Sample Screen Shots from SAP GUI (on SAP Test system) Tobias Keller, Product Owner, UI Logging and UI Masking (UI Field Security) September 2014 SAP SE
Sample screen shots: Configuration Overview: IMG structure for UI logging Under node for SAP NetWeaver One node for common settings (relevant for all subscribed UIL channels) One node for each of the subscribed (installed) UIL channels, with specific config options Node for BadIs to enable more complex business logic as to what the logging functionality does [This slide deck covers merely the two main configuration tables] 2
Sample screen shots: Configuration Step 1: configure scope for logging Separate tables per channel (UI technology to log SAP GUI, WebDynpro, CRM WebUI ) Either maintain transaction codes to be logged for a quick setup or Set up configuration on view/field level for a more granular determination of what is logged (option to determine whether the configured elements are excluded or included) 3
Sample screen shots: Configuration Step 2: maintain which users are to be logged (or not) Get and maintain a list of all users that should be evaluated by UI Logging Maintain configuration whether these entries are positive (included and to be logged) or negative (excluded from logging) 4
Sample screen shots: normal system user steps UI Logging example If a user enters a protected transaction (e.g. PA20, PA30 for HR data, or SE16n), this is already logged. Subsequently, the user requests for data to be displayed, e.g. salary data (infotype 8) for a particular user. These moves are being logged see the next page to understand how. 5
Sample screen shots: UIL admin tools Display the log In temporary log (for most recent data) or in repository (the actual log file). Each roundtrip from UI Server (database ) UI is logged as one data file. Log Viewing options: structured or text based (the actual log) The log contains multiple sections: general data, header, input, and output. header/input data: it is possible to understand the requests from a given user (including UI functions, e.g. export, print) The output section is a snapshot of the exact data handed over to the user 6
Sample screen shots: UIL admin tools Analyze the logged data Powerful set of filters to narrow down to the most relevant information Search the complete log over all channels, or only specific channels (and with varying settings/filters) User can set/get variants for complex filter settings 7
Sample screen shots: UIL admin tools Sample functionality: system alert in case of critical data access Sample only not included in standard functionality Can be offered based on specific customer requirements Immediate system reaction for critical fields or in case of other triggering events (rules based) More complex rules could be variants created with the Log Analyser) Reports on a periodic base (grasp large scale access, uncommon accesses by a user etc.) 8
Contact RCS UI Logging Visit our SAP UI Logging channel on SCN: http://scn.sap.com/community/ui-logging Your one-shop-stop for product information, release news, Q&A, and more Tobias Keller Product Owner SAP SE, Custom Development Dietmar-Hopp-Allee 16 69190 Walldorf Martin Loitz Technical Product Owner SAP SE, Custom Development Dietmar-Hopp-Allee 16 69190 Walldorf T +49 6227-7-74995 E tobias.keller@sap.com www.sap.com T +49 6227-7-48810 E Martin.Loitz@sap.com www.sap.com 9
2014 SAP SE All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation, and SAP SE s or its affiliated companies strategy and possible future developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions. 10