Scribd Logo
Unggah

Selamat datang di Scribd!

  • HANA Security Audit Log Configuration

    Diunggah oleh

    apurvasg101
    3K tayangan8 halaman
    The document discusses how to configure audit logging in SAP HANA to track security events like changes to user privileges and access to sensitive data. It explains that audit logging must first be activated, then audit policies can be created to define which actions to log, like reads and writes to database objects. The log data can be configured to go to syslog, CSV files, or internal database tables.

    Deskripsi Asli:

    hana audit log

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    The document discusses how to configure audit logging in SAP HANA to track security events like changes to user privileges and access to sensitive data. It explains that audit logging must first be activated, then audit policies can be created to define which actions to log, like reads and writes to database objects. The log data can be configured to go to syslog, CSV files, or internal database tables.

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    3K tayangan8 halaman

    HANA Security Audit Log Configuration

    Diunggah oleh

    apurvasg101
    The document discusses how to configure audit logging in SAP HANA to track security events like changes to user privileges and access to sensitive data. It explains that audit logging must first be activated, then audit policies can be created to define which actions to log, like reads and writes to database objects. The log data can be configured to go to syslog, CSV files, or internal database tables.

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 8

    SAP Standard Operating Procedures (SOP)

    SAP HANA Security Audit Log Configuration

    Summary
    Audit logging tracks actions performed in the database: who did what or tried to do what and
    when.
    SAP HANA provides audit logging for critical security events, such as changes to roles and user
    privileges, and access to sensitive data. Both write and read access of database objects (such as
    tables, views) can be logged, as well as the execution of procedures.
    Audit logging can be configured in the SAP HANA studio or using SQL statements. Audit policies
    define which actions in the database are logged (such as audit target and audited users). These
    policies can be configured to the customers needs.

    Activating and Configuring Auditing for an SAP HANA system:


    The auditing feature of the SAP HANA database allows you to monitor and record selected
    actions performed in your system. To be able to use this feature, it must first be activated for the
    system. It is then possible to create and activate the required audit policies.

    Prerequisites:
    To be able to activate and configure auditing for an SAP HANA system, you must have the system
    privilege AUDIT ADMIN.

    Procedure:
    1.

    In the Security editor of the system to be audited, choose the Auditing tab.

    2. In the System Settings for Auditing area, set the auditing status to Enabled.

    Page 1 of 8 | C2: Confidential | SAP BASIS Practice

    SAP Standard Operating Procedures (SOP)


    SAP HANA Security Audit Log Configuration
    3. Configure the target of the audit trail, by choosing one of the following options:
    Syslog (Default) : Logging system of the Linux operating system
    CSV Text file : A directory on the database server file system
    Database Table : Internal database table (this option will be available from
    HANA SPS07 Revision.70 onwards)

    Then choose the Deploy button.

    Results:
    Auditing is now activated in your system and you can create the required audit policies.

    NOTE: The concept of audit entries can be written to the database table will be available from the
    Version SPS07 Rev.70 onwards.
    The user who enables the audit to a database table should have the system privilege
    AUDIT OPERATOR or AUDIT ADMIN.
    We can delete these audit entries from the table until a certain time and date, if we want
    to avoid the audit table growth indefinitely.

    Creating an Audit Policy:


    Auditing is implemented through the creation and activation of audit polices. An audit policy
    defines the actions to be audited, as well as the conditions under which the action must be
    performed to be relevant for auditing.

    Prerequisites:
    Page 2 of 8 | C2: Confidential | SAP BASIS Practice

    SAP Standard Operating Procedures (SOP)


    SAP HANA Security Audit Log Configuration
    To be able to create an audit policy, you must have the system privilege AUDIT ADMIN.

    Procedure:
    1.

    In the Security editor of the system to be audited, choose the Auditing tab.

    2. In the Audit Policies area, choose Create New Policy.


    A new line is added to the list of policies.

