Monitoring the Emergency Access Session

Objectives

After completing this lesson, you will be able to:

  • View Emergency Access Management reports, approve a firefighter log review request

Review of Emergency Access Session Logs

Log Types

SAP Access Control receives logs about firefighting activities from a target system through synchronization GRAC_SPM_LOG_SYNC_UPDATE. The following table shows the log types that SAP Access Control can take from the target system. SAP Access Control can only take logs that are captured in the target system. Therefore, the target system must be configured accordingly.

Log Types

LogDescription
Transaction LogCaptures transaction execution from transaction STAD.
Change LogCaptures change log from change document Objects, tables CDPOS and CDHDR.
System LogCaptures Debug & Replace information from transactions SM21.
Security Audit LogCaptures Security Audit Log from transactions SM20.
OS Command LogCaptures changes to OS commands from transactions SM49.
To open the consolidation Log Report app, select the tile.
In the Consolidated Log Report, to update logs, choose Update Firefighter Log.

SAP Access Control administrators and firefighter controllers can view logs of firefighting activities in the Consolidated Log Report. The report includes functionality to update logs by choosing Update Firefighter Log.

The system synchronizes to update logs from firefight sessions. The report gives the following general information about firefight sessions:

  • Firefighter ID
  • Target system
  • Firefighter date/time of the session
  • Reason code
  • Firefighter owner
  • Terminal

Also, the following information about performed actions, and other relevant information for a particular log type, is available in the Consolidated Log Report:

  • Table name
  • Field name
  • Field text
  • Change type
  • Old value
  • New value

In the following example, you can see that a house number and phone number for the vendor were changed during the firefight session.

In this Consolidated Log Report, you can see that a vendor's house number and phone number were updated. The old value and new value are highlighted.
To approve a request, choose Submit and Close.

SAP Access Control provides a functionality to review logs of a firefight session through a request. Approving the firefighter log's review request ensures that the particular session is monitored. A firefighter controller reviews actions performed in the firefight session. In the Work Inbox app, the firefighter controller receives a request with firefight session logs and all details about the session. The controller checks logs in the request and then approves the request by choosing Submit and Close.

If necessary, the controller can request additional information from the firefighter by choosing Other actionAdditional Information. The firefighter receives the request in the Work Inbox app where the firefighter adds comments and returns the request to the controller.

Also, the controller can forward the request to another approver by choosing Other actionForward.

Emergency Access Management Additional Reporting

To open the Firefighter Log Summary Report app, select the tile.
In the Firefighter Log Summary Report, to view logs of a session, choose the Session Details link.

SAP Access Control has the following extra reports on Emergency Access Management processes:

  • Invalid Superuser Report

    The Invalid Super User Report gives the details of the firefighter, controller, owner, firefighter ID users who are expired, locked, or deleted. For a role-based firefighter, this report gives the details of whether the role has been generated or not.

  • Firefighter Log Summary

    This report provides details of the firefight sessions where a firefighter logged into a target system using a firefighter ID for the ID-based firefighting. The Consolidated Log Report gives you all logs from all sessions, with a link for each session so that you can view logs of a particular session. However, the Firefighter Log Summary Report gives you a list of sessions with general information and a link to view logs of a particular session. The report is shown on the screenshot above.

  • Reason Code and Activity Report

    This report provides the details of reason code and firefighting activities that a firefighter specified before the start of a firefight session.

  • SOD Conflict Report for Firefighter ID

    This report provides information about access risk violations that occur when the firefighter logs into the remote system using the firefighter ID and performs firefighting activities.

Perform Emergency Access Activities

Business Scenario

To solve critical issues in emergency situations, companies sometimes have to grant users broad authorizations outside of their regular job functions. In this unit, you've learned how to handle such critical issues by defining, managing, granting, and monitoring emergency access by using the Emergency Access functionality of SAP Access Control. Reinforce your knowledge by completing the following exercise. Learn how to create and approve emergency access requests, perform emergency access sessions, and review logs of an emergency access session.

Exercise Options

To start the exercise, choose Start Exercise in the figure below.

A pop-up opens. Now, you have the following options:

  • Choose Start: the simulation starts. Follow the simulation to learn how to create a process project.
  • Choose Open PDF Document: a pdf opens. Based on the steps described in this document, you can perform the exercise in your own system landscape.

Log in to track your progress & complete quizzes