cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Need some information about Audit log.

Go to solution
former_member196331
Active Contributor

on ‎09-22-2016 8:43 AM

0 Kudos

Hi,

Need some help from your side.

With my user, Two people Can login, one is myself  and other one is some body working in other location.

The thing is with the my user id they deleted the Audit log files.  So, after that, my basis person has identified that with my User Id they deleted the

Audit log files.

With my user i/Other can able to  access SM19/SM20.

May i know how the person was delete the Audit log. By using which t codes/Standard program the person was delete the files.

With my user id i am using the below function module

RSAU_CLEAR_AUdit_LOG But saying that no authorization.

But by debugging we can change the return parameters. So, the person can able to delete it using the function module.

Note:After the incident  To my Userid Restrict the Tcodes SM19/SM20

1)How Did the person delete the audit log, other possible ways, If i know i can restrict the users.

2)Can i able to get the Audit log details after delete the files , Any other tables some other place.

  Need Valuable Suggestions.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

kaus19d
Active Contributor
‎09-27-2016 7:00 PM
0 Kudos

Hi ,

Note that deletion of Audit logs i possible through SM19 & SM20. To check authorisation level can use SUIM. The thing is you got to understand here is that SAP here is a software. It does not have a camera to recognise the User Id used by you or your colleague obviously as it can not see. If your colleague has deleted, that means, its gone & it would be better if you do not run a backup to restore your database for this kind of small issue.

Also for security can do transaction level authorization by using the report RSUSR050

For further matter to be cautious, what I can suggest is that you can enable tracing of your user Id in ST05 & also through sm19/sm20. But this tracing might generate additional log files for the BASIS person.

Also better lock the PFCG & SU01 & SU3 for your own user id. Best is that you do not share your User Id login details.

So, this is what you might get to an extent, given your current situation.

Hope you have got the answer what exactly you have been looking for. Please do let us know if you are looking anything more in particular.

Thanks,

Kaushik

Show replies
Show replies

Answers (0)

Ask a Question