- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- BI auditing process
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
BI auditing process
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2010 2:56 PM
We want to be able to audit everything in BI. We have enabled auditing in SM19 for all criteria such as all users and all clients. Will this generate any BI auditing information on info cubes, ODS, info objects and etc? If not, how can be enable BI auditing to satisfy this requirement?
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2010 8:31 PM
Hi,
You may refer to the following document in SDN library, it deals with BI monitoring and auditing in a very concise manner
[http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/659fa0a2-0a01-0010-b39c-8f92b19fbfea?quicklink=events&overridelayout=true]
Thanks
Sandipan
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2010 4:29 PM
Hi Thareq,
SM19 will not track on ODS, InfoCubes, and InfoObjects. If you wish to track the same, you can use RSECADMIN -> Analysis options. However, these are not intended for audit purpose, but can be used if required. Note that the amount of logs that it generate are huge and you may need to backup them periodically. It will track the InfoCubes, InfoObjects access.
Also, as per my knowledge ODS/DSO changes can't be tracked.
Regards,
Raghu
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2010 4:33 PM
Thank You Raghu for the response. Is there anything specific to BI auditing like SM19 for BI auditing only? You had mentioned that RSECADMIN is not intended for audit purpose. Is there anything specific for this purpose for BI auditing?
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2010 5:03 PM
Hi Thareq,
Here is a solution to track some BI related audit information (doesn't suite your actual requirement, but is required). BI has the following Virtual provides:
0TCA_HIE - Gives information on the change document for Analysis Authorizations
0TCA_VAL - Gives information on the change document for Analysis Authorizations values
0TCA_UA - Change Document for Authorizations
You should activate these virtual provides from the BI CONT in RSA1.
Further, you should create queries to identify the # of users who has access to a infocube, sales company etc., but this will not provide you information on when the query was used, and the data was pulled in.
As per my knowledge, there is no other possibility to pull in that information other than tracing them in RSECADMIN.
Regards,
Raghu
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2010 8:31 PM
Hi,
You may refer to the following document in SDN library, it deals with BI monitoring and auditing in a very concise manner
[http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/659fa0a2-0a01-0010-b39c-8f92b19fbfea?quicklink=events&overridelayout=true]
Thanks
Sandipan
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2010 8:41 PM
Thank you all for the relevant information all of you had provided. The other question that I have relating to this query is
When we generate security auditing (SM19) in ECC system (not BI), is it possible to pull this audit data from ECC to BI system? Are there any standard BI ODS where this data is pullted from ECC and stored in BI? The other requriement is to pull reports in BI System of audit trails from ECC system.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2010 2:36 AM
Hi,
The SM19 audit logs are stored as txt files at the OS level. However, you can schedule a job using RSAU_SELECT_EVENTS which will read the logs from your ECC system and move them to the BI system. Further you can read them as Flat Files and store them in DSO and InfoCubes further.
Touchbase with your BI Developers & ABAPers to achieve this.
Hope this helps!
Rgds,
Raghu
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-26-2010 11:51 AM
Dear Thareq,
Analysis roles in BI contains actual organization values. Hence you need to make sure below points in BI audit
1. Se16-> table "RSECVAL"-> none of customize analysis role has * value where it should not be. For example, you need to restrict report for company code data then 0COMP_CODE=* should not be there.
2. Make sure that none of End user has 0BI_ALL analysis role assigned
3. make sure that all end users are restricted to their info area and RSRT transaction is not provided unless needed.
4. Make sure that Finance reports are authorized only to Authorized person.
5. Query change access is restricted.
I hope this hints will help you out. Usually you need to create audit checklist for BI if you are playing role for AUDITOR.
Best Regards
Imran
- SAP Managed Tags:
- Security
