Solved: How do you log SAP vendor activity performed durin...

Former Member · ‎07-21-2010

Hello Everyone,

What is the best and cost effective way to log SAP vendor activity while they are connected to perform OSS related work?

The environment under review provides an OSS SAP support ID and password to the vendor to facilitate the authentication, however, no security audit logging is performed. The SAP team is raising performance issues as the reason why the logging is not turned on.

Is there a way to restrict the security logging only to the OSS support ID and also determine the activity performed during the session? Basically, how can the internal team know that an unauthorized activity was performed during the connection and / or someone made several failed attempts to authenticate through the OSS connection?

Thank you.

Former Member · ‎07-21-2010

You can ask the Basis team to put the audit log on SM19 , SM20 transactions will help

if its on the java side please ask them to put system trace on

Another best option will be to use SAP GRC SPM: 5.3 that will give the complete log of all the activities performed

Former Member · ‎07-21-2010

You can ask the Basis team to put the audit log on SM19 , SM20 transactions will help

if its on the java side please ask them to put system trace on

Another best option will be to use SAP GRC SPM: 5.3 that will give the complete log of all the activities performed

sdipanjan · ‎07-21-2010

Hi,

You can put a ST01 trace against the back end OSS user id if you can't assign a active filter of SM20 audit log.

Regards,

Dipanjan

Former Member · ‎07-21-2010

Will pass on the information to the BASIS team. Any other feedback is still welcome. Thank you

Former Member · ‎07-21-2010

Hi,

If the security audit log would cause performance problems then your system would come to a halt during times like period closing or year end closing. That would not be acceptable and neither is that excuse by the Basis team.

Former Member · ‎07-21-2010

Then would you recommend SAP GRC SPM 5.3? if they have installed

Former Member · ‎07-22-2010

Will do. Thank you

Former Member · ‎07-29-2010

Other option(i also recommend deployment of SAP GRC Access Control) is to look the Change document tables(CDHDR and CDPOS). If any modification is done to any data(most of the data is kept here, some data not like PM and CO Orders) it will store right here.

Kind Regards

Former Member · ‎07-30-2010

Hi Shaki,

You can also use STAD report to trace the activities already performed by a user ID by giving date & time range. However you need to run this report soon as the data does not remain for long, it remains for few days. You can also use the option of ST03N with expert mode

Former Member · ‎08-17-2010

Thanks to all!

Former Member · ‎08-17-2010

It also records the GUI event and is regardless of the success of starting the activity, let alone completing it.

In my books it is "fluffy" security which is inherently flawed for the purpose you are using it for. The main reason for the records is response times.

It only works because authorization concepts are sometimes inherently flawed in their implementation as well.... so people believe what they see...

But for forensics it is usefull IF you are fast enough...

Cheers,

Julius

How do you log SAP vendor activity performed during an OSS Connection?