Question:
When submitting OSS notes, OSS often asks for a user with SAP_ALL. In the age of SOX, our auditors are demanding more restrictions on SAP_ALL accounts if even allowed. We have considered using the Virsa Firefight product to allow OSS to do their thing in a monitored environment. I'm interested if anyone has any experience with having OSS use the Firefight tool when logging on to their system via the OSS connection "tunnel". Please share.
Answer:
I can't respond from a technical point of view, but I can't see why using the Firefighter should be an issue. It just creates a new session with the FF ID.
As for the procedure, it would make a lot of sense to do it this way. It's a SAP tool, so they should be familiar with the way it works
Then they can have SAP_ALL that way (if required) and everything is logged.