A high amount of time during a SAP GRC project will be spent on defining processes and responsibilities. My suggestion is to think in lifecycles for getting a better understanding of the processes and who is taking over the responsibilty.

In this post I would like to clarify the lifecycle of user assignments to firefighter IDs. I have grouped them into four steps Assign, Usage, Delete and Review. Please see for each step expected Tasks and who is involved. Please see also my blog post about Firefighter ID lifecycle if you are interested to get more information in this regard.

 

The RACI matrix shows who is Responsible, Accountable, Consulted and Informed for each step. Please be aware that this is very much depending on the point of view and can be different in your organization. My considerations are commonsense and pretty much of thinking in smooth processes throughout a global enterprise.

 

 

Assignment of User to Firefighter ID

 

Tasks

  • Request FF ID assignment
  • Define validity of assignment
  • Assign user to FF ID
  • Define FF controller and method of notification

 

Involved functions

  • Firefighter owner
  • SAP authorization team
  • SAP GRC responsible

RACI_FFID_User_Assign.png

 

 

Usage of Firefighter ID

 

Tasks

  • Usage of Firefighter
  • Check Firefighter logfiles

 

Involved functions

  • Firefighter ID user
  • Firefighter controller

RACI_FFID_User_Usage.png

 

 

Deletion of Firefighter ID assignment

 

Tasks

  • Delete Firefighter ID assignment

 

Involved functions

  • Firefighter owner
  • SAP GRC responsible

RACI_FFID_User_Delete.png

 

 

Review of Firefighter ID assignment

 

Tasks

  • Review if Firefighter ID assigment is still correct
  • Define actions if necessary

 

Involved functions

  • Firefighter owner
  • Firefighter controller
  • SAP authorization team
  • SAP GRC responsible

RACI_FFID_User_Review.png

 

Please contribute and share your opinion as comment to improve the quality of this document.

 

Thanks and regards,

Alessandro

To report this post you need to login first.

1 Comment

You must be Logged on to comment or reply to a post.

Leave a Reply