Firefighter ID Lifecycle

A high amount of time during a SAP GRC project will be spent on defining processes and responsibilities. My suggestion is to think in lifecycles for getting a better understanding of the processes and who is taking over the responsibilty.

In this post I would like to clarify the lifecycle of Firefighter IDs. I have grouped them into four steps Create, Change, Delete and Review. Please see for each step expected Tasks and who is involved.

I have additionally added the RACI matrix to see who is Responsible, Accountable, Consulted and Informed for each step. Please be aware that this is very much depending on the point of view and can be different in your organization. My considerations are commonsense and pretty much of thinking in smooth processes throughout a global enterprise.

Image may be NSFW.
Clik here to view.

Creation of Firefighter ID

Tasks

• Define the necessary access rights of the FFID
• Define the responsibilities (Ownership, Controller)
• Create Firefighter ID

Involved functions

• Firefighter owner
• SAP authorization team
• SAP GRC responsible
• Business role owner

Image may be NSFW.
Clik here to view.

Changing of Firefighter ID

Tasks

• Define the necessary changes in access rights
• Define changes in resonsibilities (Ownership, Controller)
• Define changes of Firefighter ID (e.g. validity)

Involved functions

• Firefighter owner
• SAP authorization team
• SAP GRC responsible
• Business role owner

Image may be NSFW.
Clik here to view.

Deletion of Firefighter ID

Tasks

• Delete the Firefighter ID
• Document the decision of the deletion
• Archive belonging firefighter logfiles

Involved functions

• Firefighter owner
• SAP authorization team
• SAP GRC responsible

Image may be NSFW.
Clik here to view.

Reviewing of Firefighter ID

Tasks

• Review validity
• Review firefighter ownership and controller
• Check proper access rights

Involved functions

• Firefighter owner
• SAP authorization team
• SAP GRC responsible
• Business role owner

Image may be NSFW.
Clik here to view.

If you want to have further information or contribute in this blog post do not hesitate to contact me or reply to this post directly.