on 05-12-2010 4:01 PM
Dear All,
Is there any facility of audit for checking who has looked into the SRM tables through SE16 or through function modules. As bid prices are very sensitive in nature and nobody should see it through tables etc, this log/audit becomes important.
If there is no facility provided by SAP, can a functionality be developed for putting the audit trail for display of tables?
Regards
Amit
Hello,
If you create a transaction code around the SE16 of the table (using SE93) and skipping the first screen. - Transaction SE16, check skip initial screen, and 0 for Screen field.
In defulat values at the bottome
VIEWNAME tablename
UPDATE X
ALSO
remove se16 privs from production,
ST03n will let you see all the times the new transaction is called. SE16 should not be allowed in a production system . Auditors don't like that.:-)
Good luck
Ken
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
COntinuing, for those few that have SE16, yoiu'll want a full list of the tables they look at and you'll want to create a t-code wrapper around each one, then remove SE16 altogether .
KEn
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Normally the authorization of running transactions such as SE16, SE38, SE37, SE80, etc would be taken away for most of the users in SRM production environment to prevent unauthorized data reading.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I am not entirely sure if the name of the table would show up in the report, but the transactions the user runs would definitely show up. Take a look at this document that details the firefighter practice:
The System Log is available for at Data Base (SE11->Table->Technical Details) Object level and you can see the details using transaction SCU3.
Here are more details:
The logging flag defines whether changes to the data records of a table should be logged. If logging is activated, every change (with UPDATE, DELETE) to an existing data record by a user or an application program is recorded in a log table in the database.
Note: Activating logging slows down accesses that change the table. First of all, a record must be written in the log table for each change. Secondly, many users access this log table in parallel. This could cause lock situations even though the users are working with different application tables.
Dependencies
Logging only takes place if parameter rec/client in the system profile is set correctly. Setting the flag on its own does not cause the table changes to be logged.
The existing logs can be displayed with Transaction Table history (SCU3).
Hi,
Which table?
Table " Z " or Standard?
Rgs,
Pedro Marques
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.