    3. Enter the policy name


    The policy name can contain only letters (Aa-Zz), numbers (0-9), and underscores (_).
    4. Policy Status should be Enabled
    5. Specify the Actions to be Audited as follows:
    a. In the Audited Actions column, choose the ... button.
    The Edit Actions Audited by <policy_name> dialog box appears.
    b. Select the required actions to be audited from the list.

    NOTE: Not all actions can be combined together in the same policy. When you select an action,
    those actions that are not compatible with the selected action become unavailable for selection.
    Selecting All Actions covers not only all other actions that can be audited individually but also
    actions that cannot otherwise be audited. Such a policy is useful if you want to audit the actions
    of a particularly privileged user.

    c. Choose OK

    Page 3 of 8 | C2: Confidential | SAP BASIS Practice

    SAP Standard Operating Procedures (SOP)


    SAP HANA Security Audit Log Configuration

    6. Specify the action status.

    Page 4 of 8 | C2: Confidential | SAP BASIS Practice

    SAP Standard Operating Procedures (SOP)


    SAP HANA Security Audit Log Configuration
    7. Specify the audit level.
    The audit level specifies the severity of the audit entry written to the audit trail when
    the actions in the policy occur.

    8. If necessary, specify the user(s) to be audited.


    It is possible to specify that the actions in the policy be audited only when performed by a
    particular user or users. Alternatively, you can specify that the actions in the policy be
    audited when performed by all users except a particular user or users.

    The actions in the policy will only be audited when performed by the specified user(s).
    If you do not specify a user, the actions will be audited regardless of who performs
    them.

    9. If necessary, specify the target object(s) to be audited.


    You must specify a target object if the actions to be audited involve data manipulation,
    for example, the actions SELECT, INSERT, UPDATE, DELETE, and EXECUTE. The actions in
    the policy will only be audited when they are performed on the specified object or
    objects.
    When specifying target objects, note the following:
    You can only enter tables, views, and procedures.
    The target object must be valid for all actions in the policy.
    You can only enter objects that exist. However, if the object is deleted, the
    audit policy remains valid. This means that if the object is recreated, that is
    the same object type with the same name is created, the audit policy will
    work for this object again.

    10. Choose the Deploy button.

    Page 5 of 8 | C2: Confidential | SAP BASIS Practice

    SAP Standard Operating Procedures (SOP)


    SAP HANA Security Audit Log Configuration

    Results:
    The list of audit policies is saved together with the new policy. The new policy is automatically
    enabled. This means that when an action in the policy now occurs under the conditions defined in
    the policy, an audit entry is created in the audit trail. You can disable a policy at any time by
    changing the policy status. It is also possible to delete a policy.

    Note:
    1.

    If we select the Audit trail target as "CSV Text Fiile" then the audit trail log will reside in
    the file: indexserver_<hostname>.30003.audit_trail.csv which we can find in tab
    Diagnosis Files in HANA Studio.

    2. If we select the Audit trail target as Database Table then we can be able to view the
    entries under: <SID> Catalog Public Synonyms AUDIT_LOG in HANA Studio.

    Page 6 of 8 | C2: Confidential | SAP BASIS Practice

    SAP Standard Operating Procedures (SOP)


    SAP HANA Security Audit Log Configuration

    References
    1. SAP_HANA_Administration_Guide_SPS06 & 07
    2. http://scn.sap.com/community/hana-in-memory/blog/2013/05/27/andy-silvey--sap-hanacommand-line-tools-and-sql-reference-examples-for-netweaver-basis-administrators

    Page 7 of 8 | C2: Confidential | SAP BASIS Practice

    SAP Standard Operating Procedures (SOP)


    SAP HANA Security Audit Log Configuration

    Validity

    Component

    Releases

    SAP HANA

    SPS06 onwards

    Action Log

    Date (mm/dd/yyyy)

    Version

    Action

    Performed By (ID)

    04-Sept-14

    1.0

    Document Created

    306357

    05-Sept-14

    1.0

    Reived and Approved by

    191460

    Page 8 of 8 | C2: Confidential | SAP BASIS Practice

    Anda mungkin juga menyukai