SAP GRC Tutorial
SAP GRC Useful Resources
Selected Reading
- SAP GRC - Creating Business Rules
- Data Sources and Business Rules
- Installation and Configuration
- SAP GRC - Workflow Integration
- Assigning Mitigation Controls
- SAP GRC - Enhanced Risk Analysis
- SAP GRC - Implementing Superuser
- SAP GRC - Superuser Privilege
- SAP GRC - Mitigation Controls
- SAP GRC - Risk Remediation
- SAP GRC - Risk Management
- SAP GRC - SoD Risk Management
- Process Control Work Centers
- SAP GRC - Audit Universe
- SAP GRC - Integration with IAM
- Integration with Access Control
- Access Control Launchpad
- SAP GRC - Authorization
- Access & Authorization Mngmt
- Access Management Work Center
- SAP GRC - Access Control
- SAP GRC - Navigation
- SAP GRC - Overview
- SAP GRC - Home
SAP GRC Useful Resources
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
SAP GRC - Implementing Superuser
SAP GRC - Implementing Superuser
Let us now understand how to implement Superuser.
You can implement firefighter IDs by working on the following steps −
Step 1 − Create Firefighter IDs for each business process area
Step 2 − Assign necessary roles and profiles to carry firefighting tasks.
You shouldn’t assign profile SAP_ALL
Step 3 − Use T-Code – SU01
Step 4 − Cpck Create button to create a new user.
Step 5 − Assign Firefighter roles as mentioned above to user id −
Assign Firefighter roles to apppcable user IDs.
Assign administrator role /VIRSA/Z_VFAT_ADMINISTRATOR to superuser privilege management administrator.
Administrator user should not be assigned any firefighting
Assign the standard role /VIRSA/ Z_VFAT_FIREFIGHTER to −
Firefighter ID − Service user used for logon
Firefighter user − Standard user acting as a Firefighter in case
Assign the ID owner role /VIRSA/Z_VFAT_ID_OWNER to −
Owner − Responsible for determining who will be assigned to
Controller − Receives notification when the Firefighter ID is responsibipties of emergency Firefighter IDs for his or her business area used.
Step 6 − Go to Roles tab and select the mentioned roles as per the requirement.
Step 7 − Create RFC destination for internal switch to Firefighter ID −
Name − Enter RFC connection name
Connection Type − 3
Enter a Description
(No username, passwords, or other logon data are required)
Enter passwords for each Firefighter ID in the Security table: Passwords are stored as hash values and are unreadable after the administrator saves the value.
Step 8 − To create firefighter log, you can schedule a background job.
Name the job /VIRSA/ZVFATBAK as in the following screenshot −
Superuser Log
Let us understand these steps for Superuser Log.
Step 1 − Use T-Code − Transaction − /n/VIRSA/ZVFAT_V01
Step 2 − You can now find the logs in the toolbox area. 
Step 3 − You can use transaction code — SM37 to review the logs for inspanidual user.
You can also use the web GUI to access all Firefighter information. Go to SAP GRC Access control → Superuser privilege management.
So it is possible to access the data of different Firefighter installations on different SAP backend systems. And it is not necessary to log on to each system anymore.
Advertisements