Question: Hello to everybody. I want to know if is there any way to logging all customizing activities. I want to know all information of any customization activity by SPRO.
Answer:
What's wrong with just giving the access to trusted, responsible individuals only?
Answer:
What's wrong with just giving the access to trusted, responsible individuals only?
Trust is good, control is better...
Activate the tables for table change logging in RZ11 param REC/CLIENT = ALL
For the changes from transaports (i.e. table was maintained in a different system), you need to activate the same param in the transport profile RECCLIENT = ALL.
You can then use the change log option in SPRO or SCU3.
Regards,
Ned
Answer:
What's wrong with just giving the access to trusted, responsible individuals only?
Trust is good, control is better...
Activate the tables for table change logging in RZ11 param REC/CLIENT = ALL
For the changes from transaports (i.e. table was maintained in a different system), you need to activate the same param in the transport profile RECCLIENT = ALL.
You can then use the change log option in SPRO or SCU3.
Regards,
Ned
I think we are agreeing on the same principle. Only giving access to those individuals who are responsible for the tasks.
When you have a large number of individuals who can make these changes, then I agree with the requirements for recording their actions, however imo the best solution is to strictly control access to customising to appropriate individuals. In my experience, this approach greatly reduces the necessity to have to go back and see who has made certain changes
Cheers
Al.
Answer:
Dear Al,
Your knowledge of SAP appears to have breakpoint set somewhere in the Cerebellum and stops before reaching application
I agree that there are generally not enough monitoring activities used (or even required periodically), but in many countries it is a legal requirement to have the information in the system, protect it and it is good practice to control critical changes.
Have a nice weekend,
Ned
Answer:
Dear Al,
Your knowledge of SAP appears to have breakpoint set somewhere in the Cerebellum and stops before reaching application
I agree that there are generally not enough monitoring activities used (or even required periodically), but in many countries it is a legal requirement to have the information in the system, protect it and it is good practice to control critical changes.
Have a nice weekend,
Ned
Hi Ned, I think we will have to agree to disagree. Control can be achieved in a number of ways, logging actions on the system being one. From previous experience, reliance on logging to provide control is usually at the detriment of an end to end robust change control process over customising. The typical attitude being "we have logging so it's ok". Surely you would agree that generally a preventative control is better than a detection post event?
Have a good weekend yourself while I try to get my grey matter -> SAP interface working
Cheers,
Al.
Answer:
Sorry for jumping on this discussion but, this has been an old area of conflict in SAP.
The issue is with authorization you can control who has access to configuration but does not control/log what is being done automatically, except for the transport requests. And it is very easy to not understand what is in an specific transport request.
What some companiea are doing is to install other softwares that help them to at least control the approval process of any changes made by these trusted resources (Aprova, Versa, Rev-trac, etc) but, still there are no way to actually log the changes made in configuration.
This not only would help in control, but also in documentation. Let us know if any of you find something that does that.
_________________
ZZ
Answer:
Sorry for jumping on this discussion but, this has been an old area of conflict in SAP.
The issue is with authorization you can control who has access to configuration but does not control/log what is being done automatically, except for the transport requests. And it is very easy to not understand what is in an specific transport request.
What some companiea are doing is to install other softwares that help them to at least control the approval process of any changes made by these trusted resources (Aprova, Versa, Rev-trac, etc) but, still there are no way to actually log the changes made in configuration.
This not only would help in control, but also in documentation. Let us know if any of you find something that does that.
When I find something that works well I'll definately let you know
Until then soem decent change control would be nice
Answer:
"but, still there are no way to actually log the changes made in configuration. "
What are you talking about?
Of course change controls are important, but they are not a trade off between controls and logs.
Customizing and much of config has a back-end table to it. Log the table for changes (DD09L-PROTOKOLL = X).
For transports, have the table change log activated in the transport profile
I.e. REC/CLIENT (param) = RECCLIENT (STMS) = ALL (clients).
Ned
Answer:
Great topic,
Ned does this method meet your needs for logging who made a config change in Production, or Dev?
This sounds good, any other tips you have on logging config changes, and tips on controls and logs for checking syncronization between the Dev customizing client and prd would be greatly appreciated. If you can point me to a favorite white paper I would really appreciate it. I want more methods for making sure changes do not get out of sync and / or get by my security controls.
_________________
Gary Morris
SAP Security Analyst/Developer
garymorris@sapsecurity.net
Answer:
Great topic,
Ned does this method meet your needs for logging who made a config change in Production, or Dev?
Hallo Gary,
Yes. Directly changed and changes from transports are logged this way in PROD. For the transported changes, the USER is the Task/Request number, which gives infos (log) of where the change came from. Looking in the dev system (it is advisable to have the log on there as well), you can see who changed what on which day.
