GR3 - Emergency Access Management

Process Diagram
Purpose, Benefits, and Key Process Steps

Purpose
This scenario describes the Emergency Access Management process in SAP Access
Control.
The Emergency Access Management enables users to perform duties not includes in the
roles or profiles assigned to their user ids, it also can be use in a special period to do some
important business.

Benefits
Provides a solution for systematic handling of emergency situations.
Managing the risk for the special access necessary to resolve the issue.

Key Process Steps

Request for Firefighter ID
Request approved by Firefighter Owner
Use Firefighter ID Logon
Start Firefighter Session in SAP ERP
Review and approve the Firefighter log
Review Consolidated Log Report

2014 SAP AG. All rights reserved. 2

Required SAP Applications and Company Roles

Required SAP Applications

SAP Access Control 10.1

Company Roles
End User
Firefighter Role Owner
Firefighter Controller
Internal Auditor

2014 SAP AG. All rights reserved. 3

Detailed Process Description (1/2)

GR3 Emergency Access Management

Section 1: Centralized EAM
Request for Firefighter ID
Request approved by Firefighter Owner
Use Firefighter ID Logon in SAP AC
Start Firefighter Session in SAP ERP
Review and approve the Firefighter log
Review Consolidated Log Report

2014 SAP AG. All rights reserved. 4

Detailed Process Description (2/2)

GR3 Emergency Access Management

Section 2: Decentralized EAM
Request for Firefighter ID
Request approved by Firefighter Owner
Use Firefighter ID Logon in SAP ERP
Start Firefighter Session in SAP ERP
Review and approve the Firefighter log
Review Consolidated Log Report

2014 SAP AG. All rights reserved. 5

GR3 Emergency Access Management Centralized EAM
(1/2)
Access Control SAP ERP

End User Firefighter Role Owner Firefighter Controller Internal Auditor End User

A Email 1

Request for
Firefighter ID

Email 2
B
Request approved by
Firefighter Owner

Email 3
C D
Use Firefighter ID Start Firefighter
Logon (SAP AC) Session (SAP ERP)

E
Review and approve
the Firefighter log

F
Review Consolidated
Log Report

2014 SAP AG. All rights reserved. 6

GR3 Emergency Access Management Decentralized
EAM (2/2)
Access Control SAP ERP

End User Firefighter Role Owner Firefighter Controller Internal Auditor End User

A Email 1

Request for
Firefighter ID

Email 2
B

Request approved by
Firefighter Owner

G
Use Firefighter ID
Logon (SAP ERP)

Email 3
D
Start Firefighter
Session (SAP ERP)

E
Review and approve
the Firefighter log

F
Review Consolidated
Log Report

2014 SAP AG. All rights reserved. 7

GR3 Emergency Access Management

Icon Legend

Icon Name
A
Request for Firefighter ID
SAP GRC AC NWBC: Access Management Access Request Creation Access Request
B
Request approved by Firefighter Owner
SAP GRC AC NWBC: My Home Work Inbox Work Inbox
Use Firefighter ID Logon (SAP AC)
C
Transaction Code: GRAC_SPM
Start Firefighter Session (SAP ERP)
D
Transaction Code: MMPV
E Review and approve the Firefighter log
SAP GRC AC NWBC: My Home Work Inbox Work Inbox
F Review Consolidated Log Report
SAP GRC AC NWBC: Reports and Analytics Emergency Access User Management Reports Consolidated Log Report
G Use Firefighter ID Logon (SAP ERP)
Transaction Code: /N/GRCPI/GRIA_EAM
Email 1 After the End User creates a new request for Firefighter ID, send Email to Firefighter ID Owner to inform that a new request
needs to be approved.
Email 2 After the Firefighter ID Owner approves/rejects the request, send Email to End User to inform that the request has been
approved/rejected.
Email 3 After the firefighter session starts, send Logon Notification to Firefighter Controller.
After do the Firefighter log synch, send Email to Firefighter Controller to inform that a new firefighter log needs to be approved.

2014 SAP AG. All rights reserved. 8

Thank you