https://community.sap.com/t5/devops-and-system-administration-forum/security-audit-log-for-user-specific-and-table/m-p/12683837#M2293 <P>Hi @<SPAN class="mention-scrubbed">cravisap</SPAN> , </P><P>What you want to achieve is not possible by security audit log (standard) events only. I'd either require:</P><P>1. A correlation of security audit log events with events recorded in DBTablog (Table change log - requires the table to be activated for logging). For example: SAL Event -&gt; User starts SE16N and subsequentially DU9 event for the loaded table and susequential record edits for the table. This is one of many possible use cases with different possible event sources. </P><P>2. Implement BAdIs and user exists where necessary to log custom SAL events as per note 1941568.</P><P>3. Adressing such events on the user's endpoints for example with EDR tooling</P><P>4. A combination of 1 too 3</P><P>Certain SAP security solution and service providers (like us at <A href="https://www.no-monkey.com/" target="_blank">NO MONKEY</A> ) provide consultancy and training for such detection scenarios and can guide through the process of implementing such capabilities. </P><P>As a general advice: Start with understanding and model your threats and attack surface first to decide on a meaningful prioritization to implement detection capabilities. </P><P>BR</P><P>Marco</P> Tue, 11 Apr 2023 09:56:41 GMT marco_hammel2 2023-04-11T09:56:41Z https://community.sap.com/t5/devops-and-system-administration-forum/security-audit-log-for-user-specific-and-table/m-p/12683833#M2289 <P>Hi,</P> <P>I would like to activate the security audit log for a set of tables user specific. Is it possible in SM19? If yes, which option i would need to select.</P> <P>Does it capture the changes in DBTABLOG or any other table available?</P> Mon, 10 Apr 2023 01:34:18 GMT https://community.sap.com/t5/devops-and-system-administration-forum/security-audit-log-for-user-specific-and-table/m-p/12683833#M2289 former_member850355 2023-04-10T01:34:18Z https://community.sap.com/t5/devops-and-system-administration-forum/security-audit-log-for-user-specific-and-table/m-p/12683834#M2290 <P>Hello <SPAN class="mention-scrubbed">cravisap</SPAN>,</P><P>Please check transaction AUT10 if it's works for you.</P><P>Regards,</P><P>Neeraj Jain </P> Mon, 10 Apr 2023 01:49:19 GMT https://community.sap.com/t5/devops-and-system-administration-forum/security-audit-log-for-user-specific-and-table/m-p/12683834#M2290 Neeraj_Jain1 2023-04-10T01:49:19Z https://community.sap.com/t5/devops-and-system-administration-forum/security-audit-log-for-user-specific-and-table/m-p/12683835#M2291 <P>Hi Neeraj,</P><P>Thank you for sharing the information. I do not have AUT10 tcode in my system. I am using SAP BW on oracle system.</P><P>I tried to check the data in SCU3 which would display all the data logs especially what data has been changed.</P><P>I want to capture the log data for a user specific for a list of tables. For instance, i have 100 users with 1000 tables.</P><P>I want to capture USER10 manual activity on TABLE05 data. I dont want to capture all the users information. How to configure it.</P> Mon, 10 Apr 2023 02:13:43 GMT https://community.sap.com/t5/devops-and-system-administration-forum/security-audit-log-for-user-specific-and-table/m-p/12683835#M2291 former_member850355 2023-04-10T02:13:43Z https://community.sap.com/t5/devops-and-system-administration-forum/security-audit-log-for-user-specific-and-table/m-p/12683836#M2292 <P>Please refer below SAP help link if it works:</P><P><A href="https://help.sap.com/docs/SAP_NETWEAVER_740/56bf1265a92e4b4d9a72448c579887af/6c57bf393b57ac22e10000000a11402f.html?locale=en-US" target="test_blank">https://help.sap.com/docs/SAP_NETWEAVER_740/56bf1265a92e4b4d9a72448c579887af/6c57bf393b57ac22e10000000a11402f.html?locale=en-US</A></P> Mon, 10 Apr 2023 02:18:33 GMT https://community.sap.com/t5/devops-and-system-administration-forum/security-audit-log-for-user-specific-and-table/m-p/12683836#M2292 Neeraj_Jain1 2023-04-10T02:18:33Z https://community.sap.com/t5/devops-and-system-administration-forum/security-audit-log-for-user-specific-and-table/m-p/12683837#M2293 <P>Hi @<SPAN class="mention-scrubbed">cravisap</SPAN> , </P><P>What you want to achieve is not possible by security audit log (standard) events only. I'd either require:</P><P>1. A correlation of security audit log events with events recorded in DBTablog (Table change log - requires the table to be activated for logging). For example: SAL Event -&gt; User starts SE16N and subsequentially DU9 event for the loaded table and susequential record edits for the table. This is one of many possible use cases with different possible event sources. </P><P>2. Implement BAdIs and user exists where necessary to log custom SAL events as per note 1941568.</P><P>3. Adressing such events on the user's endpoints for example with EDR tooling</P><P>4. A combination of 1 too 3</P><P>Certain SAP security solution and service providers (like us at <A href="https://www.no-monkey.com/" target="_blank">NO MONKEY</A> ) provide consultancy and training for such detection scenarios and can guide through the process of implementing such capabilities. </P><P>As a general advice: Start with understanding and model your threats and attack surface first to decide on a meaningful prioritization to implement detection capabilities. </P><P>BR</P><P>Marco</P> Tue, 11 Apr 2023 09:56:41 GMT https://community.sap.com/t5/devops-and-system-administration-forum/security-audit-log-for-user-specific-and-table/m-p/12683837#M2293 marco_hammel2 2023-04-11T09:56:41Z