During the recent implementation of SAP Read Access Logging, that our client will be using to log personal data access, we have encountered a small gap. In our current SAP NetWeaver version, search-helps logging is not supported. That means, that if a person looking for some sensitive information (phone number, for example), uses a search-help instead of going directly to customer master transaction, these actions will not be logged.

To fill this gap, the following has been developed:

– Single screen program that outputs a generic table using a table control.

– Transaction attached to this program

– Simple class that calls this transaction in background mode using very simple BDC

– Implicit enhancement of the standard function module( ‘DD_SHLP_GET_HELPVALUES’) to pass data to this transaction.

– Custom table that contains search help names relevant to RAL logging

RAL recording that contains every field of the generic table has also been created.

Eventually, when someone receives a search-help output, the following happens:

1. Data is passed to the custom transaction in background mode before search-help output is displayed.

2. RAL logging is triggered, values are being recorded to RAL Raw Database

However, some caution should be exercised with this approach – every search-help call might generate hundreds if not thousands of records. Thus said, if there is a requirement to log search-helps output using RAL, it will be a good idea to explicitly specify the elementary search-helps that contain sensitive data and avoid logging everything.

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply