Discuss business intelligence, integration, compliance and a host of other SAP-related topics – implementation, best practices and resources to negotiate the world of SAP better!

« Self-service password reset using email in SAP | Main

Fire Fighter Log Review Approval in SAP GRC via Email

Emergency Access Management (EAM) enables end users within an organization to carry out emergency activities outside the scope of their standard authorizations, but within controlled and fully auditable environment. Fire-fighter (FF) controller is responsible for monitoring and assessing the pertinence of activity performed by a user using an individual Firefighter ID. The Controller is responsible for reviewing the log report after Fire-fighter session has ended. The controller can review the activities performed by the user and in case of any queries can clarify with the respective user and get relevant documents/details attached to the log review request. This helps in an automated way to review all the activities performed using EAM process. Based on the MSMP configuration maintained in the GRC system, FF controller may be required to approve the FF log in case Fire Fighter Log Review Workflow has been activated in the system.

Standard option available in the SAP GRC system mandates the FF controller to login to NetWeaver Business Client (NWBC) and then take appropriate action (Approve/Reject) which is sometimes very tedious. This also implies FF controllers need proper training about the standard approval process via NWBC. This becomes very difficult for a large organization which is spread across different geographies. Preparation of training material for the same will also demand significant amount of time.

This blog discusses enhancement needed in the SAP GRC system that will send FF log details as an excel attachment to the FF controller so that firefighter session details can be viewed via email only along with option to either approve/reject the FF log WF. This will save significant time and effort for the controller to login to NWBC client to analyze the FF log report and then take appropriate action. Setting up offline approval process for Fire-fighter log review workflow can be done by enabling inbound processing in SAP GRC system.

Sample approval email after implementing enhancement in SAP GRC:



  • This enhancement enables FF controller(s) to action the request directly from email, without the need to login to GRC tool, hence simplifying the overall FF log review process.
  • FF log session details in the email attachment can be viewed and action (Approve/Reject) on the FF log review WF can be taken directly from email.This solution works seamlessly with mobile devices as well.
  • Saves significant time and effort spent on FF log approvals.
  • Reduces the training requirements for FF controllers.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.

Subscribe to this blog's feed

Follow us on

Blogger Profiles

Infosys on Twitter