Automated "Privileged Access Management" for SAP and Non-SAP Systems
Automated "Privileged Access Management" for SAP and Non-SAP Systems
You’ve likely encountered these situations before: A sales organization’s SAP task needs to be changed urgently, a month-end or year-end closing must be completed, a transport order has to be executed, or a database restore is required. But the person usually responsible is on vacation, sick, or at a training session. These tasks are often time-sensitive, so a substitute must be quickly organized to handle them.
Security Risk from Temporary Privileged Permissions
The substitute typically does not have the necessary permissions to complete tasks like a closing process or an SAP transport order. As a quick fix, a temporary emergency role is created for the user – often with extended access rights or even full authorization (SAP_ALL). However, this process is rarely documented properly, and it’s common to forget to revoke the temporary permissions. This represents a significant security risk that, in extreme cases, could lead to the compromise of your IT systems (SAP/Non-SAP).
Compliant Management of Access Rights
Our itesys Firefighter puts an end to this once and for all. With this solution, the processes for granting and revoking temporary privileged permissions are standardized, transparent, automated, and compliant. Users can request critical authorizations directly in Firefighter without involving supervisors or IT helpdesk. Permissions are automatically revoked at the end of their validity period. Additionally, Firefighter logs all activities of privileged users across the entire IT landscape (SAP/Non-SAP) and ensures compliance with audit requirements – a clear added value.
itesys Firefighter – Unified Privileged Access Management
One major advantage of our solution: It enables the granting and management of temporary privileged permissions for SAP systems, such as Debugging permissions (S_DEVELOP) or SAP_ALL, and also for non-SAP systems. Examples include:
- Access rights to database tables
- Permissions for Active Directory objects
- Admin rights for database backup and restoration
- Root permissions for operating systems (Windows, Linux)
In short, with Firefighter, you can establish end-to-end, efficient, and compliant Privileged Access Management across your entire IT landscape (SAP/Non-SAP).
What’s Next?
In the next blog post, learn how itesys Firefighter enhances security in managing emergency roles with extended access rights while minimizing misuse potential.