02-11-2011 11:58 AM
Dear All,
I have an issue while checking usage of SAP* ID via SM20.
System does not allow me to select "=" sign in front of the ID. In consequence I receive a log of all IDs that start with SAP....
Please advise if there is a way to get a security log of usage of SAP* ID only?
Regards,
Michal
02-14-2011 2:18 PM
Hello Michal,
just search for events for user SAP#*
The hash character is an escape character in such dynpros.
Regards, Uwe
02-11-2011 3:44 PM
Michal,
I don't believe there is a way to select SAP* on it's own as it will see the * as a wildcard.
However, when you have the log, you can click on the block at the top of the column "User" and select "Sort in ascending order" or "Sort in descending order". This will then put them into sequence and you can see the items that you are specifically looking for.
Hope that helps
02-11-2011 4:42 PM
Hi Tony,
Thank you for prompt response, unfortunately I don't have "User" column that can be sorted. I need to click on single result line to enter details page that shows User information.
Best Regards,
Michal
02-11-2011 9:41 PM
Hi,
Basically SM20 audit log determines any check against S_TCODE or TSTCA for audit log and the changes stored in different tables comprising usage of user ids. But as you know SAP* is not in our class and gets checked only in kernel level. So, if you want to trace the usage of SAP* please try to create a separate filter for SAP* only and select the events to be recorded for SAP* only. Also make sure that SAP* related profile parameters are in action.
regards,
Dipanjan
02-11-2011 10:10 PM
Hi,
as it was said it's not possible with SM20. There is a logic for handling one star in user name. But you can use report RSAU_SELECT_EVENTS intead of SM20. It gives you more option to restrict selection.
Cheers
02-12-2011 7:11 PM
Read the documentation in RZ11 on rsau/user_selection.
It was exactly because of SAP* that it does an exact user name check. Someone seems to have relaxed this in your system without reading the docs...
If the log records only and exactly SAP* as an existing user master record, then you might not notice it if you are hacked this way!
--> rather change the other user ID's to named users and create a basic filter for all users.
Cheers,
Julius
02-14-2011 2:18 PM
Hello Michal,
just search for events for user SAP#*
The hash character is an escape character in such dynpros.
Regards, Uwe
02-15-2011 8:52 AM
Dear Uwe,
Thank you very much for your solution, it is working:).
Dear All,
Thank you for helping me with solving my issue, all your comments are very useful.
Best Regards,
Michał