cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC Firefighter strategy

Go to solution
Former Member

on ‎10-29-2014 4:54 PM

0 Kudos

How many firefighter accounts are required if a customer has all modules of ECC implemented? Do firefigther accounts need to be SOD free?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎10-29-2014 5:05 PM
0 Kudos

Raj,

That is a function of variables such as the customer's risk appetite, how trusting they are of their SAP support team, and perhaps how finely delineated their support teams are. At my previous organization, they had only two flavors of FF, with HR and Without HR. I suspect that  it is more common to have one per module/ functional grouping.


Gretchen

Show replies
Show replies
Colleen
Advisor
Advisor
‎10-29-2014 5:14 PM
0 Kudos

You also need to consider log capture on building ff access

you don't want the ff ids to have too much access (eg non sensitive display) as transaction log will be massive. The ff controller won't want to sift through the results

number of accounts also depend on usage volume As only one person can use ff Id at a time

Raj - there's a few articles out on SCN for ff. your question is strategy and design. It will come down to your business requirement. There is not right answer here.

Answers (1)

Answers (1)

Former Member
‎10-29-2014 7:49 PM
0 Kudos

Create FF ids by process area and give access relevent to the process.  FF ids need not be SOD compliant but work with the functional and technical teams to identify the requirements for the role(s).  Ensure that the FF id logs are being reviewed after each usage. 

Show replies
Show replies
former_member197694
Active Contributor
‎10-30-2014 2:31 AM
0 Kudos

Hello

As per my understanding,there is no standard strategy for FF implementation with respect to FF accounts,it is purely depends on customer business,users and functionality.

As suggested by John Rajan,create FF ids with respect to Business Process.So that it is easy to identify the approvers and controller.

BR

Baithi

Ask a Question