Community
Technology Blog Posts by Members
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Creating and Managing DatabaseHits at your project level for Audit Logs in Cloud HANA

farihakazi
Active Contributor
‎2025 Feb 18 12:28 PM
0 Likes
7,823

In SAP HANA CockPit

Search for the Auditing Service                                                       

shariqueali2_0-1739949531143.png

 

Creating the new "DatabaseHits" Audit Policy

    1. Navigate to Audit Policies: Within the "Auditing" section, select "Audit Policies."
    2. Create New Policy:

Click "Create" to start defining a new audit policy. 

            farihakazi_4-1739877080690.png

    • Policy Name: Enter DatabaseHits.
    • Description: Provide a meaningful description, such as "Audit policy to track database hits and accesses for my project."

 Define Audit Conditions:

  • Actions: SELECT, INSERT, UPDATE, DELETE.
  • Object Type: TABLE.
  • Object Name: Specify specific tables/objects.                                                   

farihakazi_5-1739877270233.png

Configure Audit Trails:

    • Define the retention period for audit logs.     
                farihakazi_7-1739877335383.png

Select the relevant schema after checking in DB explorer

farihakazi_1-1739880020103.png

 

Activate Policy:

  • Save the new audit policy.
  • Ensure the policy status is "Active.

When you execute a query in DB explorer you can view the logs:farihakazi_8-1739878700584.png

 

To integrate this logs in your Project - Create User and Role:

 

 

CREATE USER ISUSUSER PASSWORD "Welcome1234" SET USERGROUP DEFAULT;

ALTER USER ISUSUSER DISABLE PASSWORD LIFETIME;

CREATE ROLE DBROLE;

GRANT SELECT, EXECUTE, SELECT METADATA ON SCHEMA "DBADMIN" TO DBROLE WITH GRANT OPTION;

GRANT DBROLE TO ISUSUSER WITH ADMIN OPTION;

 

 

Bind the Service: Use the Cloud Foundry CLI to create a user-provided service:

 

 

cf cups DBCS_ACCESS -p "{\"user\":\"ISUSUSER\",\"password\":\"Welcome1234\",\"tags\":[\"hana\"],\"schema\":\"DBADMIN\"}"

 

 

Addition of grants file in project db/cfg path

 

 

{

    "DBCS_ACCESS": {

      "object_owner" : {

        "roles" : ["DBROLE" ]

      },

      "application_user" : {

        "roles" : ["DBROLE" ]

      }

    }

  }

 

 

Addition of hdbsynonym file(audit_log.hdbsynonym) at db/src to expose the audit log table held in the Admin schema

 

 

{

  "APP_INTERACTIONS_AUDIT_LOG": {

    "target": {

      "object": "AUDIT_LOG",

      "schema": "SYS"

    }

  }

}

 

 

Addition of the Audit_Log entity in .cds file with the annotation persistence.exists. Please refer to the screenshot below :

farihakazi_1-1739876911915.png

Finally exposing the entity as an ODATA service in the service catalog file interactions-srv.cds

farihakazi_2-1739876951153.png

Now this entity can be used in your UI application to view specific logs about your particular project.

For e.g we created a Auditlog tile and used the oData : 

farihakazi_2-1739881125241.png