cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security logging and tracing

Go to solution
Former Member

on ‎09-29-2008 3:49 PM

0 Kudos

Hi,

The "Security Guide for SAP xAPP Manufacturing Integration and Intelligence 12.0" says the following in regards to security logging and tracing:

"Security permissions for data servers and services are written to the security log with the xMII Security category. The data includes the previous value and the value to which the security permission was changed."

I'm not seeing this type of logging in the NetWeaver logs. Can you confirm that this type of logging is working and if so let me know the filter settings to use in the Monitoring / 'Logs and Traces' utility?

Or maybe I am mis-understanding the statement from the security guide? Here is what I did. I created a new Data Server, and there were some messages logged in the NetWeaver logs indicating the creation of the Data Server. I then selected this new Data Server on the Data Access screen and assigned some additional roles to it and saved it. When I did this, no new entries were created in the NetWeaver logs. Based on what the Security Guide stated I would have expected there to be a log entry indicating what roles were previously assigned, and what roles are now assigned. Am I misinterpreting this?

Thank you in advance for your help.

Regards,

Steve Christensen

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

agentry_src
Active Contributor
‎10-02-2008 1:08 PM
0 Kudos

Hi Steven,

I don't know that much about the security logging, but here is some useful information about using the NW logs.

[Helpful Link|]

Hope it helps,

Mike

Show replies
Show replies
Former Member
‎10-02-2008 2:52 PM
0 Kudos

Hi Mike,

Thanks for the feedback. I hadn't read the post that you linked, but had read the Salvatore Castro post and already have reviewed the NetWeaver logs.

It seems that the contents of the logs do not include information that should be there according to the xMII v12 Security Guide.

I was hoping that some of the MII developers might comment on my question to let me know if the security guide is not accurate or if this is a known bug in v12.02 or if I am not looking in the right spot?

I've tried filtering the NetWeaver logs in multiple ways (Application=XMII, Last 24 hours, etc.) and still am not finding the type of security audit entries that should be there according to the security guide.

Thank you again - I appreciate you taking the time to reply and including the reference to the other post.

Regards,

Steve Christensen

agentry_src
Active Contributor
‎10-02-2008 3:10 PM
0 Kudos

Hi Steve,

I hate seeing a good post sitting without anybody responding. The link has some good information, but eventually directs to to Sam's post. Have you checked with the UME administrator to see if you have permissions to see the Security messages? You may want to open a ticket if you can't figure out a valid reason for not seeing the messages.

Mike

Edited by: Michael Appleby on Oct 2, 2008 4:10 PM

Former Member
‎10-02-2008 4:00 PM
0 Kudos

Hi Mike,

I believe that I have permissions to see all of the log entries as my UME account is a member of the

SAP_JAVA_NWADMIN_LOCAL_READONLY

role, which allows me to view all NetWeaver administrator settings (and logs) in readonly mode. If you (or anyone else) is aware that this role is not sufficient to view all log entries, please let me know.

Thank you for the suggestion of opening a ticket. I suppose I'll wait until Monday and if I don't get an answer by then will open a ticket.

Thank you again!

Steve

agentry_src
Active Contributor
‎10-02-2008 7:01 PM
0 Kudos

I don't know enough about the roles to say whether it is sufficient. I have been working on various versions of 12.0 since January, but never did an installation and usually was very limited in my NW access.

Good luck,

Mike

Answers (1)

Answers (1)

Former Member
‎02-27-2009 3:19 PM
0 Kudos

Hi,

Just want to give an update on this. Using information provided by Matthias Schroll [here|], I modified the log settings on the Illuminator trace service from the default 'Error' level to 'Info'. Doing so caused MII security permission changes to be logged as documented in "Security Guide for SAP xAPP Manufacturing Integration and Intelligence 12.0".

Show replies
Show replies
agentry_src
Active Contributor
‎02-27-2009 3:29 PM
0 Kudos

Hi Steven,

Thanks for posting your results. Now the process is available to everyone. Not everyone follows through quite as well.

Mike

Ask a Question