Table Logging in Fire Fighter (Super User Privilege Management)

Does anyone know exactly which sources does the Firefighter Log Report take into account?
I would think that Change Documents (CDHDR CDPOS) and Workload Stats for TX (STAT) exexcution are part of it. Does anyone know whether table logging entries (DBTABLOG) are also displayed in the report?
Thanks alot.
Best regards,
Alex

Amongst other things, you can check the status of the table logging in SE13.
Regardless of the application reporting, you can check the log via SCU3.
Cheers,
Julius

Similar Messages

  • Alsa needs super user privileges to work [solved?]

    Today I noticed audio does not work anymore.
    I tried a simple test from the command line and those are the results:
    $ speaker-test -t wav -l 1
    speaker-test 1.0.27.1
    Playback device is default
    Stream parameters are 48000Hz, S16_LE, 1 channels
    WAV file(s)
    ALSA lib pcm_dmix.c:989:(snd_pcm_dmix_open) unable to create IPC semaphore
    Playback open error: -13,Permission denied
    $ sudo speaker-test -t wav -l 1
    speaker-test 1.0.27.1
    Playback device is default
    Stream parameters are 48000Hz, S16_LE, 1 channels
    WAV file(s)
    Rate set to 48000Hz (requested 48000Hz)
    Buffer size range from 2048 to 16384
    Period size range from 1024 to 1024
    Using max buffer size 16384
    Periods = 4
    was set period_size = 1024
    was set buffer_size = 16384
    0 - Front Left
    Time per period = 1.142177
    $
    A permission error when executed as normal user.
    Checking my pacman log it seems it break after installing scummvm and fluidsynnth... but I cannot imagine it is related.
    Any idea how to  pinpoint the problem?
    Last edited by ezzetabi (2013-05-28 14:36:42)

    Nevermind, the problem disappeared mysteriously as it appeared after updating the system...

  • Fire fighter

    Guys,
    From my understanding the use of fire fighter is for emergency access in PRD. For that we can just create separate ID in sap system with almost sap_all authorization (not sap_all) and access PRD whenever there is a need.But why we need sap VIRSA fire fighter or SAP GRC super user privilege management?.

    Virsa Firefighter allows for tracking of who connects where, and what they do while connected. If you assign a generic SAP "super user", you loose these important tracking and auditing features... unless, of course, you create your own tracking system (for instance by activating a user exit upon login, demanding the person who logs in using the "super user" to identify him/herself and store some vital info such as time, date, ip address of the terminal used to connect and so on). Also, you'd need to turn security audit logging on.
    Firefighter gives you all of these security mechanisms in one package, one which tastes good to your auditors, too...
    Trond

  • Fire FIghter Log Issue

    Hi Gurus,
    I have an issue with Fire fighter Log Job...I have Scheduled the Job...ZFATBAK with a period One hour....
    When i tried to look at the Log in Fire Fighter tool...It has the below message...
    BACKGROUND JOB WAS NOT SCHEDULED/LOG & FILE NOT YET GENERATED.
    Please help ...

    Hi,
    Guess I try to help you here. Can you please check the following;
    1.FATBAK job ? ( Via SM37)
    2. Go to the configuration table in the FF (Logon to FF and one of the tabs--)
    Please let meknw the what you see.
    Thanks

  • SUPER user logging and Monitoring

    Since SAP does not recommend using GRC Access Control to log actions performed using SUPER users such as SAP, DDIC, or other powerful id's, what tools are available?  When SAP, DDIC, or other powerful super users are used in your SAP environment.  Are these activities being logged?  Is anyone monitoring these activities?  Do you even use SUPER id's in your environment or assign access directly to your BASIS team?  Have you used GRC SPM or Virsa Firefighter to manage these users?  Are you using monitoring tools such as Cyber-Ark to log and monitor your BASIS team?  How do you ensure your management or audit team that all activities perfomed by SAP*, DDIC or other powerful SUPER users is logged and available for review?

    > Since SAP does not recommend using GRC Access Control to log actions performed using SUPER users such as SAP*, DDIC, or other powerful id's, what tools are available?
    Can you reference the source where SAP says that standard super users should not be logged?
    SAP also says that standard users such as DDIC and SAP* are known targets of attack vectors(DoS attacks, password brute forcing, DB vulnerabilities...) so once having locked them down (see the other responses) it would make sense to monitor them for any events.
    Cheers,
    Julius

  • Fire Fighter Roles

    Hi Gurus,
    I am in the process of designing Fire Fighter ROles for the Production process...
    Can any one please help me with the number of roles and Transactions that we use for the design process...
    How many Fire Fighter roles that we need and What are the Transactions.....?
    Thanks in advance
    Guru

