Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Is their a way to log whether interactive logons have taken place

Go to solution
former_member275658
Contributor

‎06-24-2010 8:59 AM

0 Kudos

Hi Gurus,

We need to change the service userID to System type, and ensure that all functionality continues to work in Production systems. (The userID embedded into RFC connections)

Before changing the user type for the userid I would like to know if there is any way to log whether interactive logons have taken place for the Service user.

We need to ensure that everything works when the userID is changed to System.

Please let me know if there is any to see the log for the service user which had interactive logons.

Regard's

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎06-26-2010 1:04 AM

0 Kudos

I think from what you are asking is can I find interactive logon of the user whose type is changed ( from whatever ) to Service user, I will say yes if audit log is on as per other experts post.

Remember with Netweaver in place not many companies would put SM19 and SM20 on , there are many java based GRC tools to do that .

The suggestions provided are the steps to configure after the fact.

My guess the logs will be in if Auditing was on

or else you will not get what you expect.

I dont know if this can help but please try this use SUIM

go to change documents, put that username at CHANGES BY FIELD try to expand range on dates

using changes since and changes up to.

"Again this is based on the Audit defaults set by your basis team already"

Objects

Authorizations

Object classes

Changes by

Changes since

Changes up to

If you set Audit today and try based on the steps provided by other experts you are not going to get any output from the past.

8 REPLIES 8

Go to solution
Former Member

‎06-24-2010 9:12 AM

0 Kudos

Salman,

system users are non-interactive accounts. I consistently use system accounts. I found that communication accounts need to have their password changed on first logon, which is somewhat cumbersome with a non-dialog account....

System :

GUI login is not possible.

Initial password and expiration of passowrd are not checked.

Usage:- These are used for internal use in system like background jobs.

Background processing and communication within a system (such as RFC users for ALE, Workflow, TMS, and CUA).

Service:

GUI login is possible.

Initial password and expiration of passowrd are not checked.

Multiple logins are allowed.

Users are not allowed to change the password. Only admin can change the password

Usage:- These are used for anonymous users. This type of users should be given minimum authorization.

Thanks,

Sri

Go to solution
former_member275658
Contributor

‎06-24-2010 9:36 AM

0 Kudos

Thanks Sri for quick response.

Could please tell me how should I know if there is any interactive logon happened thru this service user type (if logs recorded any interactive logons) ? if any, then where should i check it ? if not, then I can directly change it to system type in prd.

Thanks again!

Go to solution
Former Member
In response to former_member275658

‎06-24-2010 10:02 AM

0 Kudos

Salman,

You can use STAT and STAD for last three days of working and st03 for whole summarized total work perform by any user.

USR02 Logon data (password,user name, validity date etc..)

or

Go to ST03N -> Switch to Expert mode in the upper left corner -> Expand the node Total and select the time period (day, week, month) -> Expand the node User and Settlement Statistics and select User Profile -> Doubleclick the user you want and you get a list with transactions

or

You need to activate the audit system, than you can get the history for

when he login/logon

what report he run

when he change password or get lock and unlock

when he change authorization.

Almost every action you can log

You can use SM19, SM20.

Thanks,

Sri

Go to solution
former_member275658
Contributor
In response to former_member275658

‎06-24-2010 10:45 AM

0 Kudos

Sri,

I never used SM19 before.. I want to check the log for only one specific user. Do I need to create anew profile in SM19 and activate it and then give the user id and go to SM20 and give the userid and read log ?

Please advise..

Thanks

Go to solution
Former Member
In response to former_member275658

‎06-24-2010 7:29 PM

0 Kudos

Salman,

Yes salman, you need to create profile and then activate it.

In SM18 you can define the days for which you want to keep the logs it depends on the company policy and size of log

In SM19 Activate the profile required for audit log like for all users you can activate only critical events while for critical users select all events.SM20 you will just use for the reading the logs. (if required)

http://searchsap.techtarget.com/tip/SAP-security-audit-log-setup (ECC6)

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/b0bfafc5-0709-2d10-2fb9-e8c9e7525... for (ECC)

http://www.sap-img.com/basis/the-step-required-to-audit-at-the-user-level.htm

http://www.erpgenie.com/sap-technical/basis/the-step-required-to-audit-at-the-user-level

NOTE:

Activating the audit log

The following instance profiles must be set in order to activate audit logging (use transaction RZ10 to do so

rsau/enable: Set to 1 to activates audit logging

rsau/loc

Thanks,

Sri

Go to solution
Bernhard_SAP
Employee
Employee

‎06-24-2010 9:38 AM

0 Kudos

As we know now from Sri's c/p, what a Service and a System user is....

in SM19/20 you can log logins of type dialog and RFC/CPIC.

b.rgds, Bernhard

Go to solution
Former Member

‎06-26-2010 1:04 AM

0 Kudos

I think from what you are asking is can I find interactive logon of the user whose type is changed ( from whatever ) to Service user, I will say yes if audit log is on as per other experts post.

Remember with Netweaver in place not many companies would put SM19 and SM20 on , there are many java based GRC tools to do that .

The suggestions provided are the steps to configure after the fact.

My guess the logs will be in if Auditing was on

or else you will not get what you expect.

I dont know if this can help but please try this use SUIM

go to change documents, put that username at CHANGES BY FIELD try to expand range on dates

using changes since and changes up to.

"Again this is based on the Audit defaults set by your basis team already"

Objects

Authorizations

Object classes

Changes by

Changes since

Changes up to

If you set Audit today and try based on the steps provided by other experts you are not going to get any output from the past.

Go to solution
Former Member
In response to Former Member

‎06-26-2010 4:49 AM

0 Kudos

salman,

SUIM doesn't give you the result. Since the search is for log files / who have logon(service id's) for particular period

Best option is thru Audit

or

retreive user history from tables USH02,USH04,USH10 and USH12.

Thanks,

Sri