MARC – PAM module: Controlled emergency access and understandable log-reports
Everyone wants reliable information. We cater for this by tight access security to an information system: restrict access to critical functionality and avoid access violating Segregation of Duties rules. And next we ensure that, after acceptance of the information system by the user organization, no configuration changes can be made directly in the productive system.
But ... in practice this is difficult. Because not everything has been tested, which means that every now and then configuration changes must be done directly in production.
We used to do that by granting SAP ALL access to our technical and functional support folks. But we don't want that anymore. Then what we do now?
MARC has come up with the perfect solution for this. Support staff will not have SAP_ALL but instead they are given elevated access via the PAM module from MARC. PAM stands for Privilege Access Management. And what is so special about that PAM module from MARC? After all, there is already other software available to provision temporary, privileged access. But the pain of that software is that you get reports that resemble the unreadable, technical log files of SAP ... No-no.
That is why you need MARC PAM module. PAM provides readable reports about actual activities performed using PAM accounts. Reports that highlight the activities that are critical and that provide details of fields altered. That’s what you need!