A high amount of time during a SAP GRC project will be spent on defining processes and responsibilities. My suggestion is to think in lifecycles for getting a better understanding of the processes and who is taking over the responsibilty.
In this post I would like to clarify the lifecycle of user assignments to firefighter IDs. I have grouped them into four steps Assign, Usage, Delete and Review. Please see for each step expected Tasks and who is involved. Please see also my blog post about Firefighter ID lifecycle if you are interested to get more information in this regard.
The RACI matrix shows who is Responsible, Accountable, Consulted and Informed for each step. Please be aware that this is very much depending on the point of view and can be different in your organization. My considerations are commonsense and pretty much of thinking in smooth processes throughout a global enterprise.
Assignment of User to Firefighter ID
Tasks
- Request FF ID assignment
- Define validity of assignment
- Assign user to FF ID
- Define FF controller and method of notification
Involved functions
- Firefighter owner
- SAP authorization team
- SAP GRC responsible
Usage of Firefighter ID
Tasks
- Usage of Firefighter
- Check Firefighter logfiles
Involved functions
- Firefighter ID user
- Firefighter controller
Deletion of Firefighter ID assignment
Tasks
- Delete Firefighter ID assignment
Involved functions
- Firefighter owner
- SAP GRC responsible
Review of Firefighter ID assignment
Tasks
- Review if Firefighter ID assigment is still correct
- Define actions if necessary
Involved functions
- Firefighter owner
- Firefighter controller
- SAP authorization team
- SAP GRC responsible
Please contribute and share your opinion as comment to improve the quality of this document.
Thanks and regards,
Alessandro
- SAP Managed Tags:
1 Comment
