Access Control users who have been assigned special privileges can be assigned as an owner. Users who can be assigned special privileges include the following:
Type |
Description |
---|---|
Firefighter ID Owner |
Firefighter ID owners are responsible for maintaining firefighter IDs and their assignments to firefighters. Firefighter ID owners use the default role: SAP_GRAC_SUPER_USER_MGMT_OWNER. |
Firefighter Role Owner |
Firefighter role owners are responsible for maintaining firefighter roles and their assignments to firefighters. Firefighter role owners use the default role: SAP_GRAC_SUPER_USER_MGMT_OWNER. |
Risk Owner |
Risk owners are assigned to risks and are commonly responsible for approving changes to risk definitions and violations of the risk. |
Role Owner (ERM) |
Role owners are responsible for approving either content or user-role assignment or both. |
Mitigation Monitor |
Mitigation monitors are assigned to controls to monitor activity and may receive control monitor alerts. |
Mitigation Approver |
Mitigation approvers are assigned to controls and are responsible for approving changes to the control definition and assignments. |
Firefighter ID Controller |
Firefighter ID controllers are responsible for reviewing the log report generated during firefighter ID usage. Firefighter ID controllers use the default role: SAP_GRAC_SUPER_USER_MGMT_CNTLR. |
Firefighter Role Controller |
Firefighter role controllers are responsible for reviewing the log report generated during firefighter role usage. Firefighter role controllers use the default role: SAP_GRAC_SUPER_USER_MGMT_CNTLR. |
Point of Contact |
Point of contact is an approver for a specific functional area. Functional area is an attribute used to categorize users and roles. |
Security Lead |
Security lead is a group or individual that can provide secondary approval for access requests and reviews. |
There are three group types:
Owner
Owner group
Lightweight Directory Access Protocol (LDAP) group