- What is Read Audit.
- Setting Up Read Audit.
- How to Enable Read audit?
- How to Generate Read Audit Report?
- How long is Read Audit data retained?
SAP SuccessFactors HXM Suite
Read auditing capabilities enable you to track access to sensitive personal data.
SAP SuccessFactors provides a read audit function that enables you to determine who has accessed the sensitive personal data of employees or external candidates at your company.
Note : Not all personal data, nor all personally identifiable information, is necessarily considered sensitive. Read auditing is only available for small number of records that we've identified as sensitive.
Setting Up Read Audit
Set up the read audit function so that you can track access to sensitive personal data.
With the 1H 2020 release, read audit reporting is enabled by default in all Preview and Production systems, in all data centers.
- Enable the read audit function in Admin Center.
- Add user exceptions for technical user accounts, such as API users, so that they are excluded from read audit logs and read audit reports.
Tip : To avoid unnecessary impacts to system performance and prevent large amounts of irrelevant information in read audit reports, exclude API users that regularly process large amounts of data and don't correspond to a real person.
Enabling Read Audit
Enable read audit logging so that authorized users can create audit reports tracking read access to sensitive personal data.
You have the following role-based permissions:
- View Read and Change Audit Configuration
- Edit Read and Change Audit Configuration
- Generate Read Audit Reports
- Go to Admin Center Manage Audit Configuration.
- On the Read Audit tab, switch on the Read Access Logging option.
- Choose Save.
- You get a message telling you that the activation process has started. It usually takes about 24 hours.
- Come back to Manage Audit Configuration later to verify that the toggle switch is enabled. If so, it means that the process is complete.
- If you use Onboarding 1.0, also go to Onboarding 1.0 Settings Features Data Protection and Privacy and click Activate to enable Read Audit
Creating a Read Audit Report
Create a read audit report to see who has accessed sensitive personal data about a given person.
- Read audit is enabled in your system.
- You have Generate Read Audit Reports permission.
1. Go to Admin Center -> Read Audit Reports -> Create Read Audit Report.
2. Select the type of user you want to create a report for.
- For an individual employee or onboardee in Onboarding 2.0, choose Person Search.
- For an external candidate for jobs at your company, choose External Candidate Search.
- For a new hire onboardee in Onboarding 1.0, choose Onboardee Search.
- A dialog opens where you can configure the report settings.
3. Specify the person you want to report on.
- For the Person Search, you have two choices
- To see who has accessed sensitive personal data about a specified person, select Read On Subject User and use the Person search to specify the employee.
- To see whose sensitive personal data a specified person has accessed, select Read By User/Data Operator and use the Person search to choose the employee.
- For the External Candidate Search, use the External Candidate search to specify the candidate.
- For the Onboardee Search, use the Onboardee search to specify the new hire in Onboarding 1.0.
4. Select the modules and functional areas you want to include in the search.
Note: To optimize system performance, limit your search to only the required data. The more modules you choose, the longer the report takes to compile.
5. Configure the time range you want to report on, up to a maximum of 7 days.
Remember: Audit reports cover a maximum time range of seven days. If you want to audit a longer period of time, create multiple reports. For example, if you want to audit data for a full month, run four separate reports of seven days each.
6. Submit the request to generate a report
The report may take just a few minutes to prepare or, if there’s a lot of data, it can take longer. You receive an email notification when the report is complete (or if it has failed).
Wait to receive an email notification and use the link provided, within 48 hours, to go directly to the page where you can view and download the report in CSV format.
- Audit reports are automatically purged after 48 hours. Be sure to check the report you are interested in within 48 hours of generation and archive it if necessary. Otherwise, you may have to run it again.Alternatively, if you don't want to wait for the email, you can always check job status and download completed reports by going to Read Audit Reports Access Reports.
Read Audit Data Retention: The Read Audit data is stored indefinitely in our database, from the point it is enabled for an instance. This is unless the audit data is purged using DRM tools.
Link to Help Portal for More Information.
Read Audit, Generate Read Audit, Setting up Read Audit, Create Read Audit. , KBA , LOD-SF-PLT-AUDE , Enable Audit Framework , Problem