Implentation of the Security Audit Log (SAL)
Troubleshooting and support (2nd and 3rd level support)
Ten years ago, there wasn't much more for SAP Basis experts than SAP Solution Manager. And most Basis administrators only used it at all because SAP virtually forced them to use SolMan to download updates.
The basic SAP Basis operation includes the operational readiness of the SAP system, management of system changeability, configuration and administration of system profiles, analysis of system failures, operation and monitoring of technical interfaces, scheduling and monitoring of SAP standard jobs, and much more. The optional services as an extension include activities whose implementation and frequency depends on the existing system environment and which can be optionally booked (client copies, implementation of client transports and homogeneous/heterogeneous system copies, etc.). These include performing release upgrades, installing enhancement packages, adapting new printer types, device drivers or character sets, and much more.
Especially after security incidents it may be necessary to find out which (technical) users have logged in at which time. The USR02 table provides a first entry point. In the TRDAT column you can find the last login date for the user you want. However, a history of previous applications is not found in this table. In such cases, the Security Auditlog or SAL helps. Preparation In order to access the desired data, it must also have been saved previously. In the Security Auditlog, you can use various filters to determine which users are logged on which client and which information. The Security Auditlog stores, depending on configuration, logins, RFC calls, and other actions for specific users. You can make these settings in the SM19 transaction. Note: Logging user activity must be aware of the users concerned! Configure the SAL only for technical users or in consultation with users / works council / etc. It can be seen there among other things when the SAL was activated and last edited (1). You can also select the various filters (2), activate the filters individually (3), specify clients and users (4) and specify which activities are logged (5). Static configuration in the SM19 Under the Dynamic Configuration you can also see if SAL is currently active for the system. Determine the status of the SAL Evaluation of the SAL If the Security Audit Log is active, switch to the SM20 evaluation of the Security Audit Log. Select the desired user and client and the appropriate time window. The option Dialogues login is sufficient for the login. Then, restart the AuditLog analysis. Start evaluation You will get an overview of the user's login to the selected client of the system.
This prevents that just because someone would start a new chain, someone would accidentally recognise it as "reality". However, sometimes two miners working on the longest chain find a new block at the same time. This is called Orphan Blocks. The chain now has in principle two end pieces (2 parallel blocks). Different miners now work at different ends of the chain. The blockchain will then continue where the next block will be found first. The other block is called the Orphan Block, and it's sort of a dead branch of the blockchain. So how do you explain the above things to your grandma?
For administrators, a useful product - "Shortcut for SAP Systems" - is available in the SAP basis area.
After my research, I came across a simple way to have your SQL statements resolved transaction-based by an editor.
On the SAP basis, this new bi-modal organisation is particularly true.