Data Protection and Privacy has been in news since the GDPR came into effect. There are certain Product Standards which SAP has mapped with Data Protection and Privacy requirements. RAL i.e. Read Access Logging is one of them. This document talks about the implementation procedure for Security Standard – 254.
As per GDPR regulations, all SAP software’s should be capable of logging read access of sensitive personal data.
Let’s take an example to understand Read Access Logging. Every bank employs customer care executives to deal with customers queries. The answer of the query might require to access sensitive personal data as well by the bank employee. Bank employees are supposed to access the sensitive data of any customer only if they authorize them to access. To prevent the misuse of such data from outside world, Bank management would like to see mainly two things –
- Who accessed the Sensitive Personal data of customers and
- What all Sensitive Personal data accessed by an employee
The Read Access Logging framework can thus be used to fulfill legal or other regulations, to detect fraud or data theft, for auditing purposes, or for any other internal purpose.
Let’s discuss to understand the RAL framework and its implementation in detail.
When monitoring the Read Access Log, you can view data not only from the same client, but also from other clients, even from other systems. Instead of needing to log on to SRALMANAGER in each client to view the logs, you can view them using one system.
You use the read access log for evaluation purposes. In it, all log entries as well as all errors that occurred in Read Access Logging are displayed. There are four data sources from which you can display log entries:
• Raw Database – Only contains the Read Access Logging data of the current client.
• Expanded Database (default) – Can contain the Read Access Logging data of the current client as well as other clients.
• Raw Archive – Archive of the Raw database.
• Raw Archive with Index – Indexed archive of the Raw database