Managing privileged access is crucial for safeguarding sensitive information in the current digital environment. SAP Cloud Identity Access Governance (IAG) has one of the services as Privileged Access Management (PAM) which helps organisation to monitor and manage the critical access logged during the emergency period, across the various SAP environments. This article delves into the activation and usage of SAP IAG’s PAM, highlighting its importance and the steps to effectively deploy it in your organization.
The Importance of Privileged Access Management
PAM ensures that authorised personnel access the right data at right time along with the logs captured during the critical activities are performed. This helps auditor to analyse the activities performed by the personnel thus preventing data breaches and ensuring compliance. PAM controls and monitors access to an organization’s critical systems, thus preventing data breaches and ensuring compliance.
To make it easier to understand, we’ve compiled a list of frequently asked questions (FAQs) about Privileged Access Management (PAM) and provided answers.
Q) How to Create a new PAM ID?
- Choose Privileged Access Management tab Click Maintain Privileged Access tile
- Enter a name of the privileged access ID, Description, Long description.
- Select Business role
- Choose criticality (Low, Medium, High, Critical)
- Select Approver/Reviewer (Mark as approver & reviewer or both)
- Assign the Activity
- Select Approver/Reviewer (Mark as approver & reviewer or both)
- Click Save & Activate
This will create the Privileged Access ID and is available for the users.
Here are the few things that needs to be followed to create the PAM ID in the backend system:
- A user exit must be implemented on the target systems to prevent users from logging on with PAM IDs directly to a backend system
- Create users as needed in the backend systems. Synchronize the users with a GRC Repository Sync (transaction GRAC_REP_OBJ_SYNC).
- Assign owners to PAM IDs in SAP Access Control.
- Assign controllers to PAM IDs in SAP Access Control.
- Create reason codes for ID-based scenario in SAP Access Control.
Q2) How to assign PAM IDs to users?
To assign PAM ID to users, follow the steps mentioned below:
- Choose Create Access – Request for Others
- Enter PAM ID and Search (or select it from the list.)
- Select the Reason for Request, Priority, Manager, and Validity period for the PAM ID as shown in the below screen.
- Click Submit Request.
Q3) How users can use the PAM ID?
Once the PAM ID is assigned, users can utilize it to perform critical activities. To login to the PAM ID, login to the backend SAP system and execute transaction code SIAG_PAM_LAUNCH_PAD.
User can view all the PAM IDs assigned to his/her ID along with the status of each of the ID as shown in below screen shot:
Click Logon button, Select the Reason code and mention the justification information as outlined in the below figure:
Click Login (check button) to get access to the elevated authorizations. Perform the required activities as per the requirement.
Q4) How to monitor the PAM ID usage?
Usage logs are generated whenever user utilizes the PAM ID and will be assigned to the Controller. Logs can be reviewed by following the steps below:
Once above steps are performed than Owner/Reviewer can check the logs in the below mentioned screen
Additionally, all the activities can be manually reviewed by following the steps mentioned below:
Click on the Arrow key of the each line of the above screenshot and you will be able to see the details logs performed by the End user.
NOTE: It is always recommended to utilize the Review process.
Q5) How to check the detail Audit Trails?
A comprehensive audit trail is created and can be viewed by following the steps mentioned below:
Under the Administration Tab click on the tile “Privileged Access Monitoring”, You will able to see the report below.
Additionally, the Activity Reviews helps to identify the criticality of the usage. It also contains complete details such as Logs, Attachments, Request Reason Note, and Comments in various tab.
Conclusion– Using Privileged Access Management (PAM) in SAP IAG helps businesses improve their security. Effective PAM is key to protecting sensitive data and staying compliant with regulations. It reduces the risk of unauthorized access and provides clear oversight of important system activities. Adopting these practices ensures a secure and compliant IT environment.
