Transaction SM20 - audit log detail

Former Member · ‎02-14-2012

When executing transaction SM20, detail such as transaction code and program name will be provided. Is it possible to get further detail? For example, when a user executes transaction PA20 for a particular employee, certain info type access is displayed for that employee. Using transaction SM20, from what I can tell, will only tell you that a particular user executed transaction PA20 but I can't tell for which employee or what info type. Is there any way to get this sort of detail? Is it available in any particular table?

Former Member · ‎02-14-2012

It depends on which transaction they started.

Some have change logs or even display logs.

HR has it's own special "auditing logs" (see the Audit Information System) and there is the option of the Object History DB for forensics (but sometimes you need a court order to be able to access it... )

Cheers,

Julius

Former Member · ‎02-15-2012

Thank you Julius for such a quick response. I have reviewed a number of different pieces of documentation related to the HR Audit Information System reports. All the information that I have found so far will report on the additions, modifications and deletions of data. However, what I am looking for is a way to see if someone actually accessed a particular employee record. I can tell via the audit logs if someone accessed a particular transaction but so far I have not found a way to see the detail of what the user actually saw. In this case they haven't actually changed anything, just viewed data but I don't know what they actually saw and would like to find a way to determine that.

I'll check to see what I can find by researching Object History DB

Shelley

Former Member · ‎02-15-2012

There is an MS Access DB on the SAPGui side and an option to record the same on the server side (report RSGOSHIRE or similar).

You could send the DB to SAP and ask them to send you the contents back again, but you will need a good explanation for this. I dont think SAP offers this as a normal support service...

Cheers,

Julius

mvoros · ‎02-15-2012

Hi,

in the worst case you could try to develop your custom solution. It really depends on quality of HR module. If most of the transactions use some standard FM to read info record then you could enhance it to log every access. It won't be bullet proof if some transaction does not use this FM but it should cover your basic scenarios. Maybe even better spot is to use BADI HRPAD00AUTH_CHECK. This BADI allows you to perform custom authorization check. So you could use this method just to log access. For both cases you have to be careful about performance implications.

Cheers

Former Member · ‎02-24-2012

Hi, the workload statistics database (see transactions ST03/ST03N) can provide further analysis behind transactions and reports ran. Locate the relevant transaction from the summary screen, this can be displayed per executing user and then you can drill down on further information such as CUA values and ok_codes (equating to button clicks, screen changes etc..).

Regards

Steve

ndomotor86 · ‎11-27-2020

Hi,

To check what transactions were run by which users please check the following KBA:
##2349134 - Check what Transactions were Run by which Users

Or you can check tx STAD but the data in STAD is available for 48 hours (if the default settings were not changed).

Best regards,

Norbert

stian_windsland2 · ‎11-16-2020

For this purpose, you have to use the SRALMONITOR. Then you can setup a matrix for logging read access. And not only in PA20, but same data in SE16 also.