Skip to Content
Author's profile photo Former Member

SAP Security Change History Logs: The forgotten archive objects

When most people think of archiving, they usually think of transactional business data such as
FI/CO, SD data or technical data (archiving objects; i.e., workitems or idocs). Yet there are also objects for SAP security which take up valuable system space in all SAP systems but are not frequently used. These archive objects will allow the data within the SAP security change history tables to be archived. Once data is archived, it can be move from the main database storage (tier one storage), to lower level storage media.


Though the space relegated to these objects, taken individually, might seem low in your ECC or other SAP system, the logs are created wherever SAP security is used. Looking at the number of systems, the effect of the change and change history for data that is seldom accessed can have impact for technical groups and storage cost and system performance.

Chart: Examples of forgotten archive objects (change history docs)

Archiv Object Archive Object Description Table Table Description


User Master Change Documents: Authorizations USH12 Change history for authorization values
US_PASS Change Documents: User (Other Data) USH02 Change history for logon data
US_PROF User Master Change Documents: Authorize Profiles USH10 Change history for authorization profiles
US_USER User Master Change Documents: User Authorizations USH04 Change history for authorizations

these security change history logs cannot only free up additional space in your SAP system, but still meet compliance governance requirements.  Also, once you archive data, it is static and cannot be changed or deleted thus supporting the company’s purge strategy and protecting the data for audit/governance.

Other advantages to archiving change logs:

  • Once data has been archived, the change logs cannot be accidently deleted from the SAP system
  • Allows for storage of change logs to reside on lower cost media while maintaining accessibility to the log data supporting teams, such as:
    • Security
    • Governance
      and Audit
    • Others
  • Opens space in system(s) for the critical business operations
  • Allows for the development of a purge strategy for change logs
  • Does not have impact on business because the security archiving objects fits with technical archiving
  • Cannot accidently be purged from the SAP system

It helps to have an understanding of the security areas and how they are tied to governance and audit. Dolphin has worked with many customers on archiving and creating an archiving strategy that streamlines the infrastructure and secures access. This encompasses when to archive, how to retrieve the archived data and documentation for governance and audit.

Assigned Tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Hi James,

      Are there Archive infostructures/Field catelogs available for the above mentioned archive objects? If not, how can we access the archived data?

      Best Regards,

      Ankit Goel