cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Tracking user activity (including objects/records/data viewed)

former_member187483
Explorer

on ‎03-16-2011 11:14 AM

0 Kudos

Hello everybody,

I am looking for information regarding monitoring of user activities on the system.

I know the main instrument to achieve that is the security audit log (sm19/sm20) but that does not monitor the data user accesses to. I.E., they log the user launches transaction su01 (view/modify user data), for example, but not which user data he looks at.

Insufficient to get that are also STAD/STAT transactions too, maybe user trace st01 or st05 give that data?

Even in that case however a user trace would be very heavy on the performances and on the occupied disk space I think, so I am wondering, and asking all the experts, is if there are standard transactions to achieve the same, or maybe even external 3rd party programs.

Thank you

Marco Baiocco

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

markus_doehr2
Active Contributor
‎03-16-2011 1:14 PM
0 Kudos

> I know the main instrument to achieve that is the security audit log (sm19/sm20) but that does not monitor the data user accesses to. I.E., they log the user launches transaction su01 (view/modify user data), for example, but not which user data he looks at.

> Insufficient to get that are also STAD/STAT transactions too, maybe user trace st01 or st05 give that data?

> Even in that case however a user trace would be very heavy on the performances and on the occupied disk space I think, so I am wondering, and asking all the experts, is if there are standard transactions to achieve the same, or maybe even external 3rd party programs.

The question is: What is your purpose? You really wanna track ALL the data in all transaction of every user? I'm just wondering what is the value of the information that use X looks at SU01 data of user Y? For sensitive data (HR) this can be done and makes probably sense, but for business data I just wonder...

Markus

Show replies
Show replies
former_member187483
Explorer
‎03-16-2011 1:43 PM
0 Kudos

Hello,

Unfortunately that is not yet really clear even to me.

I have been passed a generic request to investigate upon tracking mechanisms: the customer wants to be able to know which user have made logon and on which data they have worked (in read only and in modification).

I guess this could imply sensitive data but possibly also business data.

If there is a solution for sensitive data, at least (btw su01 was just an example)?

Thank you

Marco

Edited by: MARCO BAIOCCO on Mar 16, 2011 2:44 PM

former_member187483
Explorer
‎03-16-2011 2:04 PM
0 Kudos

Hello again,

We have confirmation we're talking about business data. In this particular case, we're talking about "bank accounts" accessed by the employees.

Regards

Marco

markus_doehr2
Active Contributor
‎03-16-2011 2:06 PM
0 Kudos

> Unfortunately that is not yet really clear even to me.

I see...

> I have been passed a generic request to investigate upon tracking mechanisms: the customer wants to be able to know which user have made logon and on which data they have worked (in read only and in modification).

> I guess this could imply sensitive data but possibly also business data.

The question to be answered also is: Is it legal in the country to track all the user activity?

> If there is a solution for sensitive data, at least (btw su01 was just an example)?

I'm not really aware of any but Security Audit.

I would ask the customer what exactly he wants and what he plans to do with the data. There are SAP products (GRC) to help auditing and securing the system but first there must be a clean requirement to find out, which way to go.

Markus

former_member187483
Explorer
‎03-16-2011 3:18 PM
0 Kudos

Okay as I said previously,

The request is a little more generic than this, but for the moment what the customer is asking can be put this way:

- My employees in their daily job do access to several customer accounts. I want to be able to know when they log on/off and which accounts they work on, reading and modifying them.

Request that, by the way, should be absolutely legal.

I suspect that, in case this can be done successfully, the customer would ask for something more, i.e. maybe specific tables accessed, so if there is a "generic" and configurable tracking method this would be the best.

But for now let's just focus to the first request.

Thank you

Marco

former_member187483
Explorer
‎03-21-2011 4:49 PM
0 Kudos

The transaction to be monitored are KSB1 (Cost Centers: Actual Line Items) and FBL3N (G/L Account Line Items).

Is there a way to know who uses this transaction and which data he accesses each time?

Has anybody ever had experience with it?

Thanks

Marco

rajasekhar_matukumalli3
Active Participant
‎04-18-2012 3:57 PM
0 Kudos

Hi,

I have a similar requirement. Were you able to find any solution or tools?

Regards,

Raj

Former Member
‎04-25-2012 4:08 PM
0 Kudos

The audit logs will tell you which users run those transactions and when. As you already know, this doesn't tell you what those transactions were used to look at or modify.

You should be able to use change documents to find out what was created or modified within those transactions, and by which users.

I don't believe there is any standard way of tracking what data users just look at. That simply isn't logged anywhere. If this is critical, you can of course always modify the standard SAP transactions to log display access. It would need to be really, really important to embark on such a project, though.

Steve.

Ask a Question