What is Firefighter ID (FFID) in SAP?
FFID (Firefighter ID) refers to a special, temporary, high-privilege user account for emergency access.
Allowing authorized administrators to perform critical tasks (like fixing system crashes or urgent issues) that normal user roles can't, with all actions logged for strict audit and compliance. Managed through SAP Access Control (GRC), FFIDs provide temporary, elevated access, ensuring accountability by logging every transaction and change, preventing unauthorized use while enabling rapid resolution of urgent situations.
FFID TCODE : /GRCPI/GRIA_EAM
Firefighter Creation Steps (GRC Emergency Access Management – EAM)
1️⃣ Create Firefighter ID (FFID)
Go to NWBC → Access Management → Owners → Firefighter IDs
Create a technical user (type: Service/Dialogue based on policy) Mostly Service user type is preffered
Assign required roles (SAP / custom) to the FFID.
2️⃣ Assign Firefighter Owner
Owner is responsible for controlling, reviewing and ensuring FF usage.
Set validity dates & escalation paths.
3️⃣ Assign Controller
Controllers receive log reviews & approve the activities performed using FF.
Map controller in NWBC → Owners → Firefighter Controllers.
4️⃣ Map Firefighter ID to Owner & Controller
Link FFID ↔ Owner ↔ Controller
Define workflow options, notification settings.
5️⃣ Assign Firefighter ID to User
Give temporary access to the business/security user.
User gets FFID through NWBC → Access Management → Firefighter ID Assignment.
6️⃣ Logon via Firefighter Interface
User logs in using GRC plugin (GRAC_EAM) or SAP GUI – t-code: /n/GRCPI/ET.
All sessions are fully logged.
7️⃣ Controller Reviews Log
Controller gets auto-notification.
Reviews logs via NWBC → Access Manageme
nt → Log Review.
Approves/Rejects & provides comments as per their review.
This is the FFID Overview process.