Application Development Blog Posts
Learn and share on deeper, cross technology development topics such as integration and connectivity, automation, cloud extensibility, developing at scale, and security.
cancel
Showing results for 
Search instead for 
Did you mean: 
kirill_smirnov
Explorer
0 Kudos
396

During the recent implementation of SAP Read Access Logging, that our client will be using to log personal data access, we have encountered a small gap. In our current SAP NetWeaver version, search-helps logging is not supported. That means, that if a person looking for some sensitive information (phone number, for example), uses a search-help instead of going directly to customer master transaction, these actions will not be logged.

To fill this gap, the following has been developed:

- Single screen program that outputs a generic table using a table control.

- Transaction attached to this program

- Simple class that calls this transaction in background mode using very simple BDC

- Implicit enhancement of the standard function module( 'DD_SHLP_GET_HELPVALUES') to pass data to this transaction.

- Custom table that contains search help names relevant to RAL logging

RAL recording that contains every field of the generic table has also been created.

Eventually, when someone receives a search-help output, the following happens:

1. Data is passed to the custom transaction in background mode before search-help output is displayed.

2. RAL logging is triggered, values are being recorded to RAL Raw Database

However, some caution should be exercised with this approach - every search-help call might generate hundreds if not thousands of records. Thus said, if there is a requirement to log search-helps output using RAL, it will be a good idea to explicitly specify the elementary search-helps that contain sensitive data and avoid logging everything.

Labels in this area