01-31-2014 2:23 PM
Hi guys,
My ECC system is based on SAP ERP 6.0 EHP6. I want to activate auditing such that I get detailed information on user transactions (t-codes) and values he has entered in these transactions. I've activated auditing using SM19 but it gives only t-codes run by the users. I can do an sql trace (ST05) which shows the values entered by user etc but I guess the trace cannot be run for too long.
1) Is it possible/advisable to run the ST05 for long period like SM19?
2) Is there some alternative to activating auditing thru SM19 that will give more details than the t-codes run by the user?
regards.
01-31-2014 2:32 PM
SM20/Sm19 is the way to audit user activity.
You should not activate ST05 or any other trace for longer as this will fillup the directory.
You can enable table logging for import table to track the changes. Do not enable for all the tables.
02-02-2014 5:49 AM
02-02-2014 8:08 PM
Hi,
Once you know the transaction you want to monitor, you can frequently find the detailed data through the relevant change records for those transactions e.g. CDHDR, EDPOS etc. That is for business transactions - it does depend what you are after.
02-02-2014 10:53 PM
02-04-2014 10:24 AM
Thanks guys for yr replies.
Sunil, I've eliminated logging thru ST05. I may consider table logging but need to investigate...
Jim,
The note dates back to year 2000 but is still ok. But I want to know whether SM19 records more details than just the t-code run by the users.... because it seems to me that only the t-code and some basic details are recorded. I would have liked to get the t-code plus any values entered within the screens by the user. For example, if a user queries a Business Partner number under t-code FPL9 (I'm referring to TRM module), then I would've liked to get FPL9 as the t-code and the BP number too.
Alex,
The table CDHDR indeed gives some additional details. I want to know in what cases, SAP writes into this table....when doing changes or when viewing data also? What about EDPOS? How to view it?
Martin,
RAL indeed seems a good solution. SAP has said that RAL will be made available thru Support Packages in older NW versions but they're still working on it.
regards.
02-04-2014 2:48 PM
Hi Martin,
I just used this RAL tools its nice one to get audit logs from the production.It is also eliminate hurdles.
02-04-2014 3:27 PM
Hi,
Those records are change records so SAP will write when something is changed and only when it is instructed to write the record. For more detail on every change table you will have to investigate further yourself.
As has been mentioned previously to identify what has been read will require customisation or use of RAL.
What is the requirement driving this? Are you looking for information at a forensic level?
02-04-2014 9:42 PM
Hi,
thanks for sharing your experience. So do you think that it's a right tool and it addresses requirement mentioned by Suraj?
Thanks
02-05-2014 4:19 AM
Hi Martin,.
I am not getting the exact report as Suraj mentioned, but i have solved most audit queries by the RAL.
02-05-2014 6:29 AM
Hi all,
Alex,
My organization holds lots of confidential information on individuals and companies. So we have an Audit team here that would like to extract information at specific times to see who is accessing what data and also we need audit data for compliance purposes.
RAL seems a good tool because there we can identify the fields holding sensitive values and configure the logging of these fields. So I need to investigate further in RAL.
Any other suggestions/comments?
regards.
02-05-2014 7:36 AM
HI Suraj,
I think there is no exact table or report or file exists in the SAP system for your mentioned audit query. We can take the logs and of logins, t-code exicutions,Tr movements etc. If you want to go for the exact you may need to write a SQL query or Access work to combine various tables and reports. This may helpful to you.
02-10-2014 7:07 AM