Document toolboxDocument toolbox

SECPOL_LOG - Change Logs for Security Policies

Data Description

The SECPOL_LOG event is used to determine and log all changes made to user and authorization management entity i.e. security policies.

Potential Use Cases

This event could be used in the following scenarios:

  • Determine which security policies with attributes are created in the SAP system/s, for which you explicitly do not want to use the default value

  • Monitor to determine if critical security policies and attributes are being changed

  • Identify and alert on security policies changes, which could create compliance concerns

Splunk Event

The event will look like this in Splunk:

 

SAP Navigation

Log in to the SAP system and execute the transaction SECPOL_CHANGES. Select the display option “Show Raw Change Documents” along with required inputs in selection fields.

Change Documents/Logs for the policies are displayed in the output screen as below.

Note: This event type is available from PowerConnect version 6.08 onwards and SAP NetWeaver version 7.40 and above.