In ID-based administration, system administrators assign firefighter IDs for a designated number of days wherein the firefighter receives broad access to perform firefighting tasks. Once they start using the firefighter ID, firefighters can log on with firefighter IDs, or with their own IDs, and Superuser Privilege Management tracks each logon event and subsequent transaction usage.
System administrators can designate existing user IDs as firefighter IDs; however, once they specify a user ID as a firefighter ID, the user ID can no longer be used for other logon purposes.
System administrators use transaction SU01 to create new user IDs and to make sure that firefighter IDs have only the roles that are needed to perform the necessary firefighting.
Note
To prevent users from logging in using firefighter IDs, see SAP Note 992200.
For more information, see the Access Control Security Guide that is located at: http://service.sap.com/instguides