Summary
Audit logging tracks actions performed in the database: who did what or tried to do what and
when.
SAP HANA provides audit logging for critical security events, such as changes to roles and user
privileges, and access to sensitive data. Both write and read access of database objects (such as
tables, views) can be logged, as well as the execution of procedures.
Audit logging can be configured in the SAP HANA studio or using SQL statements. Audit policies
define which actions in the database are logged (such as audit target and audited users). These
policies can be configured to the customers needs.
Prerequisites:
To be able to activate and configure auditing for an SAP HANA system, you must have the system
privilege AUDIT ADMIN.
Procedure:
1.
In the Security editor of the system to be audited, choose the Auditing tab.
2. In the System Settings for Auditing area, set the auditing status to Enabled.
Results:
Auditing is now activated in your system and you can create the required audit policies.
NOTE: The concept of audit entries can be written to the database table will be available from the
Version SPS07 Rev.70 onwards.
The user who enables the audit to a database table should have the system privilege
AUDIT OPERATOR or AUDIT ADMIN.
We can delete these audit entries from the table until a certain time and date, if we want
to avoid the audit table growth indefinitely.
Prerequisites:
Page 2 of 8 | C2: Confidential | SAP BASIS Practice
Procedure:
1.
In the Security editor of the system to be audited, choose the Auditing tab.
NOTE: Not all actions can be combined together in the same policy. When you select an action,
those actions that are not compatible with the selected action become unavailable for selection.
Selecting All Actions covers not only all other actions that can be audited individually but also
actions that cannot otherwise be audited. Such a policy is useful if you want to audit the actions
of a particularly privileged user.
c. Choose OK
The actions in the policy will only be audited when performed by the specified user(s).
If you do not specify a user, the actions will be audited regardless of who performs
them.
Results:
The list of audit policies is saved together with the new policy. The new policy is automatically
enabled. This means that when an action in the policy now occurs under the conditions defined in
the policy, an audit entry is created in the audit trail. You can disable a policy at any time by
changing the policy status. It is also possible to delete a policy.
Note:
1.
If we select the Audit trail target as "CSV Text Fiile" then the audit trail log will reside in
the file: indexserver_<hostname>.30003.audit_trail.csv which we can find in tab
Diagnosis Files in HANA Studio.
2. If we select the Audit trail target as Database Table then we can be able to view the
entries under: <SID> Catalog Public Synonyms AUDIT_LOG in HANA Studio.
References
1. SAP_HANA_Administration_Guide_SPS06 & 07
2. http://scn.sap.com/community/hana-in-memory/blog/2013/05/27/andy-silvey--sap-hanacommand-line-tools-and-sql-reference-examples-for-netweaver-basis-administrators
Validity
Component
Releases
SAP HANA
SPS06 onwards
Action Log
Date (mm/dd/yyyy)
Version
Action
Performed By (ID)
04-Sept-14
1.0
Document Created
306357
05-Sept-14
1.0
191460