SIVIS Emergency Manager
SAP emergency user concept - uncomplicated and audit-proof
Control exceptions with Emergency Access Management for SAP from SIVIS
There are many scenarios that make the use of an emergency user concept necessary. In these scenarios, the emergency user takes over tasks that lie outside of the actual field of activity. Common and well-known scenarios are sick leave and vacation replacements for colleagues.
SIVIS stands for SAP security. However, comprehensive security can only be achieved if it is also guaranteed in emergency and exceptional situations.
The SIVIS Emergency Manager
It allows the withdrawal of the visa, for example, when critical transactions are performed.
You log in with your visa and can simply continue working without any further action.
All operations are completely logged and cannot be changed.
All advantages of the SIVIS Emergency Manager at a glance
Fast and uncomplicated allocation of emergency authorizations
Flexible time/temporary limitation of the additional rights granted
The appearance and procedures with the SIVIS managers are the same on SAP ERP or S/4HANA
Keep control, e.g. in case of misuse the additional authorizations can be withdrawn immediately
Each user retains his or her original authorizations
Authorizations, which exceed the daily field of activity, are only temporarily assigned
Continuous logging of all activities of the emergency user
How does the SIVIS Emergency Manager work?
Requesting emergency access authorizations
Users who can obtain access with extended authorizations to the SAP system in an emergency or special case can simply request these as “visas” via the SAP system. In the request, the user can select the systems for which he wants to request extended authorizations. According to the principle of the two-man rule, the request is approved by an authorized person (e.g. the supervisor). This grants the requester a visa. The validity of the visa can be defined flexibly – from a few hours to a permanent visa.
Using the temporary emergency rights in the SAP system
With the granted visa, the emergency user can log on to the SAP system. The visa allows the user access with defined extended rights for a limited period of time. After the visa expires, the user can no longer access the systems with the extended rights. All activities of the emergency user are comprehensively documented. If desired, a warning email can be sent if the user performs critical activities.
Deployment scenarios of an emergency user concept
The deployment of an emergency user concept cannot always be planned. A short-term sickness can cause downtimes in the company. The allocation of the required authorizations is then subject to a high degree of urgency. In the worst case, accounts are shared or SAP_ALL profiles are assigned. In exceptional and emergency situations, SAP users should be assigned extended SAP authorizations quickly and for a limited period of time, for example in the event of a short-term replacement. The activities made possible by these extended authorizations should be subject to strict controls.
Clear log through an intelligent traffic light system
The activities of the SIVIS Emergency Manager user are documented and evaluated according to pre-defined rules. A set of rules is supplied with the SIVIS Emergency Manager. You can take these over, adapt or add them. All activities are categorized with a traffic light system. With this intelligent traffic light system, you can quickly determine which logs require closer examination. This clear view is time saving and prevents critical activities from being missed.
Avoid misuse of the SAP system by the emergency user
The SIVIS Emergency Manager supports you in preventing abuse of the extended authorizations. If the emergency user carries out a critical activity, designated persons are informed promptly via email. If the activities are abusive, the visa can be directly withdrawn from the user.
All extended authorizations are blocked immediately.
Additionally, interested users can be informed by email when a user starts and ends a login with extended rights. Upon termination, the activity log can be included in the email.