Sometimes employees or contractors need temporary privileged access to HR applications to troubleshoot a problem, respond quickly to a business issue or perform administrative functions. These are instances of “exceptional access” that fall outside the user’s typical job role or responsibilities and require detailed audit reporting to ensure access is granted, approved and revoked in compliance with company policies so activities such as performing application configuration changes or data loads and mass edits / deletions of sensitive employees information don’t jeopardize company assets.
In these instances when “exceptional access” is required, businesses have several challenges:
- Access is needed ASAP and should be terminated as soon as the issue is resolved
- Users with privileged access could…
- Alter or delete data to commit fraud, disrupt business or damage reputation
- Expose sensitive employee, customer or proprietary information
Without proper privileged access controls, a super user could:
- Change application configurations such as audit reporting or security settings to expose sensitive data
- Create users, assign entitlements and update entitlements without compliance checks
- Change an employee’s 401k bank account number to their own, authorize the direct deposit and then change the number back to the original number
- Make and authorize hiring or firing decisions
- Adjust, review and approve hours worked and transmit the approval to payroll
Whether you use SAP SuccessFactors, Workday, PeopleSoft or other system, find out how you can protect it from the insider threat. Click here to schedule a demo!