    Hi Guru,
    The roles that need to be created for Firefighter ids are based on requirement from the Business process owners of the respective business modules ( example, SD, MM, PP, FICO ).
    Firefighter tool is designed to help you handle exceptional access requests appropriately.
    This tool is used to deal with emergency access requests. For example, when a Production support person needs to investigate an Urgent issue in Production system but does not have enough access. Then you need to assign the Firefighter id and the appropriate Firefighter role(s) to complete the emergency transactions.
    Virsa Firefighter for SAP enables super-users to perform emergency activities outside the parameters of their normal role, but to do so within a controlled, fully auditable environment. The application assigns a temporary ID that grants the super-user broad yet regulated access, and tracks and logs every activity the super-user performs using that temporary ID.
    So you need to consult your BPOs, Internal Audit team, Controllers and come up with the emergency transactions, authorizaton objects, programs, reports, tables and design the roles with appropriate naming conventions.Assign the Firefighter roles to the Firefight IDs in emergency in Production system.

  • Fire Fighter Table Log

    Hi Gurus,
    I have to give the fire fighter log for the audit....When i look into the fire fighter log table
    Till the first step of firefighting Loggin in as Fire fighter is recordd on the Fire fighter id...But later all the activities has been Encrpted
    ylTCyMUOWnb     
    ylTCyMUOWnb     
    ylTCyMUOWnb     
    ylTCyMUOWnb     
    ylTCyMUOWnb     
    Firefighter                   THis is the first Step as fire fighter later the  field has been encrypted....
    Please let me know ...

    Hi Raghav,
       You can not download FF logs directly from the table as they are encrypeted. There are couple of ways to download FF logs.
    1) You can download FF logs in text format from FF. Go to
    FF -> Administration -> Archive -> Delete/Download Log.
    2) If you have implemented web functionality of FF (SPM), you can download any of the logs directly from web tool.
    Regards,
    Alpesh

  • Fire Fighter Logs details in /n/virsa/vfat

    Hi,
    When i see the Fire Fighter logs through the Tcode /n/virsa/vfat, i am just able to know what tcode was used by a particular user and at what time and date.
    Now if he has used SE38, i do not get the information of what report or program did he run in SE38. Similarly for SE16n I will not have the information of what table was used and modified.
    So is it possible to know the complete details of the activity that user has done throught the FIreFighter.
    Please help.
    Regards
    Anubhav

    In the case of SE16 you can see the generated selection-screen program for that table being submitted both in STAD if you are fast enough (i.e. before the aggregation takes place) and in the security audit log (SM20N - which is actually the correct tool to rely on). They will show reports from SA38 etc as well.
    However SE16N does not generate and submit report type programs so you cannot know which table was accessed. The only little "skidmark" it will leave behind is the memory id entries of the tabname selection parameter and SQL performance traces, but GRC does not access this data and it is unreasonable to assume that the history of these memory ids has been activated on the server side.
    If worst comes worse you will be able to find out the table though - latest with a thumb-screw or bamboo under the finder nails... 
    Cheers,
    Julius

  • Change History in Fire Fighter Log Report.

    Hi Experts,
    Changes made by fire fighters were not recorded in the fire fighter log reports.I have gone thru a thread in the forum,there was mentioned that the issue had been reported to the SAP.Please let me know, if there is any update on the issue from SAP.
    Thanks,
    Mukesh

    FF Logs can be recorded when the changes done with FF id. Without FF id no Support / IT user should be allowed.
    If you want to change the configuration it has to be done via FireFigher only. Otherwise you get the log from SM20, if its been configured.

  • Fire fighter security table download

    Dear Experts,
    After downloading the Fire fighter Security table(/n/virsa/vfat -> Utilities -> Download) this can be opened in excel and see all the passwords. This is a potential risk in Security and authorization. Kindly suggest me is there any note or corrections to get the data downloaded as encrypted itself ?
    Or any other suggestions welcome please.
    Thanks and Regards,
    Shiju

    Hello Shiju,
    Just wanted to ask you what role (s) does the user have, who is downloading and changing the passwords. Are they standard SAP provided or are they custom?
    Role "/VIRSA/VFAT_ROLE_ADMINISTRATOR" has access to "Export" the list and role "/VIRSA/Z_VFAT_ADMINISTRATOR" has access to "change" the password.
    Also, in case you do not want the export function to be available to any user, you may chosse not to use these SAP default roles for Firefighter but create your own roles and assign them to the users, where you can define the table maintenence for "/VIRSA/ZVIRFFPWD" table, not to be available to anyone to restrict this.
    Regards,
    Hersh.

