cancel
Showing results for 
Search instead for 
Did you mean: 

How can we audit who accessed our production environment?

amanda_burton
Participant

A change was made in our production environment without our approval and/or awareness. On 6/29/23 a change was made in the platform feature settings to enable the username on the people profile header. We have engaged SAP Support and are unable to tell us or provide us with a report that tells us who accessed our environment on a particular date and applied a change. This is very concerning since it occurred in our production environment. The change audit report titled Feature Settings Audit Report when ran provides no results. This report needs to be looked into as it is not working properly or at least I would expect the report to audit any platform feature settings changes based upon the description "Create a change audit report for changes in feature settings." The other ad hoc report "How to generate user login data report" did not detect any SF Admin (support id) entering our system on 6/29/23. You can find info to that ad hoc report in KBA 2298105. The other KBA created that reflects this specific system limitation is KBA 3152567. 

Have any customers faced this issue before? If so, how were you able to identify who applied a change in a certain area of the platform? 
Enhancement request 306613 Audit to Manage Support Access (https://influence.sap.com/sap/ino/#/idea/306613) has been submitted. Please, please go vote for it because all companies should be able to audit or run a report to know who accessed their production environment and applied a change whether or not the change was given approval. 

faresabbes
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi @amanda_burton thank you for providing a full context and details. One question though, would you be able to share a little bit more on the change that was made?  Enabling the username on the people profile was on provisioning side or directly via a UI setting? There are various types of change audit reports and depending on the change it may be captured differently. Thank you.

Accepted Solutions (0)

Answers (1)

Answers (1)

FrankZhang
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi @amanda_burton ,

Normally, if you cannot find any related logs through the self-service tool, you can raise a case and engage our SAP Support. We can attempt to retrieve these logs from our internal Splunk system. We have located the relevant logs related to this change in our system and will share them with you via email shortly.

Meanwhile, we will continue to enhance our product to include more logs covered by the self-service tool. For instance, we have a roadmap to support a self-service secondary login audit report, which is planned for release in 2024.

Thanks, Frank