/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
- How does GDPR Read Audit feature applies in AdHoc Report?
- How does Read Audit Logging applies to Ad Hoc Report?
Environment
- Ad Hoc Report Builder
- Read Audit (GDPR)
Resolution
- Scheduling of Ad Hoc reports: The Ad Hoc reporting tool logs when a user attempts to access a report with sensitive data. Therefore, the logging happens when the report is generated and the timestamp of the logs also represents the time when the report query is executed.
The system does not track whether a user sees the generated report, as the scheduled report file could have left the SAP SuccessFactors system (for example, if it is scheduled to an FTP destination or an another external source). It is also not tracked if the report is downloaded multiple times – still only one set of logs are produced (as the report was generated only once). Recurring scheduled jobs are logged each time a report is generated.
- View online: When an Ad Hoc report with sensitive fields is viewed online, the entire report content is logged. We do not track how many pages the user browses or scrolls through.
- If storing of read logs fails “half way through”, then user can see the records which have been logged. For example, if a report has 1000 rows, but only the first 300 rows got logged before an error happened, then the user will see only 300 rows and not the remaining rows.
- Grouped Ad Hoc reports: Aggregated (grouped) reports are not logged as there is no user context. If you add one of the following user-fields in combination with a sensitive field, data access is logged:
- First name
- Last Name
- Middle Name
- Username
- UserID
For Recruiting Management reports, the following fields are marked as user-fields:
- Candidate ID
- Candidate Name
- Candidate email
- Candidate SSN
- Application ID
- Note, Logging happens only for aggregated reports if the user-field is part of the visible report result. There will be no logging for aggregated reports if the user-field is only used in the aggregate function (for example, “count of UserID”) or as a filter.
- Null Values: Null values are not logged because all fields which the user is not allowed to see come back as Null values in the report.
- Special behavior of sensitive fields: Sensitive fields in the following Ad Hoc reporting schemas are blanked out instead of read logged.
- Performance Management
- Goal Management
- Calibration
- Succession
- Compensation Planning
- Variable Pay
Keywords
Read Audit
GDPR
Realms
Ad Hoc Report
Data Privacy
Data Protection
Adhoc , KBA , LOD-SF-ANA-ADH , Adhoc Reports & Report Builder , How To
Product
SAP SuccessFactors HCM Core all versions
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)