EAM usage from our business perspective
Emergency Access Management, better known as firefighting, is a tool which gives the user emergency access for a limited amount of time. One of the advantages of this tool is that the access can be tracked and monitored by a defined controlling level. Since GRC 5.3 our internal SAP CC is using firefighting for business transactions which are not assigned to the user directly. Firefighters can also be used in business, for example for deputizations or critical business transactions which are used rarely. Another example is transactions which are used for month or year-end closing.
The firefighting process itself is very simple and can be understood very easily. A Firefighter ID, which can be used by a user, does have independent authorizations and is mostly just authorized for a few transactions (e.g. only payment run).
Once a user has requested the Firefighter ID he has to select the reason of firefighting and enter the expected activities. After the emergency access has been done a regular log-out from the firefighter ID will trigger the approval workflow. As each firefighter ID does have a defined controlling level (a so called controller), this workflow is automatically sent and waiting for review and the approval by its defined controlling level. As long as no inappropriate actions were performed, the defined controlling level can approve the workflow and end the process. If there were inappropriate actions performed, the defined controlling level has to collect information to make sure why and what has been done and how this issue be fixed. It also needs to be properly documented for audit purposes.