cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

[BO Audit] Usergroups and ACLs

Former Member

on ‎09-15-2015 9:41 AM

0 Kudos

Hi there,

we are trying to work on a proper auditing on rights.

We've come pretty far, but when we try to get information on ACL-assignments to Object+Users/Usergroups , we hit a wall.

Here is an example of what is logged in the Audit-DB when changing a folders security-settings by adding the User-Group (121312) with ACL (ID 121319):

Colums: (Date;Event_ID;Event_Type(Ändern=Change);Event_Detail_Type;Bunch;Event_Detail_Value;Object_Type;Object_Name)

While we can track down the ID of the ACL (121319), it seems not possible to get any info on the user/usergroup-side of this. We tried to make sense out of the entry "4:4QHZ4OwB2ec" but failed since it is neither ID nor CUID of the Usergroup.

Of course it is possible to track changes to the rights within an ACL, and changes to a usergroup. But there seems to be no link between those two, which we find unprobably.

Can anyone help with this? We cant believe there is no sufficient logging of these kind of changes.

Thank you for your assistance and best regards

Fabian

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎10-05-2015 12:00 PM
0 Kudos

It looks like this is indeed a lack of funcitonality in BO. Feel free to vote on this topic in the ideas place: BO Audit for ACL assignments : View Idea

Show replies
Show replies
former_member232398
Discoverer
‎09-28-2015 7:08 AM
0 Kudos

Hey there,

a week has gone by and I still have not even a clue on where in the AuditDB is the information between Objects ACLs and Users.

It sort of renders BO Audit (for rights) useless if there are only direct assignments of rights in the audit db, that can't be it. Right?

Thanks for any input. :3

Show replies
Show replies
former_member216148
Active Participant
‎09-28-2015 8:39 AM
0 Kudos

Hi. Please check this link.

[BO Audit] Usergroups and ACLs | SCN

Warm Regards

Saad

former_member232398
Discoverer
‎09-30-2015 6:12 AM
0 Kudos

Hi.

Thank you for the link but it leads to this exact thread - which is not resolved at all.

Best Regards

Robert

former_member232398
Discoverer
‎09-21-2015 6:28 AM
0 Kudos

Hi there,

also very much interested in this.

@SAP: Could we get an official statement on how to report on ACL assigments etc.?

Thanks a lot

Best Regards

Robert

Show replies
Show replies
former_member182521
Active Contributor
‎09-15-2015 10:23 AM
0 Kudos

I don't think it is possible as there is no specific entry in Audit enabling page itself to identify the rights/Access level change for a particular User/UserGroup. However we can confirm this only after official confirmation from SAP.

Thanks

Mani

Show replies
Show replies
Former Member
‎09-15-2015 10:48 AM
0 Kudos

Hi Mani,

thanks for your reply! I still have hope the information is somehow encoded in the "4:4QHZ4OwB2ec"-Entry. I can hardly believe there is no sufficient auditing on this as it is the most important type of rights manipulation in most BO-systems I know.

Fabian

former_member182521
Active Contributor
‎09-15-2015 10:56 AM
0 Kudos

If you havent get any clue, Try to search for the encoded value in CMS_Infoobjects7 table in your CMS database. Atleast you will get the SI_ID of the object from there if it matches.

Thanks

Mani

Ask a Question