Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Find a Culprit

ranjeetrajendra_jain
Active Contributor
0 Kudos
165

Hiya

I want to trace a culprit who is trying to delete the my customization data..

He/she has deleted my ent. stc, and now yesterday my credit control area was deleted......

Please help my to find that _ _ _ ..

Regards..

1 ACCEPTED SOLUTION

Former Member
0 Kudos
118

Hi Ranjeet!

There are many reports in the change documents by the SUIM, you can have analyze data for the users, roles assignment, profile and authorization.

As i understand from your question that customization data is deleted. you can have many options to analyze.

check the system log by the SM21

check the transport request against of your customized data deleted

you can enable security audit log by the sm20/sm19 to analyze the further log.

REgards

Anwer Waseem

SAP BASIS

7 REPLIES 7

Former Member
0 Kudos
118

Hi,

Please use SUIM to find who has changed the access of your account.

SUIM -- change documents - For users.

You can also use SM19 and SM20.

Regards,

Imran

Former Member
0 Kudos
119

Hi Ranjeet!

There are many reports in the change documents by the SUIM, you can have analyze data for the users, roles assignment, profile and authorization.

As i understand from your question that customization data is deleted. you can have many options to analyze.

check the system log by the SM21

check the transport request against of your customized data deleted

you can enable security audit log by the sm20/sm19 to analyze the further log.

REgards

Anwer Waseem

SAP BASIS

0 Kudos
118

1.) changes in customizing will not appear in syslog (SM21)

2.) transport requests will only show the culprit if the system is set to 'transport request for changes' in tx. SCC4

3.) SM19 and SM20 will not work, because you have to set these transactions to monitor (up to 16) users which you must name - this would mean, he knows who it is already, so why search?

i would suggest you check in tx. RZ10 whether the parameter rec/client is alredy set. if not, set it and restart the instance. all changes to customizing tables will then be recorded. refer to note 1916 for details and search service.sap.com/notes for other notes on the topic. the protocols can be evaluated using tx. SCU3.

Former Member
0 Kudos
118

If the logging mentioned by Mylene is not active, you could try to search for the report generated by the maintenance view and see who used it (in addition to your self).

If you are the only person... no, user ID... who has used it, then it will become more difficult.

Cheers,

Julius

PS: Have you been doing any cross-system or cross-client customizing comparisons to this client...?

Former Member
0 Kudos
118

Any update on this issue? I'm curious to see if you got the culprit FIRED!

0 Kudos
118

actually we don't have the MDM tracking implemented and was in process of getting help to implement the same i am also trying other options but for now i working working of fixing the server then finding him....

but will eventually and keep it posted

Thanks for your concern

Regards

Ranjeet

Former Member
0 Kudos
118

Hi,

You can view the change history of auths in table UST12 using SE16.