SAP Knowledge Base Article - Public

2921353 - How to Generate Read Audit Report

Symptom

  • What is Read Audit.
  • Setting Up Read Audit.
  • How to Enable Read audit.
  • How to Generate Read Audit Report.

Environment

SAP SuccessFactors HXM Suite

Resolution

Read Audit

Read auditing capabilities enable you to track access to sensitive personal data.

Companies store a wide range of personal data about people, from the basic information (such as name and date of birth) to the potentially sensitive information (such as national ID or ethnicity). Your data protection and privacy policy may require you to keep track of who has accessed sensitive personal data.

SAP SuccessFactors provides a read audit function that enables you to determine who has accessed the sensitive personal data of employees or external candidates at your company.

Note : Not all personal data, nor all personally identifiable information, is necessarily considered sensitive. Read auditing is only available for small number of records that we've identified as sensitive.

Setting Up Read Audit

Set up the read audit function so that you can track access to sensitive personal data.

Prerequisites

With the 1H 2020 release, read audit reporting is enabled by default in all Preview and Production systems, in all data centers.

Procedure

  • Enable the read audit function in Admin Center.
  • Add user exceptions for technical user accounts, such as API users, so that they are excluded from read audit logs and read audit reports.

Tip : To avoid unnecessary impacts to system performance and prevent large amounts of irrelevant information in read audit reports, exclude API users that regularly process large amounts of data and don't correspond to a real person.

Enabling Read Audit

Enable read audit logging so that authorized users can create audit reports tracking read access to sensitive personal data.

Prerequisites

You have the following role-based permissions:

  • View Read and Change Audit Configuration
  • Edit Read and Change Audit Configuration
  • Generate Read Audit Reports

Procedure

  1. Go to Admin Center  Manage Audit Configuration.
  2. On the Read Audit tab, switch on the Read Access Logging option.
  3. Choose Save.
  4. You get a message telling you that the activation process has started. It usually takes about 24 hours.
  5. Come back to Manage Audit Configuration later to verify that the toggle switch is enabled. If so, it means that the process is complete.
  6. If you use Onboarding 1.0, also go to Onboarding 1.0  Settings  Features  Data Protection and Privacy and click Activate to enable Read Audit

Creating a Read Audit Report

Create a read audit report to see who has accessed sensitive personal data about a given person.

  • Prerequisites
  • Read audit is enabled in your system.
  • You have Generate Read Audit Reports permission.

Procedure

1.  Go to Admin Center  -> Read Audit Reports  -> Create Read Audit Report.

2.  Select the type of user you want to create a report for.

  • For an individual employee or onboardee in Onboarding 2.0, choose Person Search.
  • For an external candidate for jobs at your company, choose External Candidate Search.
  • For a new hire onboardee in Onboarding 1.0, choose Onboardee Search.
  • A dialog opens where you can configure the report settings.

3.  Specify the person you want to report on.

  • For the Person Search, you have two choices
    • To see who has accessed sensitive personal data about a specified person, select Read On Subject User and use the Person search to specify the employee.
    • To see whose sensitive personal data a specified person has accessed, select Read By User/Data Operator and use the Person search to choose the employee.
  • For the External Candidate Search, use the External Candidate search to specify the candidate.
  • For the Onboardee Search, use the Onboardee search to specify the new hire in Onboarding 1.0.

4.   Select the modules and functional areas you want to include in the search.

Note:To optimize system performance, limit your search to only the required data. The more modules you choose, the longer the report takes to compile.

5.   Configure the time range you want to report on, up to a maximum of 7 days.

Remember: Audit reports cover a maximum time range of seven days. If you want to audit a longer period of time, create multiple reports. For example, if you want to audit data for a full month, run four separate reports of seven days each.

6.    Submit the request to generate a report

Results

The report may take just a few minutes to prepare or, if there’s a lot of data, it can take longer. You receive an email notification when the report is complete (or if it has failed).

Next Steps 

Wait to receive an email notification and use the link provided, within 48 hours, to go directly to the page where you can view and download the report in CSV format.

Remember

Audit reports are automatically purged after 48 hours. Be sure to check the report you are interested in within 48 hours of generation and archive it if necessary. Otherwise, you may have to run it again.

Alternatively, if you don't want to wait for the email, you can always check job status and download completed reports by going to Read Audit Reports  Access Reports.

 

See Also

Link to Help Portal for More Information.

Keywords

Read Audit, Generate Read Audit, Setting up Read Audit, Create Read Audit. , KBA , LOD-SF-PLT-AUDE , Enable Audit Framework , Problem

Product

SAP SuccessFactors HXM Suite 2005