Monitoring and Logging of Signature Processes

User Lock

When providing a signature, failed attempts can occur for various different reasons (for example, because a user enters an incorrect password, does not have authorization for signing, or his or her signature could not be verified). When a specified number of failed attempts is exceeded, the user is locked as follows:

• By the SAP system with the system signature. The lock applies to the digital signature and to logging on to the system again. You set the number of failed attempts in the system profile (see also Profile Parameters for Logon and Password).

• By the external security product with the user signature. The lock applies to the digital signature only. The number of permitted failed attempts is managed by the external security product.

Security Audit Log

All failed signature attempts - together with other security-relevant events in the SAP system - are logged in the security audit log. Here, the reason for the failure, the date and time, and the user ID of the signatory are documented. The security audit log can be evaluated by the security officer with the aid of the CCMS alert monitor (see also Alert Monitor).

Digital Signature Log

Logging of the digital signature is done using the application log. In the digital signature log, all relevant steps of a signature process are documented including successful and canceled signatures as well as signatures that were deleted when a signature process was canceled. You can evaluate the signature log according to signature object, signature time, and user ID of the signatory. It contains the result of the signature steps with the corresponding messages and all data that is transferred to the signed document with successful signatures. You can display the logs for the digital signature using the transaction DSLOG (see Display of the Signature Log (DSLOG)).