Xpandion Blog

  • Home
    Blog Home This is where you can find all the blog posts throughout the site.
  • Tags
    Tags Displays a list of tags that have been used in the blog.

Do You Know What to Do In Case of an Emergency?

  • Font size: Larger Smaller
  • Hits: 5887
  • Print

Emergencies happen. Yes, even in businesses. The ones I’m referring to are related to work processes and ERP security. Ok, so it’s not a fire or flood; still any business must be able to handle operational emergencies quickly and effectively. 

emergency access 1


Emergencies of this sort can include resolving configuration changes, troubleshooting critical issues, or providing immediate assistance to business users. Solving these problems is done in the production environment, usually by the IT team (system administrators, programmers, training staff, etc.).

So far you see no problem, right? Wrong. Accessing the production environment entails the following risks: fraud, misuse of authorizations and deficiency in audit reports. Although risky, timely and privileged access into production systems is essential for enabling an organization to operate smoothly and efficiently, at all times. In case of an urgent business requirement, a company needs to allow its IT team the flexibility around the production environment, as they must prevent, attend and manage critical issues then and there.

Let’s say that a financial implementer requires urgent access to the production environment in order to take care of a critical bug, which is preventing the Payment Run program to run properly (a very stressful situation indeed…). The financial implementer should be granted with the required authorizations to ensure that this situation is handled immediately and effectively. Nonetheless, while working in the production environment to fix the bug, a lot can happen, whether by mistake or on purpose…

How IT teams can support production systems without compromising security and control

The ideal solution for guaranteeing full control over production systems is setting an emergency access (sometimes referred to as IT access) process in place. Such a process defines the rules for privileged access in case of an emergency; specifically for users that are not supposed to enter the production environment on a regular basis, as well as business users required to handle ad-hoc issues.

Based on what I hear from customers, the best process should run more or less like this:

  • User requests access to the production environment and needs to provide a reason justifying the request.
  • Automated testing system determines whether the request for accessing the production system is justified. If the reason provided did not “pass the test” (meaning the user’s request is suspicious in comparison to the user’s regular behavioral profile) the request is directed to a security administrator for further inspection.
  • The request is automatically sent to the relevant manager for approval.
  • Upon approval the user’s account in the production system is unlocked, or a dedicated user name is provided, and a powerful role is assigned for enabling the prompt completion of the urgent task.
  • emergency access 3

Wait, there’s more: to make sure things don’t go wrong from here, all activity in the production environment needs to be monitored continuously. What I mean by this is that every action taken in the production system is recorded (just in case the user was fooling around in there, or even made an innocent mistake). In addition, alerts should be sent if a sensitive activity was performed. After a defined amount of time the username is automatically locked and all extra authorizations – granted for the purpose of resolving the issue – are removed. Finally, and I really recommend this, a full report of all activities in the production environment should be generated, available to security managers for further inspection.

In a nutshell: emergency access is inevitable. Managing and controlling it is essential.

Dror Aviv joined Xpandion in 2010 as a programmer in the R&D team. Combining technical knowledge with implementation skills, Mr. Aviv serves today as a Senior Implementation Advisor, bringing with him extensive hands-on experience from the field. He works closely with customers at their sites, and is an expert in defining customer needs, translating them into business process and implementing them via ProfileTailor Dynamics’ suite of products.


  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest 24/06/2017


in XpandionPosted by Yoav Michaeli

Office Space- A funny movie about hackers or a real life security threat?

Though most SAP programmers are reliable, serious professionals, there are a few who are intent on harming their organizations – and because of these few, we are rightfully afraid of the power of SAP Programmers. They almost always have a significant number of authorizations in the production system...
in Security & AuthorizationsPosted by Yoav Michaeli

Emergency Access at 2am? Don’t Wake Me Up, Please!

There’s a tricky little process with an innocent-sounding name, and it’s something that goes on in your organization far more frequently than you’d imagine. Can you guess what it is? It’s called “IT Access” (AKA “Emergency Access”) – and auditors love it. 


in Security & AuthorizationsPosted by Dror Aviv

SUIM: The Pitfalls of Analyzing SAP Authorizations During an Audit

    37 inShare (This is the short version of an article regarding the most popular T-Code used to analyze SAP Authorizations. Download the full SUIM article including examples and screenshots). When it comes to SAP audit time, audi...
in Security & AuthorizationsPosted by Dror Aviv

How to Understand SAP Authorizations in 10 Minutes or Less

If you’re like most CIOs, CISOs or internal auditors that work in a company that has implemented SAP, every day you have to contend with overloaded terms like “Profile,” “Authorization Role” and “Authorization Object” and quotes such as “This person can't access the company code because he doesn’t h...
in Security & AuthorizationsPosted by Yoav Michaeli

Who Authorized It?!

"Who authorized it?" is definitely the most asked question following a fraud event or leakage of information.  



157 Yigal Alon Street,

Tel Aviv 67443, Israel


US Office


33 West 19th Street, New York,

NY 10011, USA


India Office


C 103, Akruti Orchid Park, Andheri-Kurla Road,

Andheri East, Mumbai, India