GR3 - Emergency Access Management Process Diagram

Purpose, Benefits, and Key Process Steps This scenario describes the Emergency Access Management process in SAP Access Control. The Emergency Access Management enables users to perform duties not includes in the roles or profiles assigned to their user ids, it also can be use in a special period to do some important business. Benefits Provides a solution for systematic handling of emergency situations. Managing the risk for the special access necessary to resolve the issue. Key Process Steps Request for Firefighter ID Request approved by Firefighter Owner Use Firefighter ID Logon Start Firefighter Session in SAP ERP Review and approve the Firefighter log Review Consolidated Log Report

Required SAP Applications and Company Roles SAP Access Control 10.1 Company Roles End User Firefighter Role Owner Firefighter Controller Internal Auditor

Detailed Process Description (1/2) GR3 – Emergency Access Management Section 1: Centralized EAM Request for Firefighter ID Request approved by Firefighter Owner Use Firefighter ID Logon in SAP AC Start Firefighter Session in SAP ERP Review and approve the Firefighter log Review Consolidated Log Report

Detailed Process Description (2/2) GR3 – Emergency Access Management Section 2: Decentralized EAM Request for Firefighter ID Request approved by Firefighter Owner Use Firefighter ID Logon in SAP ERP Start Firefighter Session in SAP ERP Review and approve the Firefighter log Review Consolidated Log Report

GR3 Emergency Access Management – Centralized EAM (1/2) Access Control GR3 Emergency Access Management – Centralized EAM (1/2) SAP ERP End User Internal Auditor End User Firefighter Role Owner Firefighter Controller Request for Firefighter ID A Email 1 Email 2 Request approved by Firefighter Owner B Email 3 Use Firefighter ID Logon (SAP AC) C Start Firefighter Session (SAP ERP) D Review and approve the Firefighter log E Review Consolidated Log Report F

GR3 Emergency Access Management – Decentralized EAM (2/2) Access Control GR3 Emergency Access Management – Decentralized EAM (2/2) SAP ERP End User Internal Auditor End User Firefighter Role Owner Firefighter Controller Request for Firefighter ID A Email 1 Email 2 Request approved by Firefighter Owner B Use Firefighter ID Logon (SAP ERP) G Start Firefighter Session (SAP ERP) D Email 3 Review and approve the Firefighter log E Review Consolidated Log Report F

GR3 – Emergency Access Management Icon Legend Icon Name Request for Firefighter ID SAP GRC AC NWBC: Access Management  Access Request Creation  Access Request Request approved by Firefighter Owner SAP GRC AC NWBC: My Home Work Inbox  Work Inbox Use Firefighter ID Logon (SAP AC) Transaction Code: GRAC_SPM Start Firefighter Session (SAP ERP) Transaction Code: MMPV Review and approve the Firefighter log Review Consolidated Log Report SAP GRC AC NWBC: Reports and Analytics  Emergency Access User Management Reports  Consolidated Log Report Use Firefighter ID Logon (SAP ERP) Transaction Code: /N/GRCPI/GRIA_EAM After the End User creates a new request for Firefighter ID, send Email to Firefighter ID Owner to inform that a new request needs to be approved. After the Firefighter ID Owner approves/rejects the request, send Email to End User to inform that the request has been approved/rejected. After the firefighter session starts, send Logon Notification to Firefighter Controller. After do the Firefighter log synch, send Email to Firefighter Controller to inform that a new firefighter log needs to be approved. A B C D E F G Email 1 Email 2 Email 3

Appendix

Process Diagram Legend Lane Process Step Interface User Role <name>* ≈ Manual Process Step A Optional Manual Process Step A Process Step Outside Scope Item Scope A A User Interface (UI) 1 Interface (like A2A/ B2B Message) Process Step (manual or automatic) 1 A Optional Process Step (manual or automatic) 1 A 1 Batch Script Automatic Process Step 1 Optional Automatic Process Step 1 Process Step Outside Software Optional Process Step Outside Software Connection Documents Events Gateways Sequence flow 1 Inline / Standalone Incoming Link Data flow Output Document XOR 1 Outgoing Link Link OR 1 Timer Event Page Link A Accounting Document Link to SAP Best Practice Processes or scope items AND (<BBID>) Link to SAP Best Practice Process 1 Message Complex * <name>: SAP System (PPMS name), or non-SAP System, or lane for steps outside software

Process Diagram Legend Lane Process Step Interface Manual Process Step A Optional Manual Process Step A <name>* User Role ≈ Process Step Outside Scope Item Scope A A User Interface (UI) 1 Interface (like A2A/ B2B Message) Process Step (manual or automatic) 1 A Optional Process Step (manual or automatic) 1 A 1 Batch Script Process Step Outside Software Automatic Process Step 1 Optional Automatic Process Step 1 Optional Process Step Outside Software Connection Documents Events Gateways Sequence flow 1 Inline / Standalone Incoming Link Data flow Output Document XOR 1 Outgoing Link Link OR 1 Timer Event Page Link A Accounting Document Link to SAP Best Practice Processes or scope items AND (<BBID>) Link to SAP Best Practice Process 1 Message Complex * <name>: SAP System (PPMS name), or non-SAP System, or lane for steps outside software

Thank you