Show TOC

 Monitoring and Logging of Signature Processes Locate this document in the navigation structure

Use

Digital approval processes must be reliable and transparent in order to comply with security requirements. For this reason, the SAP System offers the following:

  • You can lock users after a customer-specific number of unsuccessful attempts has been reached.

  • You can monitor security-relevant activities that occurred during the signature process.

  • You can analyze all activities performed in the context of the signature process.

Features

User Lock

When a signature is executed, unsuccessful attempts can take place for a number of different reasons (for example, the user has entered the wrong password, the user is not authorized to execute the signature, or the system could not verify the signature). After a certain number of unsuccessful attempts has been exceeded, the user is locked as follows:

  • When a system signature is executed, the user is locked by the SAP System. The lock applies to the digital signature and a new system logon. You set the number of failed attempts in the system profile (see Profile Parameters for Logon and Password (Login Parameter) )

  • When a user signature is executed, the user is locked by the external security product. The lock only applies to the digital signature. The number of allowed unsuccessful attempts is managed by the external security product.

Security Audit Log

Any failed signature attempt is logged in the Security Audit Log along with other security-relevant events of the SAP System. The system documents, for example, the reason for the error, date and time, and the signatory's user ID. The security administrator can use the CCMS alert monitor to evaluate the Security Audit Log (see Alert Monitor ).

Log for Digital Signature

The log for the digital signature documents all relevant steps in a signature process. This includes successful and canceled signatures as well as signatures that were deleted when the signature process was canceled. You can evaluate the signature log, for example, by signature object, signature time, and the signatory's user ID (see Analyzing Logs for Digital Signatures ). It contains the result of the signature steps along with all messages and the data that is transferred to the signed document if the signatures were successful.