Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

SAP GRC 10 EAM Log Issue

Hi Experts,

I am configuring SAP GRC10 EAM for my client. I am running into an issue where not all FFID log information is being captured. The only information that is currently showing in the Consolidated Log Report are the security transaction codes that have been accessed and security changes that have been made (adding/removing roles from a user master record). The Firefighter Log Summary Report shows that the ID was being used and logged in with (shows reason code and time of login). The Reason Code and Activity Report also shows that the ID was being used and logged in with (shows reason code and time of login). The Transaction Log and Session Details does show any information. This is only happening in our QA ECC environment (as it is capturing all relevant information in our development environment).

Please see below for system information:

  • I have set the GRAC_SPM_LOG_SYNC_UPDATE job to run every 10 minutes for the QA ECC system; also, I am running the sync on in NWBC prior to generating the reports.
  • I have set the GRAC_ACTION_USAGE_SYNC job to run nightly for the QA ECC system. I have also ran this
  • I have set the following parameters in the GRC system:
    • 4003 - Yes
    • 4004 - Yes
    • 4005 - Yes
    • 4006 - Yes
  • I have set the following parameters for the plugin in the GRC system:
    • 1000, 1, QECCLNT500
    • 1001, 0, DGRCLNT100
    • 1089, 1, 1
    • 1090, 4, EG100_0000
  • The CDHDR and CDPOS tables are only showing the change updates for security updates when filtered on the fire fighter IDs
  • STAD is empty
  • SM19 filters have been set to * for all selections
  • SM21 is showing entries
  • SM20 is showing empty
  • SM49 is showing entries
  • Timezones are in sync
  • The following parameters in RSPARAM have been set:
    • rsau/max_diskspace/local - 100M

    • rsau/enable - 1

Would this be an issue on the GRC side or the ECC side? If on the ECC side, how would I be able to fix this issue? Any information would help! Thanks.

Paul

Tags:
Former Member
Former Member replied

Paul,

Your SM20 logs should show the t-codes executed.

As you are on SP13 then you already have fix provided in sap note 1775432 but you will need to check the additional authorizations required for RFC user as mentioned in this note.

CJ

0 View this answer in context
Not what you were looking for? View more on this topic or Ask a question