighter can take the following actions:

    ● Click Additional Activity to enter more information

    ● If the firefighter ID is in use by another firefighter, choose Message to


    send notification to the other firefighter

    ● Choose Unlock to unlock the firefighter ID if it is locked

    EAM Configuration

    Parameter setting

    4000-Application type

    4001-Default Firefighter Validity Period (Days)

    4002-Send Email Immediately

    4003-Retrieve Change Log

    4004-Retrieve System log


    4005-Retrieve Audit log

    4006-Retrieve OS Command log

    4007-Send Log Report Execution Notification Immediately

    4008-Send FirefightId Login Notification

    4009-Log Report Execution Notification

    4010-Firefighter ID role name

    Monitoring Emergency Access

    Firefighter Report types and purpose

    Using firefighter reports

    1. Resulting change log is stored in CDHDR and CDPOS tables


    2. Log data is retrieved from the client system and stored in GRC for
    report generation

    Alert Moderator

    1 Comment
    You must be Logged on to comment or reply to a post.

    Harish Prakash

    November 19, 2015 at 12:58 pm

    Hello
    It is very informative, as a improvement please could you add screen shots for each
    steps that would give more clarity on the topics.
    Thanks

    Vous aimerez peut-être aussi