cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security Audit Log for a particular user

Go to solution
sunny_pahuja2
Active Contributor

on ‎01-28-2011 7:31 AM

0 Kudos

Hi All,

I need to switch on the security audit log in the system because our auditor want to have security audit log for the users having sap_all and sap_new in the production environment. As far as I know we cannot switch on the audit log for particular user id's in the system. And if it is right then switching on the audit log for all users will impact the system performance at a great extent.

If anyone has some expert advice on this situation then please share your thoughts.

Thanks

Sunny

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

JPReyes
Active Contributor
‎01-28-2011 8:48 AM
0 Kudos

Hi Sunny

In my experience the security audit log cause no performance issues at all, the data is written to an external file so no additional datai is dumped on your DB.

Im actually not in front of my PC but im pretty sure you can play with the filter in SM19 and get something closer to your requirement.

Regards

Juan

Show replies
Show replies
sunny_pahuja2
Active Contributor
‎01-28-2011 9:14 AM
0 Kudos

Hi Juan,

Thanks for your reply.

You are right audit logs are written to external files. But the problem I have following problems:

1) If I need to record security audit logs for a set of users. Then there is no option in SM19 to define particular set of users. Either I can specify single user for all users.

2) If I am activating security audit logs then it will impact system performance because when user is doing some activity at same it is logging the changes so it will take some memory to do that which will impact performance if number of users will be high.

Thanks

Sunny

JPReyes
Active Contributor
‎01-28-2011 9:32 AM
0 Kudos

Most of activity recorded by SM20 can be obtained via STAD, ST03N and SUIM, disadvantage is that retention period is short and you might have to put the pieces together manually, but im sure you know that.

You also dont have to enable SM19 to record all the activities but if you are looking for specifics you can filter the rest out saving some unnecesary log writing. But again in my opinion Security audit doesn't cause mayor perfirmance issues.

Regards

Juan

former_member185031
Active Contributor
‎01-28-2011 9:51 AM
0 Kudos 
2) If I am activating security audit logs then it will impact system performance because when user is doing some activity at same it is logging the changes so it will take some memory to do that which will impact performance if number of users will be high.

I also believe the same, i had a long discussion on my Company that we should enable the Security log or not as it will create unnecessary performance issue, but till now it's more then 3 months i have not seen any memory issue or any increased run time with the Transaction. And Yes i have not selected all the Parameter which is available on SM19

Regards,

Subhash

sunny_pahuja2
Active Contributor
‎01-28-2011 10:02 AM
0 Kudos

Hi,

Thanks Juan and Subhash for your advice.

Last thing which I want to clarify is how can I define a set of users for which i want to activate security logs because in SM19 I don't find such option.

Thanks

Sunny

JPReyes
Active Contributor
‎01-28-2011 10:13 AM
0 Kudos

I don't think is possible to choose a user range, but digging I found that you can raise the number of filters and set 1 user per filter.

to raise the number of filters in SM19 use parameter rsau/selection_slots to a maximun of 10

Regards

Juan

JPReyes
Active Contributor
‎01-28-2011 10:19 AM
0 Kudos

Additional to that, you could force all your "SAP_ALL" users to logon to a specific instance and set SM20 only to record from that intance then you will isolate them a bit, It might not provide all answers but its an option if you have more than 10 Admin users.

Regards

Juan

Answers (0)

Ask a Question