The JAMToolkit Emergency Access feature provides confidence that SAP systems remains secure during the use of temporary and privileged access to support critical changes.

Temporary access to sensitive and potentially dangerous transactions is required in every SAP system from time to time. It’s therefore vital to ensure a robust process is available and used to help protect the integrity of the system and provide auditable evidence to support it’s use.

The Emergency Access Management (EMAC) feature of the JAMToolkit provides a process on which clients can issue privileged access to specific users in a controlled and timely manner.

EMAC Requestors and EMAC Approvers control the unlocking and locking of pre-configured non-personal SAP logons within the system whilst SAP Security Logs capture all of the necessary activity during their use.

An EMAC Request history is stored within the JAMToolkit repository capturing key information which can be used to audit and control its use.

  • EMAC Requestor
  • EMAC Approver
  • Recipient (User) of EMAC ID
  • Date/Time Stamps
  • EMAC User Type
  • EMAC ID
  • Justifications and References
Square Hand Key

The nature of privileged access is that it has the potential to be harmful to your system and transactional data, therefore containing various degrees of risk. The JAMToolkit helps to mitigate that risk by providing specific privileged access to targeted individuals with full transparency on a temporary basis. EMAC Requestors submit a request stating the type of EMAC user required; the date and time of it’s intended use and with clear justifications. Whilst the EMAC Approver reviews and upon approval releases the ID to the associated EMAC recipient.

Square Hand Person

The EMAC feature is often used and reserved for various technical support groups and can be restricted to access relating to their areas of responsibility and expertise. Therefore the JAMToolkit allows for multiple EMAC IDs to be configured with varying types of privileged access to reflect those support groups requirements. These ID’s can then be categorised to align with the relevant support groups. For example, a SAP Basis EMAC ID would be categorised so that upon requesting privileged access to perform Basis activities the correct and next available EMAC ID will be released for use.

Square Book

The EMAC Report provides a comprehensive list of EMAC requests capturing the original request details; EMAC Approver name with time-stamps and the EMAC ID issued to the request. JAMTEC advise that the SAP Security Audit Logs are configured to record the relevant activity of the EMAC ID’s to add an additional level of auditable data.

Key Features

  • EMAC provides an automated process for releasing privileged access temporarily to support users.
  • EMAC IDs can be configured and associated to specific support groups ensuring access reflects their responsibilities.
  • The JAMToolkit will automatically manage the EMAC IDs with locking, unlocking, password resets as per the EMAC request.
  • EMAC Requestors and Approvers segregate responsibilities providing a controlled and secure process.
  • EMAC reporting provides an audit trail of requests capturing key information.
  • SAP delivered Security Audit Logs provide an additional level of auditable data post execution.