Skip to Content
Technical Articles
Author's profile photo Paul Allen

Read Audits in SAP SuccessFactors

Read Audit Tool in SuccessFactors

(Employee Central)

SuccessFactors has a very powerful tool which can be useful for audits, data protection and also allows you to investigate in the event of permissions being incorrectly assigned, allowing someone access to data they shouldn’t have. However to be able to use it, you need to set it up based on your requirements

These steps show you how to enable to logging and I recommend having this setup sooner rather than later. You aren’t able to enable the feature and then view retrospective reads.


You will need to enable the permissions to be able to set up the Read Audit:

  • Admin Centre Permission / Edit Read and Change Audit Configuration
  • Admin Centre Permission / View Read and Change Audit Configuration
  • Admin Centre Permission / Generate Read Audit Reports

In addition, you will also need access to Manage Business Configuration

Once you have the required permissions, you need to enable the Tool.

Go to Manage Audit Configuration


This is also where you can enable the Change Audit Logging, my personal preference is to also enable this feature so that it is running, rather than realise later that I need it but it wasn’t enabled.

Enabling the Read Audit

Select the Read Audit option then tick both boxes to ‘on’, you will see an explanation of each feature at the side. After selecting them, click on Save







This will now trigger the process to start recording, note that this can sometimes take a while to enable.

If you have any API’s that you want to exclude from the logging;

On the same screen, select Read Audit User Exceptions and ‘Add User Exceptions’ as required. It is not recommended to add anyone other than API’s onto this list.


What to Audit?

I always make a point to my customers here, ‘what is a read’ well quite simply it means that the data in the field ‘loaded’ on the screen. It doesn’t actually prove that it was read. Take for example a field that you might have at the top of People Profile, as soon as you load the profile the field appears on the screen and the system will mark that it was read.

There is a better way to utilise this tool.

My recommendation is to use read audit in conjunction with masked fields.

For those who might not be familiar with masked fields, it is simply a field that shows as ****** until you click on the ‘Show’ button, like in the Disability Status below


Masked Fields

Just a couple of thoughts and notes on field masking.

  1. You can have fields masked without them being audited. Consider a traditional office space, a person is logged onto SuccessFactors and someone approaches their desk, potentially a number of confidential fields are on the screen. You can review all of the fields in your system and utilise masking to safeguard your data from accidental viewing.
  2. If you enable masking on fields, be aware that these fields will no longer appear in SuccessFactors table (ad-hoc) reporting. If you need to report on these fields you should re-build any reports as Canvas Reports.


How to add a field to Read Audit (and how to mask)

In the example below, I will show how to make Date of Birth Masked and Read Audited, you can simply repeat for each field required;

Navigate to Manage Business Configuration and to the portlet (HRIS Element) that contains the field;

Select Take Action/Make Correction then Details for the field required;


Find the field Masked and set it to Yes

Find the field Log Read Access and set it to True


Then Finish and Save

That’s it! From this point any one who clicks on the ‘Show’ button for the Date of Birth Field will be logged that they viewed it.


Submitting the Read Audits

Once set up, you can trigger a read audit by navigating to Read Audit Report, selecting Create Read Audit Report and filling in the Person Search

Selecting Read On Subject User lets you see who may have viewed fields of a specific user.

Selecting Read By User/Data Operator lets you see fields that were viewed by a  specific user.

Your audit request will now be sent to the server for processing. To view your reports click on Access Reports and download

You will now see in your report the details of who read the data, when it was read and which field(s) were read.


Other Considerations

  • At the time this document was created, read audit data is pushed to the database every 8 hours. After a user accesses sensitive personal data in an instance, if can take up to 8 hours for the audit log to appear in a read audit report.
  • With the above in mind, ensure to run audits ‘the day after’ the incident to ensure you capture all possible reads.
  • Audit Files are generally kept for 48 hours then deleted from the system.
  • When viewing the ‘Time’ of any audits, factor in that this may be different to your own time zone
  • When navigating to the Read Audit pages, if you see a screen stating ‘coming soon’ reach out to SAP for them to enable the feature.


Full guide and information regarding other Audit features can be found in the SAP Guide Implementing and Managing Data Protection and Privacy;


Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Aylwin Selvaraj
      Aylwin Selvaraj

      Great blog Paul and very well explained is simple language ! Kudos

      Author's profile photo Karina Madrigal
      Karina Madrigal

      Very good explanation! Thank you

      Author's profile photo Olga Bartczak
      Olga Bartczak

      Hi Paul, very nicely explained article, I really like it. However, I think it is worth mentioning the limitation on the SAP side - that only 10 custom fields are allowed to use. In this case hris-fields are also considered as custom because hris-elements are not configured as read audit fields. I hope that SAP will extend this functionality in the near future and will allow for auditing more than 10 fields. I actually found an enhancement request for that so if someone is missing this functionality maybe should vote too:

      Best regards


      Author's profile photo Paul Allen
      Paul Allen
      Blog Post Author

      Very good point, I've voted on the enhancement 🙂

      Author's profile photo Olga Bartczak
      Olga Bartczak

      Great!  Thank you 🙂