Skip to main content

SAP® HR Security

Read Access Logging with our SAP® HR Security-tool SAST AT HCM DisplayTrack

SAP® systems are not only the target of external attacks, they are also "attractive" for unauthorized access by internal people. Even if SAP® users protect their valuable HCM data through a sophisticated SAP® role and authorization concept, there are still gaps that internal people can use to gain access.

With a suitable "emergency user concept" , the access, editing, and downloading of data by employees can already be documented in an audit-proof manner, but to date, this has not been possible for the display of data (read access).

This situation is very problematic from a data protection and personnel legislation point of view, because read access to sensitive HR-data cannot be recognized or documented by the SAP®-system. From the point of view of the HR department,

the data protection officer and audit department, a remedy for this must be found. What helps at this point is reliable technical support and supplement to the „SAP® standard system“ that monitors and fully logs the „reading“ of sensitive data.

The logging of read access to SAP® HR-data

With our SAP® HR Securtiy-tool, the SAST AT HCM DisplayTrack, an add-on module for SAST AdminTrack , akquinet is the first SAP®-certified consultancy partner to offer a reliable solution that logs read access to SAP® HR-data of your HCM-system and provides detailed proof of this. In particular, read access to HCM master data in personnel administration is logged.

Gap-free documentation of read access

With the help of our SAP® HR Security-tool, you get meaningful logs that fully document access by privileged users (e.g. SAP® administrators) to sensitive HR-data in your SAP® HCM system.

Scope of logging

Our SAP® HR Security-tool enables logging of the following types of access to SAP® HCM data:

  • read access to infotypes using transactions PA10/20/30/40
  • documentation of changes to HR infotypes
  • documentation of the use of HR reports and queries that use logical database PNP and PNPCE (incl. output of selection parameters)
  • attempted read access to HR tables in the PA* area (infotypes)

Currently, only access to SAP® HCM master data with type A (employees) is evaluated. An extension to data type B (applications).

Your advantages

  • you protect your HR data against misuse
  • you have information about all data access, including read access, in a form that can be used in court
  • you have transparency about the behavior of privileged users
  • secure protection of valuable data in your SAP® HCM system
  • fulfillment of data protection legislation, personnel legislation and internal company requirements
  • tried-and-tested, SAP®-integrated solution
  • quick to install and easy to adapt to your requirements, if necessary
  • security is simply a good feeling

Many companies rely on the SAST security solutions - please ask for further information and our references!

More information:

Use our SAP® HR Security-tool SAST AT HCM DisplayTrack to protect your sensitive HR-data of your SAP® HCM-system over the long term!

Our Flyer "SAST AT HCM Display Track" gives you a short overview about functions advantages and usability!


Get more information about our SAP® Security Tool .

SAP® GRC Consulting

Get more information about our SAP® GRC consulting services .


You would like to have more information about the SAST GRC Suite or one of the modules? Please get in contact with our colleagues or use the contact form .