Show TOC

Background documentationSuperuser Management Locate this document in the navigation structure


Superuser Management allows personnel to take responsibility for tasks outside of their normal job function. You can assign a temporary privilege that grants the user exception-based, yet regulated, access. The act of using this privilege is called firefighting.

A firefighting event might occur, for example, when a user needs access to certain systems during the absence of the primary accounting person in order to produce checks. Another common use of Superuser Management is during open and close of financial periods so that you have notification of when it is occurring and why.

The firefighter role provides the ability to perform tasks in emergency situations.

You can assign firefighters for all system access in GRC. You can assign firefighter access by ID or role depending on your company’s policy.


You can use Superuser Management to do the following:

  • Monitor the use of firefighter access (log on)

  • Track actions performed while privileged access is being used

  • Provide detailed reports of access performed

  • Enable a workflow for log report review

  • Handle assignment and administration for firefighter access across all systems from GRC

Superuser Management users include administrators, owners, controllers, and firefighters.

Superuser Management Roles

Role Type



Administrators have complete access to Superuser Management capability. They assign firefighter IDs to owners and to firefighters. Administrators run reports, maintain the data tables, and make sure that the Reason Code table is current.


Owners can assign firefighter IDs to firefighters and define controllers. Owners can view the firefighter IDs assigned to them by the administrator. They cannot assign firefighter IDs to themselves.


Controllers monitor firefighter ID usage by reviewing the log report or log report workflow and receiving e-mail notification of firefighter ID logon events. Administrators enable e-mail notification through the Controllers table, which is done in Firefighter Assignment and the GRC Configuration.


Firefighters can access all firefighter IDs assigned to them and can perform any tasks for which they have authorization. Firefighters use the firefighter ID logons to run transactions during emergency situations.