SAST AdminTrack

Emergency Access Management for your SAP-systems

Manage emergency users and privileged hits with our SAST AdminTrack
Would you like to enable your administrators and users to work without extended authorization or SAP_ALL for normal operations? Use the functions of SAST AdminTracks to fully monitor privileged users – such as emergency users – and their access to your SAP® system.
This way, when administrators and users are in a support situation, they only have to click to activate an emergency ID, which they can use after describing their planned course of action.
During the support session, all activity of the emergency user is gathered in a detailed, revision-proof report and placed at the disposal of an auditor, who will be informed online or by mail.
SAST also provides you with an automatic function that registers all activity of a given user ID, such as in SAP®, Earlywatch, or DDIC, and keeps a log of all reports and transactions used. Full adherence to the audit stipulations is thus ensured.


SAP® HR Security

add-on SAST AdminTrack

Read Access Logging with our SAP® HR Security-tool SAST AT HCM DisplayTrack
SAP® systems are not only the target of external attacks, they are also “attractive” for unauthorized access by internal people. Even if SAP® users protect their valuable HCM data through a sophisticated SAP® role and authorization concept, there are still gaps that internal people can use to gain access.

With a suitable “emergency user concept” , the access, editing, and downloading of data by employees can already be documented in an audit-proof manner, but to date, this has not been possible for the display of data (read access).
This situation is very problematic from a data protection and personnel legislation point of view, because read access to sensitive HR-data cannot be recognized or documented by the SAP®-system. From the point of view of the HR department, the data protection officer and audit department, a remedy for this must be found. What helps at this point is reliable technical support and supplement to the „SAP® standard system“ that monitors and fully logs the „reading“ of sensitive data.

The logging of read access to SAP® HR-data
With our SAP® HR Securtiy-tool, the SAST AT HCM DisplayTrack, an add-on module for SAST AdminTrack , akquinet is the first SAP®-certified consultancy partner to offer a reliable solution that logs read access to SAP® HR-data of your HCM-system and provides detailed proof of this. In particular, read access to HCM master data in personnel administration is logged.

Gap-free documentation of read access
With the help of our SAP® HR Security-tool, you get meaningful logs that fully document access by privileged users (e.g. SAP® administrators) to sensitive HR-data in your SAP® HCM system.

Scope of logging
Our SAP® HR Security-tool enables logging of the following types of access to SAP® HCM data:
• Read access to infotypes using transactions PA10/20/30/40.
• Documentation of changes to HR infotypes.
• Documentation of the use of HR reports and queries that use logical database PNP and PNPCE (incl. output of selection parameters).
• Attempted read access to HR tables in the PA* area (infotypes).
Currently, only access to SAP® HCM master data with type A (employees) is evaluated. An extension to data type B (applications).

Your advantages
• You protect your HR data against misuse.
• You have information about all data access, including read access, in a form that can be used in court.
• You have transparency about the behavior of privileged users.
• Secure protection of valuable data in your SAP® HCM system.
• Fulfillment of data protection legislation, personnel legislation and internal company requirements.
• Tried-and-tested, SAP®-integrated solution.
• Quick to install and easy to adapt to your requirements, if necessary.
• Security is simply a good feeling.

See more – download the SAST AdminTrack Flyer: