Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Client Analysis.

Former Member

‎03-16-2010 6:27 AM

0 Kudos

Hi Everyone,

I do have a scenario and need valuable advices by you all that We have a client in DEV for example DEV140, there our function people made some config changes and now they complain that some of their config data was deleted somehow..

I checked but no security logs are activated in that client. Please if you can guide me what all Tcodes i need to monitor and what all i need to check so that i can come to a conclusion that which user id did this or may be i can draw some conclusion to this case.

Thanks in advance.

Regards,

Avneesh

8 REPLIES 8

jurjen_heeck
Active Contributor

‎03-16-2010 7:29 AM

0 Kudos

> some of their config data

You'll need to be more specific to get usefull answers here. On this base you may get a lot of guesses.... my first one is to look at the transport logs (if automatic recording is active).

Former Member
In response to jurjen_heeck

‎03-16-2010 8:35 AM

0 Kudos

Hi Jurjen,

Thanks for the response.

Actually there has been deletion of Workflow Config & PR release Strategy Config from Dev & QA Box. As you suggested i checked and found that automatic recordings is active. please provide me some other more points where i can look into it.

Regards

Avneesh

jurjen_heeck
Active Contributor
In response to jurjen_heeck

‎03-16-2010 8:52 AM

0 Kudos

> please provide me some other more points where i can look into it.

Best concentrate on the transports (logs and contents) then. Anyone deleting the config must have had a transport request to enter these changes in (if it is actually customizing but your functional people should be able to tell you that).

Former Member
In response to jurjen_heeck

‎03-16-2010 3:40 PM

0 Kudos

Hi,

I agree with Jurjen to concentrate on transport. Also check transaction SWU3 for workflow customization .

In this t.code go to extra->log and execute by choosing search criteria. Check if this helps you.

sdipanjan
Active Contributor

‎03-16-2010 8:42 PM

0 Kudos

Ask the Func. team to identify the period within which this deletion has happened (if) and then try to find out the header change history in that particular client by using the tables CDPOS & CDHDR.

Also you can ask them to prepare a list of tcodes by using which the suspected data can be deleted, Then try to check ST03 for usage of those TCodes. Of course there are some dependencies to use ST03 to get data for a certain period of time.

regards,

Dipanjan

Former Member
In response to sdipanjan

‎03-17-2010 3:39 AM

0 Kudos

Thanks Dipanjan.

Will check it and let you all know about the same.

Regards

Avneesh

Former Member

‎03-16-2010 10:16 PM

0 Kudos

> config changes

If the delivery classes of the tables are correct and your settings as well, then it was either a program or you are missing the logging of config tables in the import events of the transport tools.

In STMS go to the system and display the transport tools tab. Parameter RECCLIENT = ALL will activate this for you. The author is the transport request number.

Here you can also deactivate the visibility of the mass import option - which is something I would recommend...

Cheers,

Julius

Edited by: Julius Bussche on Mar 16, 2010 11:16 PM

Former Member
In response to Former Member

‎03-17-2010 3:41 AM

0 Kudos

Thanks Julius as always for being providing the best solution.

Regards

Avneesh