profiletailor™ dynamics training

ProfileTailor™ Dynamics Training

HCM Auditor Session

Agenda • Get to know ProfileTailor™ HCM Auditor

• Learn about HCM’s processes and capabilities:

– Usage monitoring

– Authorization inspection

– Ongoing auditing

• Learn about SAP Spool’s processes and capabilities:

– Usage monitoring

– Ongoing auditing

AGENDA

Introducing ProfileTailor™ HCM Auditor Xpandion’s HCM Auditor features:

• Unprecedented visibility of actual real-time authorization usage to SAP®

• Functional and simple management of SAP authorizations for HCM

• Accelerated response to sensitive activity enabling quick and efficient leakage prevention

GET TO KNOW PROFILETAILOR™ HCM AUDITOR

Introducing ProfileTailor™ HCM Auditor The system uniquely monitors:

• User access to employee data in SAP® HCM module – Example: viewing employee’s family status

• User access to employee HCM data in SAP Spool – Example: viewing salary slips


Challenge & Demand Organizations face the challenge of:

• Identifying relevant information – what was viewed, who is authorized, who performed, etc.

• Understanding HCM’s SAP authorizations

• Customized alert and alarm system


Unique Solution A monitoring tool with unmatched ABAP capabilities, HCM Auditor delivers: • Usage recorded at infotype level for quick and efficient pinpoint of

required information

• Advanced filtering capabilities for simple tracking of HCM SAP authorizations

• Customized events for accessing own HCM information and defining its severity


HCM Processes & Capabilities

HCM Usage Monitoring Use HCM Auditor to:

• Monitor users who performed HCM activities on employees

• Monitor employees who were accessed by users

• Generate consolidated view of HCM activities

USAGE MONITORING – HCM

HCM Entities • User – SAP user defined in SAP and exported to PTD

• Employee – actual person defined in HCM SAP

• Infotype – HCM-related information about employee

• Subtype – subgroup of infotype

• Action – actions performed on SAP employee’s data (display, modify, update, delete)


HCM Activity on Employees Monitor HCM actions performed:

• Over specific period of time

• On specific SAP employee/all SAP employees

• For specific action performed on employee/all actions performed on employee


Monitor users who performed HCM activities on employees

• User > Activity Center > HR Activity Monitoring


HCM Activity on Employees

HCM Data Accessed by Users Monitor users who: • Are allowed to access only specific infotype of employee, or all

infotypes

• Are allowed to access only specific subtype of selected infotype, or all subtypes

• Belong to specific/any User Group Type

• Belong to specific/any User Group

• Do not belong to specific User Group


Monitor employees who were accessed by users

• Other Objects > HR Module > Employee to Users (Real Use)


HCM Data Accessed by Users

HCM Activities – Consolidated View View consolidated matrix of HCM activities

• For each user, the employees whose HCM data was accessed

• For each employee, the users who accessed employee’s data


HCM Activities – Consolidated View Generate consolidated matrix of HCM activities

• Other Objects > HR Module > Employees to Users (Real Use)


Authorization Inspection Use HCM Auditor to:

• Inspect users allowed to access employee

• View consolidated matrix of HCM authorizations

AUTHORIZATION INSPECTION – HCM

HCM Data Access – Authorized Users Generate report of users allowed to access:

• Only specific infotype of employee, or all infotypes

• Only specific subtype of selected Infotype, or all subtypes


HCM Data Access – Authorized Users Generate report of users allowed to access HCM data

• Other Objects > HR Module > Employee to Users (Static)


HCM Authorizations – Consolidated View View consolidated matrix of HCM authorizations:

• For each user, the employees whose data a user is authorized to access

• For each employee, the users who are authorized to access the employee’s data


HCM Authorizations – Consolidated View Generate a matrix of Employees to Users

• Other Objects > HR Module > Employees to Users (Static)


Ongoing Auditing Use HCM Auditor to:

• Monitor high risk HCM activity

• Monitor own access information

• Configure custom events

ONGOING AUDITING – HCM

High Risk HCM Activity • Configure defined combinations of criteria as high risk

HCM audit situations

• For example:

– All actions performed on certain infotypes (pay slip)

– Specific action performed on infotype (salary)

– Action performed by User from specific User Group (programmer viewing pay slip)


High Risk HCM Activity Configure HCM audit situation as high risk

• Configuration > High Risk Objects Configuration > High Risk HR Audit Situations Configuration


High Risk HCM – Event HCM infotype is accessed/modified; the following event occurs:


High Risk HCM Activity – Report Generate report of actions performed on high risk combinations

• Other Objects > HR Module > High Risk HR Activity


Own Access Information Define severity of infotype for own access information

• Configuration > HR Configuration > Infotype Configuration


Own Access Information – Event Own sensitive HR data is accessed; the following event occurs:


Custom Events

• Define business rules, creating custom events

• For Example:

– Situation regarding combination of activities, functions, authorization data and users

– When certain user performs activity on specific data

– PTD records all events on defined objects


Custom Events Define an event

• Configuration > Events and Alerts Configuration > Custom Events.


SAP Spool Processes & Capabilities

SAP Spool Usage Monitoring • SAP users with access to SAP Spool data can access

sensitive information residing in SAP Spool – Example – unauthorized programmer waits for 1st day of month

and uses transaction SP01 to view pay slips of other employees

• Use HCM Auditor to monitor: – Users who performed actions on SAP Spool

– Actions performed on SAP Spool items

USAGE MONITORING – SAP SPOOL

SAP Spool Entities • User – SAP user defined in SAP and exported to PTD

• Spool Item – activity output in SAP Spool

• Action – actions users perform on SAP Spool (display list, print, reprint, delete)


SAP Spool Actions – by Users Monitor SAP Spool actions performed by users:

• Over specific period of time

• On specific SAP employee/all SAP employees

• For specific action performed on employee/all actions performed on employee


Generate report of SAP Spool actions performed by users

• User > Activity Center > SAP Spool Activity Monitoring


SAP Spool Actions – by Users

Actions on SAP Spool Items View records of actions performed:

• On specific SAP Spool item/items containing specific string

• By users of specific User Group Type/User Group

• By users of no specific User Group

• On SAP Spool items user did not create


Actions on SAP Spool Items Generate report of actions performed on SAP Spool

items

• Other Objects > SAP Spool > Search for Spool Activity


Ongoing Audit Use HCM Auditor to monitor high risk SAP Spool activity

• Define combination of criteria as high risk SAP Spool activity

• For example: – Monitor actions performed on combinations defined as high risk

– User performs high risk combination not included in usage profile

ONGOING AUDITING – SAP SPOOL

High Risk SAP Spool Activity Generate a report of actions performed on high risk

combinations

• Other Objects > SAP Spool > High Risk SAP Spool Activity


High Risk SAP Spool Activity SAP Spool item is accessed; the following event occurs:


Questions?

Key Takeaways √ Obtain relevant & precise information easily √ Optimize use of HCM SAP authorizations √ Enhance ongoing auditing performance

KEY TAKEAWAYS

Thank You!

profiletailor™ dynamics training

Documents