Skip to Content
Author's profile photo Nandakumar S Nair

Read access logging(Recording functionality)

The Read Access Logging (RAL) tool allows you to monitor and log read access to sensitive data. It covers the following SAP technologies.

– RFC

– Webservices

– Web Dynpro ABAP

– Dynpro (SAP GUI)

RAL can be accessed using the SAP transaction SRALMANAGER. There are mainly two components of RAL, an Administration part and a Monitor part.

In this document I will briefly explain about the Recording functionality in RAL.

Step 1

Login ECC and go to transaction sralmanager.


/wp-content/uploads/2014/09/pic1_551170.jpg

RAL will get displayed in the browser. Select ‘Recordings’.

/wp-content/uploads/2014/09/pic2_551174.jpg

Step 2

Click on Create button.

/wp-content/uploads/2014/09/pic3_551175.jpg

Enter the channel, give Recording name and description.

/wp-content/uploads/2014/09/pic4_551176.jpg

It would be in recording mode when you click on Create button, if not select the Play button.

/wp-content/uploads/2014/09/pic5_551177.jpg

Now go to the ECC and enter transaction which you are recording.

Pic6.jpg

Select the field to be recorded and CTRL+RIGHT CLICK. Then select Record field under Read Access Logging in the context menu.

/wp-content/uploads/2014/09/pic7_551181.jpg

You will get a message saying that “Field ‘RFKI1-GPART’ has been added to the recording ‘FPI1’ “

If you are re-recording then the following message will be displayed.

Pic8.jpg

After recording the relevant fields, go back to SRALMANAGER and stop the corresponding recording.

/wp-content/uploads/2014/09/pic9_551183.jpg

To view the details of recording use the Lens button.

/wp-content/uploads/2014/09/pic10_551184.jpg

List of recorded fields will be displayed as below.

Pic11.jpg

Step 3

For configuring details such as log domain, log context of the recorded fields click on Configuration in RAL.

Pic12.jpg

Search the already existing configuration by providing the recording name. If does not exist create new configuration

/wp-content/uploads/2014/09/pic13_551163.jpg

Create Log group.

/wp-content/uploads/2014/09/pic14_551164.jpg

Drag and drop the recorded fields from the field list to Log group.

/wp-content/uploads/2014/09/pic15_551189.jpg

You can add the log domain by searching corresponding field.

/wp-content/uploads/2014/09/pic16_551190.jpg

Now Save as Active. Done with the recording.

/wp-content/uploads/2014/09/pic17_551191.jpg

/wp-content/uploads/2014/09/pic18_551192.jpg

Step 4

To test the recorded transaction, go to the tcode and enter values to the recorded fields.

/wp-content/uploads/2014/09/pic19_551193.jpg

/wp-content/uploads/2014/09/pic20_551194.jpg

Once the values have entered go to RAL and select the second tab Monitor.

/wp-content/uploads/2014/09/pic21_551195.jpg

Click Read Access Log and enter the user name and date/time in the search criteria.

/wp-content/uploads/2014/09/pic22_551196.jpg

You can find the list of entries with the recorded values of the user.

/wp-content/uploads/2014/09/pic23_551197.jpg

Select the entry based on time and you can see the values entered in the transaction.

/wp-content/uploads/2014/09/pic24_551198.jpg

These are the steps involved in RAL to track and monitor the transactions.

Assigned Tags

      17 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Harikumar Sasidharan Nair
      Harikumar Sasidharan Nair

      Useful content.

      Author's profile photo Abyson Joseph
      Abyson Joseph

      Very informative... Thanks for the share..

      Author's profile photo Kiran Kumar Valluru
      Kiran Kumar Valluru

      Hi Nanda,

      Nice Document with detailed steps. Keep posting!

      Best Regards,

      Kiran

      Author's profile photo Nandakumar S Nair
      Nandakumar S Nair
      Blog Post Author

      Thank you kiran. 🙂

      Author's profile photo Ramakrishna Dadi
      Ramakrishna Dadi

      Nice document.

      But mention the SAP version in which the tcode SRALMANAGER made available.

      Regards,

      Rama

      Author's profile photo Nandakumar S Nair
      Nandakumar S Nair
      Blog Post Author

      Hi Rama,

      Thanks for your comment.RAL is available from SAP NW 7.31 SP10.

      Thanks & Regards,

      Nandakumar S

      Author's profile photo VENU G
      VENU G

      Hi Nanda,

      Nice Document and very good explanation.

      Regards,

      Venu

      Author's profile photo Nandakumar S Nair
      Nandakumar S Nair
      Blog Post Author

      Thanks Venu.

      Author's profile photo Mahesh Madhavan
      Mahesh Madhavan

      Very useful. Never heard of this functionality before. Thanks a lot for sharing this.

      Cheers,

      Mahesh

      Author's profile photo Nandakumar S Nair
      Nandakumar S Nair
      Blog Post Author

      Thank you Mahesh for the comments.

      Author's profile photo Salim Assaf
      Salim Assaf

      Very nice!  I can definitely see this being useful.

      Author's profile photo Nandakumar S Nair
      Nandakumar S Nair
      Blog Post Author

      Thanks Salim. 🙂

      Author's profile photo Former Member
      Former Member

      Very well documented.. Keep on posting!!!

      Author's profile photo Former Member
      Former Member

      Thank you very much for the detailed explanation.
       

      Author's profile photo Narayanan k.b
      Narayanan k.b

      Nice Document .

      Is there any way available to measure the performance implication of the same?
      I mean where the logs are stored and its growth etc .

      Thanks

      Author's profile photo sylvester daudu
      sylvester daudu

      Hi Nandakumar,

      Thank for your piece on adding a transaction code to RAL. I enjoyed it.

      Please could you help clear the below?

      I thought, we normally unchecked the Without Condition Check box to define, and assign conditions and expressions during configurations?

      By default, Without Condition is checked, meaning no condition and expressions are defined. If a log group contains no conditions, then every read access to the recorded fields in the log group is logged. This is mostly used when we want to record every access to data like viewing table with values. E.g. accessing PA0002 table via SE16.  Am I right?

      Please what happened to the Without condition checked box for transaction code e.g. FPI1 you illustrated with?

      Also, please, how did you identified the corresponding field to be searched to add the log domain?  At what stage or window is this search performed to add the log domain?

      In your example, do you have existing log Domain that you associate FPI1 to?

      I thought is advisable to create log domain before recording and Configuration, so that we can associate the Log Domain appropriately.

       

      Thanks

      Sylvester

       

      Author's profile photo Shubham Bathla
      Shubham Bathla

      Hi Nanda,

       

      Great Blog 🙂

       

      Thanks,

      Shubham