SUIM’s Emergency Handler

In everyday use, your users should only be equipped with the appropriate authorizations for their areas. This applies to ordinary users but also to administrators, developers and on-call personel. In special cases increased rights are necessary. In these cases, SUIM’s Emergency Handler allows a temporary allocation of increased rights. All actions performed by the user during this time are recorded for auditing purposes and internal control.

Highlights

Initial situation & requirements

In emergency and similar support situations, the responsible employee needs access to the relevant IT systems. A user is required with the appropriate permissions and password.
For various reasons, the employee’s user may not always be assigned the necessary authorizations. In this case, the employee must be provided with sufficient authorizations temporarily.

Solution principles implemented in the Emergency Handler

These requirements can be covered in terms of allocation method and allocation process by two solution principles.

Allocation methods:
  • Temporary extension of the authorizations of your own user or of a “foreign” user
  • Utilization of a “foreign powerful” user who already has the necessary authorizations
Allocation processes:
  • Self Service (without interaction with another user)
  • Workflow (with interaction of an approval instance)

Both principles have advantages and disadvantages in a specific context. SUIM’s Emergency Handler includes functions that cover both solution principles.

SUIM’s EH Features

Augmented rights for those who need them

Aa simple administration of increased rights and their allocation to responsible persons in order to be able to execute the necessary measures on your SAP system in emergency situations

Augmented rights when you need them

A quick allocation of emergency rights when an issue arises

Recording of all activities

A complete recording of all activities that are carried out by the user during an emergency.

Reporting and analysis

Detailed reporting and analysis of activities for monitoring and auditing purposes

Risk management & audit security implemented in SUIM’s Emergency Handler

In an emergency situation, large potential risks can arise from the additional authorisations deliberately assigned. This must be counteracted by ensuring that all activities are being recorded and thus,  can be analysed. If risks occurred, these must be identified and reviewed.
The Emergency Handler collects and analyzes all activities of the Emergency User (Activities Detector) in the period from the opening to the end of the emergency. This includes in particular:

  • The called business transactions
  • The generated table changes
  • The change documents generated
  • Changes made to user and authorization master records

SUIM’s Emergency Handler guarantees auditable security by logging all activities with and in the Emergency Handler (opening, termination, customizing, etc.), as well as all results of the Activities Detector and making them available to subsequent checks.
Optionally, the Compliance Enforcer can be used to perform a check of actual data during an emergency against the defined business risks.

Integration into the AIM software suite

Within the AIM software suite, the Emergency Handler is an independent module. Some of its functions are also used by modules from our other tools (e.g. Access Manger, Access Manager for Support Organizations, Identity Manager and Application Tracer).
The recorded emergency data can optionally be scanned by the Compliance Enforcer for occured risks during an emergency.