07-21-2010 4:48 PM
Hello Everyone,
What is the best and cost effective way to log SAP vendor activity while they are connected to perform OSS related work?
The environment under review provides an OSS SAP support ID and password to the vendor to facilitate the authentication, however, no security audit logging is performed. The SAP team is raising performance issues as the reason why the logging is not turned on.
Is there a way to restrict the security logging only to the OSS support ID and also determine the activity performed during the session? Basically, how can the internal team know that an unauthorized activity was performed during the connection and / or someone made several failed attempts to authenticate through the OSS connection?
Thank you.
07-21-2010 5:34 PM
You can ask the Basis team to put the audit log on SM19 , SM20 transactions will help
if its on the java side please ask them to put system trace on
Another best option will be to use SAP GRC SPM: 5.3 that will give the complete log of all the activities performed
07-21-2010 5:34 PM
You can ask the Basis team to put the audit log on SM19 , SM20 transactions will help
if its on the java side please ask them to put system trace on
Another best option will be to use SAP GRC SPM: 5.3 that will give the complete log of all the activities performed
07-21-2010 5:38 PM
Hi,
You can put a ST01 trace against the back end OSS user id if you can't assign a active filter of SM20 audit log.
Regards,
Dipanjan
07-21-2010 6:22 PM
Will pass on the information to the BASIS team. Any other feedback is still welcome. Thank you
07-21-2010 8:30 PM
Hi,
If the security audit log would cause performance problems then your system would come to a halt during times like period closing or year end closing. That would not be acceptable and neither is that excuse by the Basis team.
07-21-2010 8:41 PM
07-22-2010 5:54 PM
07-29-2010 8:12 PM
Other option(i also recommend deployment of SAP GRC Access Control) is to look the Change document tables(CDHDR and CDPOS). If any modification is done to any data(most of the data is kept here, some data not like PM and CO Orders) it will store right here.
Kind Regards
07-30-2010 9:24 AM
Hi Shaki,
You can also use STAD report to trace the activities already performed by a user ID by giving date & time range. However you need to run this report soon as the data does not remain for long, it remains for few days. You can also use the option of ST03N with expert mode
08-17-2010 5:22 PM
08-17-2010 11:27 PM
It also records the GUI event and is regardless of the success of starting the activity, let alone completing it.
In my books it is "fluffy" security which is inherently flawed for the purpose you are using it for. The main reason for the records is response times.
It only works because authorization concepts are sometimes inherently flawed in their implementation as well.... so people believe what they see...
But for forensics it is usefull IF you are fast enough...
Cheers,
Julius