The Read Access Logging (RAL) tool allows you to monitor and log read access to sensitive data. It covers the following SAP technologies.

– RFC

– Webservices

– Web Dynpro ABAP

– Dynpro (SAP GUI)

RAL can be accessed using the SAP transaction SRALMANAGER. There are mainly two components of RAL, an Administration part and a Monitor part.

In this document I will briefly explain about the Recording functionality in RAL.

Step 1

Login ECC and go to transaction sralmanager.


/wp-content/uploads/2014/09/pic1_551170.jpg

RAL will get displayed in the browser. Select ‘Recordings’.

/wp-content/uploads/2014/09/pic2_551174.jpg

Step 2

Click on Create button.

/wp-content/uploads/2014/09/pic3_551175.jpg

Enter the channel, give Recording name and description.

/wp-content/uploads/2014/09/pic4_551176.jpg

It would be in recording mode when you click on Create button, if not select the Play button.

/wp-content/uploads/2014/09/pic5_551177.jpg

Now go to the ECC and enter transaction which you are recording.

Pic6.jpg

Select the field to be recorded and CTRL+RIGHT CLICK. Then select Record field under Read Access Logging in the context menu.

/wp-content/uploads/2014/09/pic7_551181.jpg

You will get a message saying that “Field ‘RFKI1-GPART’ has been added to the recording ‘FPI1’ “

If you are re-recording then the following message will be displayed.

Pic8.jpg

After recording the relevant fields, go back to SRALMANAGER and stop the corresponding recording.

/wp-content/uploads/2014/09/pic9_551183.jpg

To view the details of recording use the Lens button.

/wp-content/uploads/2014/09/pic10_551184.jpg

List of recorded fields will be displayed as below.

Pic11.jpg

Step 3

For configuring details such as log domain, log context of the recorded fields click on Configuration in RAL.

Pic12.jpg

Search the already existing configuration by providing the recording name. If does not exist create new configuration

/wp-content/uploads/2014/09/pic13_551163.jpg

Create Log group.

/wp-content/uploads/2014/09/pic14_551164.jpg

Drag and drop the recorded fields from the field list to Log group.

/wp-content/uploads/2014/09/pic15_551189.jpg

You can add the log domain by searching corresponding field.

/wp-content/uploads/2014/09/pic16_551190.jpg

Now Save as Active. Done with the recording.

/wp-content/uploads/2014/09/pic17_551191.jpg

/wp-content/uploads/2014/09/pic18_551192.jpg

Step 4

To test the recorded transaction, go to the tcode and enter values to the recorded fields.

/wp-content/uploads/2014/09/pic19_551193.jpg

/wp-content/uploads/2014/09/pic20_551194.jpg

Once the values have entered go to RAL and select the second tab Monitor.

/wp-content/uploads/2014/09/pic21_551195.jpg

Click Read Access Log and enter the user name and date/time in the search criteria.

/wp-content/uploads/2014/09/pic22_551196.jpg

You can find the list of entries with the recorded values of the user.

/wp-content/uploads/2014/09/pic23_551197.jpg

Select the entry based on time and you can see the values entered in the transaction.

/wp-content/uploads/2014/09/pic24_551198.jpg

These are the steps involved in RAL to track and monitor the transactions.

To report this post you need to login first.

15 Comments

You must be Logged on to comment or reply to a post.

  1. Narayanan k.b

    Nice Document .

    Is there any way available to measure the performance implication of the same?
    I mean where the logs are stored and its growth etc .

    Thanks

    (0) 

Leave a Reply