on 03-16-2011 11:14 AM
Hello everybody,
I am looking for information regarding monitoring of user activities on the system.
I know the main instrument to achieve that is the security audit log (sm19/sm20) but that does not monitor the data user accesses to. I.E., they log the user launches transaction su01 (view/modify user data), for example, but not which user data he looks at.
Insufficient to get that are also STAD/STAT transactions too, maybe user trace st01 or st05 give that data?
Even in that case however a user trace would be very heavy on the performances and on the occupied disk space I think, so I am wondering, and asking all the experts, is if there are standard transactions to achieve the same, or maybe even external 3rd party programs.
Thank you
Marco Baiocco
> I know the main instrument to achieve that is the security audit log (sm19/sm20) but that does not monitor the data user accesses to. I.E., they log the user launches transaction su01 (view/modify user data), for example, but not which user data he looks at.
> Insufficient to get that are also STAD/STAT transactions too, maybe user trace st01 or st05 give that data?
> Even in that case however a user trace would be very heavy on the performances and on the occupied disk space I think, so I am wondering, and asking all the experts, is if there are standard transactions to achieve the same, or maybe even external 3rd party programs.
The question is: What is your purpose? You really wanna track ALL the data in all transaction of every user? I'm just wondering what is the value of the information that use X looks at SU01 data of user Y? For sensitive data (HR) this can be done and makes probably sense, but for business data I just wonder...
Markus
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
Unfortunately that is not yet really clear even to me.
I have been passed a generic request to investigate upon tracking mechanisms: the customer wants to be able to know which user have made logon and on which data they have worked (in read only and in modification).
I guess this could imply sensitive data but possibly also business data.
If there is a solution for sensitive data, at least (btw su01 was just an example)?
Thank you
Marco
Edited by: MARCO BAIOCCO on Mar 16, 2011 2:44 PM
> Unfortunately that is not yet really clear even to me.
I see...
> I have been passed a generic request to investigate upon tracking mechanisms: the customer wants to be able to know which user have made logon and on which data they have worked (in read only and in modification).
> I guess this could imply sensitive data but possibly also business data.
The question to be answered also is: Is it legal in the country to track all the user activity?
> If there is a solution for sensitive data, at least (btw su01 was just an example)?
I'm not really aware of any but Security Audit.
I would ask the customer what exactly he wants and what he plans to do with the data. There are SAP products (GRC) to help auditing and securing the system but first there must be a clean requirement to find out, which way to go.
Markus
Okay as I said previously,
The request is a little more generic than this, but for the moment what the customer is asking can be put this way:
- My employees in their daily job do access to several customer accounts. I want to be able to know when they log on/off and which accounts they work on, reading and modifying them.
Request that, by the way, should be absolutely legal.
I suspect that, in case this can be done successfully, the customer would ask for something more, i.e. maybe specific tables accessed, so if there is a "generic" and configurable tracking method this would be the best.
But for now let's just focus to the first request.
Thank you
Marco
The audit logs will tell you which users run those transactions and when. As you already know, this doesn't tell you what those transactions were used to look at or modify.
You should be able to use change documents to find out what was created or modified within those transactions, and by which users.
I don't believe there is any standard way of tracking what data users just look at. That simply isn't logged anywhere. If this is critical, you can of course always modify the standard SAP transactions to log display access. It would need to be really, really important to embark on such a project, though.
Steve.
User | Count |
---|---|
78 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.