Skip to Content
Author's profile photo Alessandro Banzer

Emergency Access Management Reporting

In this article, I will provide an overview of the Emergency Access Management reports and which information can be seen. GRC provides six reports specifically for EAM, e.g. the consolidate log report shows firefighting activities which have been executed while using firefighter. The consolidate log report is far the best and used for management review from the firefighter controller (if workflow is in place). The consolidated log report has all the captured information from the backend system in a consolidated view. Following a short overview of the captured information and where it comes from.


Transaction Log

Captures transaction executions from transaction STAD. System, Firefighter, Firefighter ID, Reason Code, Transaction, Date and Owner are read.


System Log

Captures debug and replace information from transaction SM21.


Change Log

Captures change log from change document objects which are stored in table CDPOS and CDHDR.


Security Audit Log

Captures security audit log from transaction SM20.


OS Command Log

Captures changes to OS commands from transaction SM49. For further investigation or to get more information about the activities performed in the backend system these transactions might be helpful.


Other reports are:

Invalid Superuser Report – shows expired, locked and deleted firefighter IDs.

Firefighter Log Summary – shows firefighter ID session details (only available for ID-Based firefighter, see also my blog post about Types of Firefighter).

Reason Code and Activity Report – shows reason and activity details.

SOD Conflict Report for Firefighter IDs – shows SoD conflicts (risk analysis) for firefighting sessions.


Please contribute in this blog post and share your experience and know-how about firefighter reporting.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Hi Alessandro, Great article !! I have implemented the MSMP workflow for Log review. Do you know if there is a report that lists the FF Log review status from the workflow.

      I explored the reports on the "Reports and Analytics" tab and couldn't find any reports that showed the review status.

      This will allow for easy auditing to check for sessions that are approved vs pending sessions (logs)



      Author's profile photo Alessandro Banzer
      Alessandro Banzer
      Blog Post Author

      Dear Bugesh,

      thanks for your feedback. Please use the "Search Request" application and change the process to the FF Log Review.



      Author's profile photo Former Member
      Former Member

      Thanks Alessandro !! 🙂