PAM - monitoring SAP admins


Hello,
I have a potential PAM customer running SAP(ERP Software). They **also**
badly wants to monitor(record) SAP Administrator activities, and
challenge here is that SAP Administrators use a client(SAP GUI) for SAP
administration which installs/runs on their workstations.

How PAM can help this customer ? any suggestions ?

Regards,


--
sharfuddin
------------------------------------------------------------------------
sharfuddin's Profile: https://forums.netiq.com/member.php?userid=1016
View this thread: https://forums.netiq.com/showthread.php?t=56454

Parents Reply Children

  • >There's also the option to 'Run as User' that could be a workaround

    approach
    >to have only specific applications monitored rather than all

    applications.


    I don't thing "Run as User" could be a workaround here, as how can one
    restrict an Admin to only run the console/tool(e.g SAP GUI or Putty) via
    "Run as User".
    SAP GUI is a tool that any ordinary(non-priviledged) user can run if
    installed on his/her workstation, its the credentials that authorized
    what a user can/can't do within SAP. Similarly any one can run the
    "Putty" if available on his/her system(yes we can track/monitor direct
    ssh logins via PAM too), successful login and rights are dependent on
    the credentials provided, but Putty does not require any special
    permissions.

    So in all such scenarios where tools/consoles could be run by any
    ordinary user "Run as User" feature won't help because we can't restrict
    users to run the consoles/tools via "Run as User" feature only.

    Regards,


    --
    sharfuddin
    ------------------------------------------------------------------------
    sharfuddin's Profile: https://forums.netiq.com/member.php?userid=1016
    View this thread: https://forums.netiq.com/showthread.php?t=56454

  • Yah you are right, this makes total sense. I understand this use-case is being considered by Engineering for enhancement in the near future as we see the need.