2016 Sep 13 10:22 PM
I finally had time to look at RAL in a 7.40 SP7 system. Based on my one hour deep dive into the solution, it looks like every ABAP program and field needs to be manually added to the recording before it can be used as basis of logging configuration. We would like to enable logging for a specific user / list of users, for all ABAP programs and fields. Is there a way to achieve that?
2016 Sep 16 2:09 PM
Hello Samuli,
you are right, every field that you consider to be needed for a configuration needs to recorded in advance. First you define all fields which contain sensitive data, then you record them and finally you can use the recorded fileds and programms to do configurations based on them. We don´t have the possibiliy to record all fields and programms based on a user or user list. This would record to many data and the system would slow down. Read Access Logging is ment for recording the access to sensitive data and not to record all the steps a user takes.
I hope this answer helps to understand the way the Programm works.
If there are further questions, please let me know.
Kind regards,
Jürgen
2016 Sep 16 2:09 PM
Hello Samuli,
you are right, every field that you consider to be needed for a configuration needs to recorded in advance. First you define all fields which contain sensitive data, then you record them and finally you can use the recorded fileds and programms to do configurations based on them. We don´t have the possibiliy to record all fields and programms based on a user or user list. This would record to many data and the system would slow down. Read Access Logging is ment for recording the access to sensitive data and not to record all the steps a user takes.
I hope this answer helps to understand the way the Programm works.
If there are further questions, please let me know.
Kind regards,
Jürgen
2016 Sep 16 2:18 PM
Hi Juergen,
first of all thanks for a very good presentation. Unfortunately having followed all the steps there with one change, namely going with a standard Dynpro instead of Web Dynpro, one could not see anything in RAL Monitor.
I have recorded the transaction BP and made sure that RAL is enabled in the client and also the configuration is active. I have recorded the business partner number and the identification number on one of the tabs.
Unfortunately there is nothing after searching for entries for raw (also for extended) database.
Have you guys no problems with logging Dynpro? I know that BP is based on BDT framework. Is this the source of the problem?
Best regards,
Pawel
2016 Sep 16 3:30 PM
Hi Juergen. Thank you for confirming that. It's disappointing, we still don't have the means to log all actions taken by a single or selected individuals without having logging on for everyone in the system which would definitely slow down the entire system and cause huge data growth.
I think it wouldn't be a significant change to the design to allow wildcards in the tables listing the programs and fields to be recorded and adapt the code for the same. Please do consider it for future versions.
If you want the business case, it is for recording firefighter activities, e.g. granting SAP_ALL and making sure that only those activities are performed which were signed off.