Performing Firefighter IDs Review

Using the Emergency Access Management functionality you can get temporary access to firefighter ID, to perform firefight activities such as fixing critical errors and correcting financial documents for closed periods. Emergency access permissions of firefighter IDs always include elevated privileges. To ensure that no one has excessive access to firefighter IDs, you must monitor access to these privileges. Here, a periodic review of access to firefighter IDs can facilitate the process of monitoring and checking if current access of firefighters to firefighter IDs is still relevant. SAP Access Control provides a functionality of Firefighter ID Review, where the Firefighter ID owner reviews firefighter ID assignments to firefighters and decides to keep or remove assignments. As an administrator, you schedule generating data for Firefighter ID Review in the Background Scheduler app. There, you define the name of the schedule, the schedule activity, and the recurring plan.

In the criteria, you define the analysis parameters for generating Firefighter ID review requests. For example, you want to check Firefighter ID assignments for a particular Firefighter ID in a particular target system. Once the schedule has run, depending on your workflow configuration, the SAP Access Control system creates requests for items to be reviewed by firefighter owners and controllers.

After generating data for Firefighter ID Review, firefighter ID owners receive a review request in the Work Inbox app. A firefighter ID owner can keep or remove a firefighter ID assignment by selecting the assignment and choosing Approve or Remove Firefighter ID (refer to the preceding screenshot.) As a firefighter ID owner, if you choose to remove a firefighter - firefighter ID assignment, the system deletes the Firefighter ID assignment from the firefighter, after you approve the request. You can also forward the request to another approver through the Other Actions option.

If necessary, on the system configuration phase you can configure an extra workflow stage where the firefighter ID controller will review assignments after firefighter ID owner.