Intelligent Emergency Acess Management
Control exceptions with Emergency Access Management for SAP from SIVIS
There are many scenarios that make the use of an emergency user concept necessary. In these scenarios, the emergency user takes over tasks that lie outside of the actual field of activity. Common and well-known scenarios are sick leave and vacation replacements for colleagues.
SIVIS stands for SAP security. However, comprehensive security can only be achieved if it is also guaranteed in emergency and exceptional situations.
The SIVIS Emergency Manager
smart
It allows the withdrawal of the visa, for example, when critical transactions are performed.
simple
You log in with your visa and can simply continue working without any further action.
safe
All operations are completely logged and cannot be changed.
SIVIS Emergency Manager
All advantages of the SIVIS Emergency Manager at a glance
- Fast and uncomplicated allocation of emergency authorizations
- Flexible time/temporary limitation of the additional rights granted
- Keep control, e.g. in case of misuse the additional authorizations can be withdrawn immediately
- Each user retains his or her original authorizations
- Authorizations, which exceed the daily field of activity, are only temporarily assigned
- Continuous logging of all activities of the emergency user
SAP emergency user concept
Deployment scenarios of an emergency user concept
The deployment of an emergency user concept cannot always be planned. A short-term sickness can cause downtimes in the company. The allocation of the required authorizations is then subject to a high degree of urgency. In the worst case, accounts are shared or SAP_ALL profiles are assigned. In exceptional and emergency situations, SAP users should be assigned extended SAP authorizations quickly and for a limited period of time, for example in the event of a short-term replacement. The activities made possible by these extended authorizations should be subject to strict controls.
SAP emergency user concept by SIVIS
How does the SIVIS Emergency Manager work?
Requesting emergency access authorizations
Users who can obtain access with extended authorizations to the SAP system in an emergency or special case can simply request these as “visas” via the SAP system. In the request, the user can select the systems for which he wants to request extended authorizations. According to the principle of the two-man rule, the request is approved by an authorized person (e.g. the supervisor). This grants the requester a visa. The validity of the visa can be defined flexibly – from a few hours to a permanent visa.
Using the temporary emergency rights in the SAP system
With the granted visa, the emergency user can log on to the SAP system. The visa allows the user access with defined extended rights for a limited period of time. After the visa expires, the user can no longer access the systems with the extended rights. All activities of the emergency user are comprehensively documented. If desired, a warning email can be sent if the user performs critical activities.
Document all activities of the emergency user
Clear log through an intelligent traffic light system
The activities of the SIVIS Emergency Manager user are documented and evaluated according to pre-defined rules. A set of rules is supplied with the SIVIS Emergency Manager. You can take these over, adapt or add them. All activities are categorized with a traffic light system. With this intelligent traffic light system, you can quickly determine which logs require closer examination. This clear view is time saving and prevents critical activities from being missed.
Avoid misuse by the emergency user
Avoid misuse of the SAP system by the emergency user
The SIVIS Emergency Manager supports you in preventing abuse of the extended authorizations. If the emergency user carries out a critical activity, designated persons are informed promptly via email. If the activities are abusive, the visa can be directly withdrawn from the user.
All extended authorizations are blocked immediately.
Additionally, interested users can be informed by email when a user starts and ends a login with extended rights. Upon termination, the activity log can be included in the email.
Frequently asked questions about the SIVIS Emergency Manager
Can the SIVIS Emergency Manager be used independently of other SIVIS modules?
Yes, the SIVIS Emergency Manager can be used independently.
What is special about the SIVIS Emergency Manager?
It shares the technological basis with the SIVIS Alert Manager and thus is able to detect and report unwanted activities even in an emergency.
Does the SIVIS Emergency Manager function in all SAP systems (ABAP, ECC, Fiori, S4/HANA)?
Yes, the SIVIS Emergency Manager can be used in all systems.
Further SIVIS managers for the administration of SAP users
SIVIS
Identity Manager
The SIVIS Identity Manager automates and simplifies the recording, control and administration of users and the associated access rights and approval processes. With the SIVIS Identity Manager you administer and document all SAP system accounts and authorizations of your users centrally.
SIVIS
Mitigation Manager
With the SIVIS Mitigation Manager, unavoidable audit conflicts can be mitigated. The smart tool automatically creates compensatory controls based on previously defined rules if audit conflicts arise in the SIVIS Compliance Manager.
SIVIS
Compliance Manager
The SIVIS Compliance Manager supports you in closing compliance gaps in your SAP system and mitigating compliance risks. It analyzes the SAP authorization concept for weaknesses, risks and violations of laws and law-like regulations.
SIVIS Compliance
Reference Manager
The SIVIS Compliance Reference Manager is an extension for the SIVIS Compliance Manager. The SIVIS Compliance Reference Manager extends the SIVIS Compliance Manager by over 500 ready-made audit queries. These templates can be quickly and easily integrated into your SAP system landscape.