What is the SAP GRC Firefighter Controller?

Who is a Controller in SAP GRC Access Controls? A Controller is responsible for monitoring and assessing the appropriateness of activity performed by a user using an individual Firefighter ID. The Controller is responsible for auditing the usage of the FFID’s by reviewing and signing off on the Firefighter Log Report, thereby ensuring only expected and appropriate actions occurred during the firefighting session and addresses or raises concerns of misuse to the appropriate parties.

There are certain questions in a Controllers Log Review Checklist. Here are a few of them:

  • Is there an incident number?
  • Has the firefighter documented adequate information upon checkout?
  • Has the appropriate FF ID been checked out?
  • Do the actions performed by the FF match the intended actions?
  • Were fraudulent or unauthorized actions performed with the elevated access?
  • Is the firefighter only used in an emergency situation?

In case there is an audit after six months and auditors want to know if a controller performed their check or not, we can get the report where controllers approved the controller log review after the firefighter activity.

NWBC=>Access Management=>ARA=>Search Requests? Select “Process ID=Firefighter Log Report Review Workflow” and the period of interest.  This report should show you all requests and the status for each. From there you can drill into any of them to see status, export the list, etc.

GRC FF1

Let’s take a look at the steps to set up firefighter sessions and the entire process of the firefighter activity along with the Controller Log Review Report Approval.

Step 1: Assign the firefighter ID: FIREFIGHTER to the firefighter user id = rurs

GRC Firefighter Controls

Step 2: Double check the firefighter ID is assigned to a controller. In this case it is RRURS.

GRC Firefighter Controls

Step 3: Assign Firefighter ID: FIREFIGHTER to the Owner ID: RRURS

GRC Firefighter Controls

Step 3.5: Check if parameter 1113 is set up and WF-BATCH has an email id set up.

GRC Firefighter Controls

Step 4: Log in to the target system and start your firefighter session.

Access the target system and enter the transaction code: /GRCPI/GRIA_EAM

GRC Firefighter Controls

Click on Logon and enter the information below:

GRC Firefighter Controls

After the firefighter activity has been completed, click “log off”.

GRC Firefighter Controls

Check to see the notification settings for your controller. This will determine the method of receiving the log report.

GRC Firefighter Controls

You have three options here:

  • Workflow – which will send a work item in your mail without any email notification
  • Email – which will send you an email notification with a link to the SPM log
  • Log Display

GRC Firefighter Controls

Based on the above settings, the controller will receive the work item in the work inbox as shown below.

GRC Firefighter Controls

As seen below a work item is sent to the controller.

GRC Firefighter Controls

 

GRC Firefighter Controls

You can enter Notes in this section if any. For example, if there was an incident raised for opening this Firefighter ticket, here is an option to enter the Solman ticket #.

GRC Firefighter Controls

You can also upload attachments if needed. For example, a Risk and Control Matrix with the Firefighter Control testing related information.

This section will be mandatory if the stage settings are set as required (shown below).

Notice that the process ID used is also shown below:

GRC Firefighter Controls

Notice that the Comments section is set as Mandatory.

GRC Firefighter Controls

The Notes section is where the controller needs to enter the notes before approving the Firefighter Log.

GRC Firefighter Controls

You can also upload an attachment if needed.

GRC Firefighter Controls

Adjust the layout to have the “Activity Description” Field right next to the “Transaction” Field.

GRC Firefighter Controls

The controller can now compare what Tcodes the firefighter said he was going to execute and what he actually executed.

GRC Firefighter Controls

Notice the user entered SPRO but he did not mention that he would execute that Tcode as stated in the activity description. Now, the controller can send it back to the firefighter to update the info and send it back.

Check the status of the Log Review data in this report. It should say “Running” as it has not yet been approved.

GRC Firefighter Controls

(1) Hold – If multiple controllers have received workitem and any one of the controllers wants to keep the workitem with him, then he can keep it on hold. In the meantime he can check more details. When the workitem is on hold for other controllers this will be visible in non-editable mode and the controller who has kept on hold will have “Release” option in “Other actions”. When the controller is ready, he can release the workitem for other controllers and then the workitem will be visible in Edit mode to all controllers.

(2) Additional Information – If the controller wants more information from firefighter then he can forward the workitem to firefighter using this action. The firefighter will provide details in Note tab and then return it back to the Controller. Then the controller can further process the workitem.

(3) Forward- If the controller wants to forward the workitem to any of the users or to any other controller in EAM then this option could be used. To use the option tick the checkbox “Forward” in Stage level task setting.

That is a good overview of SAP GRC Access Controls. To learn more about rapid deployment of GRC Access Controls, click here. To register for a live webinar about GRC Process Controls, click here. In part two of this blog, we’ll examine the ‘Additional Information’ feature and the log submission process.

Similar posts

Read more
SAP BOBJ 4.2
Read more
Read more
SAP BOBJ 4.2
Read more
Read more
SAP SuccessFactors Quarterly Release Highlights
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow us: