SAP GRC - Superuser Privilege

In SAP GRC 10.0, Superuser Privilege Management needs to be implemented in your organization to eliminate the excessive authorizations and risks that your company experiences with the current emergency user approach.

The following are the key features in Superuser Privilege −

• You can allow Superuser to perform emergency activities within a controlled and auditable environment

• Using Superuser, you can report all the user activities accessing higher authorization privileges.

• You can generate an audit trail, which can be used to document reasons for using higher access privileges.

• This audit trail can be used for SOX compliance.

• Superuser can act as firefighter and have the following additional capabilities −

  • It can be used to perform tasks outside of their normal role or profile in an emergency situation.

  • Only certain individuals (owners) can assign Firefighter IDs.

  • It provides an extended capability to users while creating an auditing layer to monitor and record usage.

Standard Roles under Superuser Privilege Management

You can use the following standard roles for Superuser Privilege Management −

/VIRSA/Z_VFAT_ADMINISTRATOR

• This has the Ability to configure Firefighter
• Assign Firefighter role owners and controllers to Firefighter IDs
• Run Reports

/VIRSA/Z_VFAT_ID_OWNER

• Assign Firefighter IDs to Firefighter users
• Upload, download, and view Firefighter history log

VIRSA/Z_VFAT_FIREFIGHTER

• Access the firefighter program