- SAP GRC Tutorial
- SAP GRC - Home
- SAP GRC - Overview
- SAP GRC - Navigation
- SAP GRC - Access Control
- Access Management Work Center
- Access & Authorization Mngmt
- SAP GRC - Authorization
- Access Control Launchpad
- Integration with Access Control
- SAP GRC - Integration with IAM
- SAP GRC - Audit Universe
- Process Control Work Centers
- SAP GRC - SoD Risk Management
- SAP GRC - Risk Management
- SAP GRC - Risk Remediation
- SAP GRC - Mitigation Controls
- SAP GRC - Superuser Privilege
- SAP GRC - Implementing Superuser
- SAP GRC - Enhanced Risk Analysis
- Assigning Mitigation Controls
- SAP GRC - Workflow Integration
- Installation and Configuration
- Data Sources and Business Rules
- SAP GRC - Creating Business Rules
- SAP GRC Useful Resources
- SAP GRC - Questions & Answers
- SAP GRC - Quick Guide
- SAP GRC - Useful Resources
- SAP GRC - Discussion
SAP GRC - Superuser Privilege
In SAP GRC 10.0, Superuser Privilege Management needs to be implemented in your organization to eliminate the excessive authorizations and risks that your company experiences with the current emergency user approach.
The following are the key features in Superuser Privilege −
You can allow Superuser to perform emergency activities within a controlled and auditable environment
Using Superuser, you can report all the user activities accessing higher authorization privileges.
You can generate an audit trail, which can be used to document reasons for using higher access privileges.
This audit trail can be used for SOX compliance.
Superuser can act as firefighter and have the following additional capabilities −
It can be used to perform tasks outside of their normal role or profile in an emergency situation.
Only certain individuals (owners) can assign Firefighter IDs.
It provides an extended capability to users while creating an auditing layer to monitor and record usage.
Standard Roles under Superuser Privilege Management
You can use the following standard roles for Superuser Privilege Management −
/VIRSA/Z_VFAT_ADMINISTRATOR
- This has the Ability to configure Firefighter
- Assign Firefighter role owners and controllers to Firefighter IDs
- Run Reports
/VIRSA/Z_VFAT_ID_OWNER
- Assign Firefighter IDs to Firefighter users
- Upload, download, and view Firefighter history log
VIRSA/Z_VFAT_FIREFIGHTER
- Access the firefighter program