Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Extracting detailed information on auditing

Former Member
0 Kudos

Hi guys,

My ECC system is based on SAP ERP 6.0 EHP6. I want to activate auditing such that I get detailed information on user transactions (t-codes) and values he has entered in these transactions. I've activated auditing using SM19 but it gives only t-codes run by the users. I can do an sql trace (ST05) which shows the values entered by user etc but I guess the trace cannot be run for too long.

1) Is it possible/advisable to run the ST05 for long period like SM19?

2) Is there some alternative to activating auditing thru SM19 that will give more details than the t-codes run by the user?

regards.

12 REPLIES 12

Former Member
0 Kudos

SM20/Sm19 is the way to audit user activity.

You should not activate ST05 or any other trace for longer as this will fillup the directory.

You can enable table logging for import table to track the changes. Do not enable for all the tables.

jimguo
Advisor
Advisor
0 Kudos

Hi,

Please review note 139418.

Thanks.

Jim

Former Member
0 Kudos

Hi,

Once you know the transaction you want to monitor, you can frequently find the detailed data through the relevant change records for those transactions e.g. CDHDR, EDPOS etc.  That is for business transactions - it does depend what you are after.

martin_voros
Active Contributor
0 Kudos

HI,

there is also new product call RAL by SAP. I haven't played with it yet.

Cheers

0 Kudos

Thanks guys for yr replies.

Sunil, I've eliminated logging thru ST05. I may consider table logging but need to investigate...

Jim,

The note dates back to year 2000 but is still ok. But I want to know whether SM19 records more details than just the t-code run by the users.... because it seems to me that only the t-code and some basic details are recorded. I would have liked to get the t-code plus any values entered within the screens by the user. For example, if a user queries a Business Partner number under t-code FPL9 (I'm referring to TRM module), then I would've liked to get FPL9 as the t-code and the BP number too.

Alex,

The table CDHDR indeed gives some additional details. I want to know in what cases, SAP writes into this table....when doing changes or when viewing data also? What about EDPOS? How to view it?

Martin,

RAL indeed seems a good solution. SAP has said that RAL will be made available thru Support Packages in older NW versions but they're still working on it.

regards.

0 Kudos

Hi Martin,

I just used this RAL tools its nice one to get audit logs from the production.It is also eliminate hurdles.

0 Kudos

Hi,

Those records are change records so SAP will write when something is changed and only when it is instructed to write the record.  For more detail on every change table you will have to investigate further yourself.

As has been mentioned previously  to identify what has been read will require customisation or use of RAL.

What is the requirement driving this? Are you looking for information at a forensic level?

0 Kudos

Hi,

thanks for sharing your experience. So do you think that it's a right tool and it addresses requirement mentioned by Suraj?

Thanks

0 Kudos

Hi Martin,.

I am not getting the exact report as Suraj mentioned, but i have solved most audit queries by the RAL.

0 Kudos

Hi all,

Alex,

My organization holds lots of confidential information on individuals and companies. So we have an Audit team here that would like to extract information at specific times to see who is accessing what data and also we need audit data for compliance purposes.

RAL seems a good tool because there we can identify the fields holding sensitive values and configure the logging of these fields. So I need to investigate further in RAL.

Any other suggestions/comments?

regards.

0 Kudos

HI Suraj,

I think there is no exact table or report or file exists in the SAP system for your mentioned audit query. We can take the logs and of logins, t-code exicutions,Tr movements etc. If you want to go for the exact you may need to write a SQL query or Access work to combine various tables and reports. This may helpful to you.

Former Member
0 Kudos

This message was moderated.