  • Client copy error: Table logging in program RSCLXCOP disabled by user

    Hi,
    While doing client export from a system, I am getting the below error in test run:
    Table logging in program RSCLXCOP disabled by user
    Kindly advice.
    Thanks & regards,
    Kunal Patel.

    Hi
    Note 446485 - CC-ADMIN: Special copying options
    It would help you out, but do check double time.

  • Fire Fighter is missed in the FF log sent to controllers

    Dear Experts,
    We are at SP10, and using role based Fire Fighter.
    We defined a FF role (e.g. FFrole001) and assigned this role to fire fighters.
    We are facing the following problem:
    If two fire fighters do the FF job at the same time, only one of fire fighters activity log will be sent to controllers for review.
    (Please note that the activity log of both fire fighters has been captured, we can find it in the /n/virsa/vfat.)
    Here is the detailed steps:
    1. The FF roles were assigned to two Fire Fighter at the same time
    2. Both of the Fire Fighters had performed some activities in system.
    3. FF activity log report captured the activities performed by the two Fire Fighters.
    4. But in the attachment in the email which was sent to FF controller, only one Fie Fighter was shown.
    Much appriciate if any one can help on this.
    Thanks!

    Hi Tang,
    Did you check the configuration settings for both the FF IDs.
    Also, as a trail and error, to isolate the issue, can you check using only the 2nd FF ID for which the log was not sent. Ensure that the 1st FF ID is not used. This way you can identify whether the issue is with the FF ID or the configuration.
    Regards,
    Raghu

  • Run User analysis excluding fire fighter roles

    Compliance Calibrator
    I am trying to run user risk analysis from CC. We have fire fighter already implemented and user mostly have fire fighter roles.
    Every time I run risk analysis, I get conflicts even though some of the transactions are only in fire fighters.
    Let me know if there is way to exclude fire fighter roles from user analysis.
    Or any other method that may work.
    Thanks

    Dear Bindu,
    You can exclude these roles from getting into analysis everytime by Defining these roles as critical in the Rule Architect--> Critical Roles TAB and then setting up the option "Ignore Critical Roles & Profiles " in Config-->Risk Analysis TAB to YES, which would ignore these roles to be taken up during Risk analysis.
    Regards,
    Hersh.

  • Fire Fighter Report

    Hello Experts,
    I think I need some help on the Fire Fighter Reports.
    My ultimate goal is to get the list of Reason and activity used by the users during the months of January2012 and December2011.
    I was trying to execute the report "Reason/Activity Report" in SPM Tool Box in the transaction /n/virsa/vfat by giving the date range 01.01.2012 to 31.01.2012, i get the list but the column Reason Code is empty.
    I tried to view the table /virsa/ffreact in SE16.
    If i give input for FFKEY as 201112(December 2011), the result is "no table entries found for the specified key". But in the FF log report i can see users logged in during that period. Its the same case for the input *201201(January 2012).
    But if i give the input as 201202(February 2012), i get the list.
    Can anyone tell me the reason behind this.
    Best Rgds,
    Jaravuy

    Hi Jaravuy,
    Did you try to update the log?
    /n/virsa/vfat
    -->log information (F5)
    -->update (shift+F1)
    --> Choose a period where you are sure there has been activity
    Once you do this, you can try again.
    Best regards,
                   Félix

  • Fire Fighter Mail Notification

    Hi Gurus,
    I have an issue with fire fighter....if i am not wrong...When i add a firefighter id to a user id ...it should send a mail...Fore Fighter controller and owner with a link to approve and then they approve the access...then it will send the user access to the user.The above process is not happening with the fire fighter we using..
    The fire fighter owner and controller are just getting the logs...Please let me know how to config the initial mail notification.
    Thanks in advance
    Guru

    Hello Guru,
    When a user probably a Security Administrator assigns Firefighter ID to a Firefighter User there is no such provision of automated e-mail notification in Access Controls 5.2 - Firefighter SP level 5 with Patch 1. Which is at the moment latest available on SAP service market place.
    But you can take it another way. If you have an Honour of using Access Enforcer then you can create a dedicated workflow for Firefighter ID assignment. Where you can define different stages and approvers for all scenarios. Also this way you can intimate the requestor and approver about the status.
    In role expert, you can automate the default Virsa Firefighter, Owner, Administrator and controller roles for users.
    Still there is no such automated functionality which can let you automatically add users to Virsa Firefighter configuration tables and send an e-mail.
    What you can do is, after the approval of the firefighterID assignment your security guy can manually add users to these considered tables and finish the AE workflow notifying all the approvers and requestor.
    I hope i touched the whole scenario.
    If you still have doubts, let me know.
    Thanks & Regards,
    Amol Bharti

Maybe you are looking for