Application Development Blog Posts
Learn and share on deeper, cross technology development topics such as integration and connectivity, automation, cloud extensibility, developing at scale, and security.
Showing results for 
Search instead for 
Did you mean: 
Data Protection and Privacy has been in news since the GDPR came into effect. There are certain Product Standards which SAP has mapped with Data Protection and Privacy requirements. RAL i.e. Read Access Logging is one of them. This document talks about the implementation procedure for Security Standard - 254.

As per GDPR regulations, all SAP software's should be capable of logging read access of sensitive personal data.

Let's take an example to understand Read Access Logging. Every bank employs customer care executives to deal with customers queries. The answer of the query might require to access sensitive personal data as well by the bank employee. Bank employees are supposed to access the sensitive data of any customer only if they authorize them to access. To prevent the misuse of such data from outside world, Bank management would like to see mainly two things -

  • Who accessed the Sensitive Personal data of customers and

  • What all Sensitive Personal data accessed by an employee

The Read Access Logging framework can thus be used to fulfill legal or other regulations, to detect fraud or data theft, for auditing purposes, or for any other internal purpose.

Let's discuss to understand the RAL framework and its implementation in detail.




When monitoring the Read Access Log, you can view data not only from the same client, but also from other clients, even from other systems. Instead of needing to log on to SRALMANAGER in each client to view the logs, you can view them using one system.

You use the read access log for evaluation purposes. In it, all log entries as well as all errors that occurred in Read Access Logging are displayed. There are four data sources from which you can display log entries:

• Raw Database - Only contains the Read Access Logging data of the current client.

• Expanded Database (default) - Can contain the Read Access Logging data of the current client as  well as other clients.

• Raw Archive - Archive of the Raw database.

• Raw Archive with Index - Indexed archive of the Raw database

1 Comment
Labels in this area