You want to record the activities of users in the system.
You are looking for different possibilities to log user activities in the SAP system, among other things to
Solution
In the standard SAP System, extensive functions exist for logging user activities and changes to the system.You must use them selectively to record the required data specifically, and at the same time to facilitate their efficient evaluation and utilization. When you log user activities you must generally note that
Existing data protection laws are not violated (for example, German Data Protection Act). In certain cases, recording is only permitted when approved by the data protection officer and an employee representative and is additionally subject to the regulations of a company agreement.
Large datasets can develop very quickly whose storage and evaluation require considerable operating funds which can reach the limits of practical feasibility.
In the overview, the following functions are displayed in the standard SAP System:
Logging table changes:
--------------------------------------
Logging table changes for Customizing is activated via the profile parameters rec/client. In the standard system tables that must be logged are marked for logging. Customer-specific settings are possible via Transaction SE11:
Tools --> ABAP Workbench --> Dictionary --> Database table --> Technical settings
Transaction SCU3 can be used for evaluation.
(see R/3 Online help: BC ABAP Dictionary --> Logging)
Master data table changes are written according to the principles of the respective accounting (GOBS) in the proper business areas via change documents. With this, the change, the name of the user, the current field contents and the previous field contents are all logged for each field.
Statistical data for user behavior
----------------------------------
In the system, statistical data for the workload and for the user behavior is constantly recorded and compressed in adjustable time intervals.This statistical data is only accessible for users with administration authorization and is used exclusively for the purpose of an efficient and secure operation of the SAP system.
If statistical data is used for the purpose of the settlement, the settlement number is evaluated rather than the user name. The recording of statistical data can also be deactivated.
Transaction STAT:
Tools --> CCMS --> Control/Monitoring --> Performance menu --> Workload --> Statistics records
(also see R/3 Online Help: BC Computing Center Management System --> Workload Monitor)
Logging security-related system events:
------------------------------------------------------
The syslog is available for this, and as of Release 4.0 the security audit log is additionally available.In the syslog, the locking of users and operating system calls are logged.
In the security audit log, the following is recorded:
Logon, RFC logon, transaction start, call of RFC function modules, call of reports (as of Release 4.6), changes to user master records, start/stop of systems, download from data (as of Release 4.6) and so on.
To activate the security audit log, the profile parameter rsau/enable must be set, and settings must be defined with Transaction SM19.With Transaction SM20, the evaluation of the security audit log is carried out. The audit files can be reorganized using Transaction SM18.
System log (Transaction SM21): Administration --> System administration --> Monitor --> System log
(see R/3 Online help: BC System services --> System logs)
Security audit log (Transaction SM18, SM19, SM20):
Administration --> System administration --> Monitor --> Security audit log
(see R/3 Online help: BC System services --> Security audit log)
SQL Audit log
-------------
As of Release 4.5, there is additionally the option to record all the resulting SQL "SELECT" statements from user actions in the database interface by specifiying the selection criteria, users, time, report and statement (refer to Note 115224).
No comments:
Post a Comment