A high amount of time during a SAP GRC project will be spent on defining processes and responsibilities. My suggestion is to think in lifecycles for getting a better understanding of the processes and who is taking over the responsibilty.
In this post I would like to clarify the lifecycle of Firefighter IDs. I have grouped them into four steps Create, Change, Delete and Review. Please see for each step expected Tasks and who is involved.
I have additionally added the RACI matrix to see who is Responsible, Accountable, Consulted and Informed for each step. Please be aware that this is very much depending on the point of view and can be different in your organization. My considerations are commonsense and pretty much of thinking in smooth processes throughout a global enterprise.
Creation of Firefighter ID
Tasks
- Define the necessary access rights of the FFID
- Define the responsibilities (Ownership, Controller)
- Create Firefighter ID
Involved functions
- Firefighter owner
- SAP authorization team
- SAP GRC responsible
- Business role owner
Changing of Firefighter ID
Tasks
- Define the necessary changes in access rights
- Define changes in resonsibilities (Ownership, Controller)
- Define changes of Firefighter ID (e.g. validity)
Involved functions
- Firefighter owner
- SAP authorization team
- SAP GRC responsible
- Business role owner
Deletion of Firefighter ID
Tasks
- Delete the Firefighter ID
- Document the decision of the deletion
- Archive belonging firefighter logfiles
Involved functions
- Firefighter owner
- SAP authorization team
- SAP GRC responsible
Reviewing of Firefighter ID
Tasks
- Review validity
- Review firefighter ownership and controller
- Check proper access rights
Involved functions
- Firefighter owner
- SAP authorization team
- SAP GRC responsible
- Business role owner
If you want to have further information or contribute in this blog post do not hesitate to contact me or reply to this post directly.
- SAP Managed Tags:
11 Comments
