ZETA – SAP Emergency Transaction Access

Meeting the requirements of the Auditors, the SAP Support team and the SAP Security team can be a challenge.

Auditors require SAP users to have minimal access to the production environment, but there are times when users require a higher level of access. Providing this extra level of access manually each time puts a burden on the SAP Security team. It also means that the Security team must remember to remove the access afterwards. Risk Compliance tools exist but are expensive and take time to implement. They are also often limited in how well they can track activity back to named users (as opposed to generic users).

ZETA is a unique SAP add-on product that enables SAP users to obtain a higher level of access temporarily. During this time, the user’s activities are closely monitored and at the end of the grace period, the access is taken away and an audit report sent to pre-assigned people.

ZETA Stakeholder Requirements

In order to address this gap, a tool called ZETA  (Emergency Transaction Access) has been developed.

Key features:

  • Supports users’ requests for increased system access (limited to what the Security team has configured) for a specific duration in order to perform the tasks they need.
  • Access is granted automatically, and removed at the end of the period requested (the user is then auto logged out).
  • A windows popup warning is provided to the user before their access is revoked
  • All activity by the user is monitored and recorded during the period, and sent as a log on expiry of the increased access period (including any table changes made, transactions called, etc)
  • All activity (including changes) are performed under the user id of the person in question, making identification easy for auditing purposes

The tool is highly configurable:

  • ZETA can be made available only at certain times – for example, during normal working hours the tool can be unavailable, forcing requests to be made via the Security / Access team
  • ZETA can be linked to a work calendar to identify non-working days, and limit access to these
  • ZETA enables granting only predetermined access to a user
  • ZETA enables sending notification emails to specific users only

ZETA Benefits