Académique Documents
Professionnel Documents
Culture Documents
Process Diagram
Purpose, Benefits, and Key Process Steps
Purpose
This scenario describes the Emergency Access Management process in SAP Access
Control.
The Emergency Access Management enables users to perform duties not includes in the
roles or profiles assigned to their user ids, it also can be use in a special period to do some
important business.
Benefits
Provides a solution for systematic handling of emergency situations.
Managing the risk for the special access necessary to resolve the issue.
Company Roles
End User
Firefighter Role Owner
Firefighter Controller
Internal Auditor
End User Firefighter Role Owner Firefighter Controller Internal Auditor End User
A Email 1
Request for
Firefighter ID
Email 2
B
Request approved by
Firefighter Owner
Email 3
C D
Use Firefighter ID Start Firefighter
Logon (SAP AC) Session (SAP ERP)
E
Review and approve
the Firefighter log
F
Review Consolidated
Log Report
End User Firefighter Role Owner Firefighter Controller Internal Auditor End User
A Email 1
Request for
Firefighter ID
Email 2
B
Request approved by
Firefighter Owner
G
Use Firefighter ID
Logon (SAP ERP)
Email 3
D
Start Firefighter
Session (SAP ERP)
E
Review and approve
the Firefighter log
F
Review Consolidated
Log Report
Icon Legend
Icon Name
A
Request for Firefighter ID
SAP GRC AC NWBC: Access Management Access Request Creation Access Request
B
Request approved by Firefighter Owner
SAP GRC AC NWBC: My Home Work Inbox Work Inbox
Use Firefighter ID Logon (SAP AC)
C
Transaction Code: GRAC_SPM
Start Firefighter Session (SAP ERP)
D
Transaction Code: MMPV
E Review and approve the Firefighter log
SAP GRC AC NWBC: My Home Work Inbox Work Inbox
F Review Consolidated Log Report
SAP GRC AC NWBC: Reports and Analytics Emergency Access User Management Reports Consolidated Log Report
G Use Firefighter ID Logon (SAP ERP)
Transaction Code: /N/GRCPI/GRIA_EAM
Email 1 After the End User creates a new request for Firefighter ID, send Email to Firefighter ID Owner to inform that a new request
needs to be approved.
Email 2 After the Firefighter ID Owner approves/rejects the request, send Email to End User to inform that the request has been
approved/rejected.
Email 3 After the firefighter session starts, send Logon Notification to Firefighter Controller.
After do the Firefighter log synch, send Email to Firefighter Controller to inform that a new firefighter log needs to be approved.