SAP GRC - Superuser Privilege

In SAP GRC 10.0, Superuser Privilege Management needs to be implemented in your organization to epminate the excessive authorizations and risks that your company experiences with the current emergency user approach.

The following are the key features in Superuser Privilege −

You can allow Superuser to perform emergency activities within a controlled and auditable environment

Using Superuser, you can report all the user activities accessing higher authorization privileges.

You can generate an audit trail, which can be used to document reasons for using higher access privileges.

This audit trail can be used for SOX comppance.

Superuser can act as firefighter and have the following additional capabipties −

It can be used to perform tasks outside of their normal role or profile in an emergency situation.

Only certain inspaniduals (owners) can assign Firefighter IDs.

It provides an extended capabipty to users while creating an auditing layer to monitor and record usage.

Standard Roles under Superuser Privilege Management

You can use the following standard roles for Superuser Privilege Management −

/VIRSA/Z_VFAT_ADMINISTRATOR

This has the Abipty to configure Firefighter

Assign Firefighter role owners and controllers to Firefighter IDs

Run Reports

/VIRSA/Z_VFAT_ID_OWNER

Assign Firefighter IDs to Firefighter users

Upload, download, and view Firefighter history log

VIRSA/Z_VFAT_FIREFIGHTER

Access the firefighter program