In this article, I will provide an overview of the Emergency Access Management reports and which information can be seen. GRC provides six reports specifically for EAM, e.g. the consolidate log report shows firefighting activities which have been executed while using firefighter. The consolidate log report is far the best and used for management review from the firefighter controller (if workflow is in place). The consolidated log report has all the captured information from the backend system in a consolidated view. Following a short overview of the captured information and where it comes from.

 

Transaction Log

Captures transaction executions from transaction STAD. System, Firefighter, Firefighter ID, Reason Code, Transaction, Date and Owner are read.

 

System Log

Captures debug and replace information from transaction SM21.

 

Change Log

Captures change log from change document objects which are stored in table CDPOS and CDHDR.

 

Security Audit Log

Captures security audit log from transaction SM20.

 

OS Command Log

Captures changes to OS commands from transaction SM49. For further investigation or to get more information about the activities performed in the backend system these transactions might be helpful.

 

Other reports are:

Invalid Superuser Report – shows expired, locked and deleted firefighter IDs.

Firefighter Log Summary – shows firefighter ID session details (only available for ID-Based firefighter, see also my blog post about Types of Firefighter).

Reason Code and Activity Report – shows reason and activity details.

SOD Conflict Report for Firefighter IDs – shows SoD conflicts (risk analysis) for firefighting sessions.

 

Please contribute in this blog post and share your experience and know-how about firefighter reporting.

To report this post you need to login first.

3 Comments

You must be Logged on to comment or reply to a post.

  1. Bugesh Veesamsetty

    Hi Alessandro, Great article !! I have implemented the MSMP workflow for Log review. Do you know if there is a report that lists the FF Log review status from the workflow.

    I explored the reports on the “Reports and Analytics” tab and couldn’t find any reports that showed the review status.

    This will allow for easy auditing to check for sessions that are approved vs pending sessions (logs)

    Thanks,

    Bugesh

    (0) 

Leave a Reply