The JAMToolkit Emergency Access feature provides confidence that SAP systems remains secure during the use of temporary and privileged access to support critical changes.
Temporary access to sensitive and potentially dangerous transactions is required in every SAP system from time to time. It’s therefore vital to ensure a robust process is available and used to help protect the integrity of the system and provide auditable evidence to support it’s use.
The Emergency Access Management (EMAC) feature of the JAMToolkit provides a process on which clients can issue privileged access to specific users in a controlled and timely manner.
EMAC Requestors and EMAC Approvers control the unlocking and locking of pre-configured non-personal SAP logons within the system whilst SAP Security Logs capture all of the necessary activity during their use.
An EMAC Request history is stored within the JAMToolkit repository capturing key information which can be used to audit and control its use.
- EMAC Requestor
- EMAC Approver
- Recipient (User) of EMAC ID
- Date/Time Stamps
- EMAC User Type
- EMAC ID
- Justifications and References
The nature of privileged access is that it has the potential to be harmful to your system and transactional data, therefore containing various degrees of risk. The JAMToolkit helps to mitigate that risk by providing specific privileged access to targeted individuals with full transparency on a temporary basis. EMAC Requestors submit a request stating the type of EMAC user required; the date and time of it’s intended use and with clear justifications. Whilst the EMAC Approver reviews and upon approval releases the ID to the associated EMAC recipient.
The EMAC feature is often used and reserved for various technical support groups and can be restricted to access relating to their areas of responsibility and expertise. Therefore the JAMToolkit allows for multiple EMAC IDs to be configured with varying types of privileged access to reflect those support groups requirements. These ID’s can then be categorised to align with the relevant support groups. For example, a SAP Basis EMAC ID would be categorised so that upon requesting privileged access to perform Basis activities the correct and next available EMAC ID will be released for use.
The EMAC Report provides a comprehensive list of EMAC requests capturing the original request details; EMAC Approver name with time-stamps and the EMAC ID issued to the request. JAMTEC advise that the SAP Security Audit Logs are configured to record the relevant activity of the EMAC ID’s to add an additional level of auditable data.