The trickiest part of this, is deciding what to check... T000 is a good start.
How to Earn Rs.25000 every month in internet without Investment?
Logging customizing activities
Labels:
log Faqs
Subscribe to:
Post Comments (Atom)
topics
-
▼
2007
(1406)
-
▼
November
(1359)
- Free Download SAP FI Certification study pdf books
- Implementing SAP R/3 on OS/400
- Update SAP Kernel in UNIX based
- Security Audit Log (BC-SEC).pdf
- Security Audit Log.pdf
- Securities,pdf
- Secure Store & Forward / Digital Signatures (BC-SE...
- Secure Network Communications (BC-SEC-SNC)
- Free download use ful T-codes
- I did not find any OSS notes appropriate for my pr...
- How to apply OSS notes number?
- What is OSS Notes number?
- Where can i access SAP OSS?
- WHAT IS OSS
- Disaster Recovery Plan to Restore Production System
- Steps to Install SAP Note in sap
- Difference Between SAP Notes and Support Package
- Question : Subject : Support packages testing
- Five Different "User Type"
- How to solve the Time Zone Definition Problems?
- Setting the User Decimals Format
- Schedule Manager
- Various Important SAP Basis T-Code
- Trace Functions in sap
- System Trace: Error Analysis in sap
- System Trace(ST01) in sap
- Roles and Authorizations Used in Background Proces...
- Deleting Multiple Spool Requests Simultaneously in...
- Logging and Tracing in spool
- Print and Output Management in spool
- Background Job Monitoring Monitor in CCMS
- Monitoring the Database Using the Alert Monitor
- Monitoring the Operating System Using the Alert Mo...
- Monitoring Memory Management Using the Alert Monitor
- Method Dispatching Monitor in CCMS
- Remote Application Server Status Monitor in CCMS
- GRMG Self-Monitoring Monitor in CCMS
- CCMS Selfmonitoring Monitor for System-Wide Data i...
- Logfile Monitoring Monitor in CCMS
- Logon Load Balancing Monitor in CCMS
- Transaction-Specific Dialog Monitor in CCMS
- Workload Collector Monitor in CCMS
- System Errors Monitor in CCMS
- System Configuration Monitor in CCMS
- Syslog Monitor in CCMS
- Spool System Monitor in CCMS
- Security Monitor in CCMS
- Performance Overview Monitor in CCMS
- Operating System Monitor in CCMS
- Filesystems Monitor in CCMS
- Entire System Monitor in CCMS
- Monitoring the Enqueue Service in CCMS
- Dialog per Application Server Monitor in CCMS
- Dialog Overview Monitor in CCMS
- Database Monitor in CCMS
- Transactional RFC and Queued RFC Monitor in CCMS
- Communications Monitor in CCMS
- Buffers Monitor in CCMS
- Background Job Monitoring Monitor(CCMS)
- Background Processing Monitor(CCMS)
- Availability and Performance Overview Monitor (CCMS)
- SAP CCMS Monitor Templates Monitor Set
- Creating and Changing a Monitoring Pause(CCMS)
- Creating and Changing Monitoring Rules(CCMS)
- Configuring Availability Monitoring(CCMS)
- Update Repositories(CCMS)
- Displaying Central Performance History Reports(CCMS)
- Displaying Report Properties
- Scheduling and Executing a Report
- Variables in Group Names
- Creating a Report Definition(CCMS)
- Maintaining Collection and Reorganization Schemata...
- Maintaining Collection and Reorganization Schemata...
- Creating and Editing a Calendar Schema(CCMS)
- Creating and Editing a Day Schema
- Customizing the Alert Monitor(CCMS)
- Resetting MTEs and Alerts(CCMS)
- Reorganizing Completed Alerts(CCMS)
- Display Completed Alerts(CCMS)
- Automatically Complete Alerts(CCMS)
- Completing Alerts(CCMS)
- Starting Methods (CCMS)
- Processing Alerts(CCMS_
- Displaying the Technical View: Central Performance...
- Displaying the Technical View: Threshold Values(CCMS)
- Displaying the Technical View: Status Autoreaction...
- Displaying the Technical View: Status Data Collector
- Displaying the Technical View: Method Allocation
- Displaying the Technical View: Info on MTE
- Display Types and Views of the Alert Monitor(CCMS)
- Properties of Status Attributes (CCMS)
- Properties of Performance Attributes(CCMS)
- Properties of Log Attributes (CCMS)
- General Properties of Monitoring Tree Elements(CCMS)
- Properties of Monitoring Objects and Attributes
- Elements of the Alert Monitoring Tree
- Alert Monitoring Tree(CCMS)
- Monitors(CCMS)
- Monitor Sets (CCMS)
- Elements of the Alert Monitor (CCMS)
-
▼
November
(1359)
No comments:
Post a Comment