Data Privacy and Protection for SAP
Data Privacy and Protection for SAP is SAP Analytics Cloud application designed for all SAP customers for monitoring and reporting on access to sensitive data. Solution provides easy to use visualizations, dashboards and detailed reports for data access. Solution can easily guide you to the information who had accessed a given sensitive information /e.g. payroll/.
Solution is utilizing Read Access Logs from SAP ERP 6.0 and SAP S/4HANA which are enriched by additional data, translated to user language and transferred to SAP Analytics Cloud for reporting. Solution includes automatic log aggregation and translation feature, so log tables in primary systems are periodically cleaned. The architecture is prepared to include log information from all SAP solutions and thus solution can serve as one-stop shop for all information with regard to sensitive data access. Based on customer decision log data can be only stored on-site and visualized through SAP Analytics Cloud (real time access, no transfer of data to cloud) or fully transferred to SAP Cloud Platform.
Data access monitoring process
Data access logs are uploaded from primary system, each transaction is marked with a data sensitivity level, logs are also enriched by information such as user full name, user department etc. All information about the access to sensitive data are afterwards visualized utilizing SAP Analytics Cloud frontend.
From the top overview dashboard, user can access also deeper analysis, where data access can be analyzed from the perspective of:
While for each particular usage of data, user can easily find out the full detailed information by simple double-click of filter (e.g by user full name)
Scope of services in delivery
The scope of Data Privacy and Protection for SAP is defined by SAP modules that are subject to Read Access Logging. During initial analysis, the existing standard and Z transactions is SAP ERP 6.0 or SAP S/4HANA are analysed. The transactions that are showing sensitive data to users are identified and catalogued into data severity levels.
In solution implementation as the first topic Read Access Logging functionality is enabled on SAP system for all transactions identified in the analysis phase. For log data extraction O-Data service is deployed (part of Data Privacy and Protection for SAP standard content). This service is also translating the log and acting as filter for data which should not be visible in final reports. As second prerequisite the standard data model is deployed in HANA / SAP Cloud Platform (standard data model is part of Data Privacy and Protection for SAP standard content). The third and final component of implementation is the deployment of standard reporting model in SAP Analytics Cloud for Data Privacy and Protection.
Testing phase is initiated with full key user training on the platform operation. Solution documentation is delivered together with the solution training. In testing Phase log data are evaluated based on testing transactions. Potential changes to RAL setup and O-Data service setup can be implemented.
In the Go-Live preparation the full log history from RAL activation is loaded into solution and solution handover to support at customer level is executed.