Please advise: how to audit annual report for SAP system

SAP audit function mainly includes:

1) user login and process monitoring

2) file types have been file change records

3) development records

4) system log file audit

(from the meaning of the CCA security, because SAP will be AUDIT LOG stored in file form on the SAP server, so in principle, it should be more SAP administrators and OS administrators to control the real sense of separation)

So in order to cooperate with the system security control, SAP rigorously adopted its own AUDIT tool, in-system TRACE tool, controllable TRACE tool, through which to further improve and strengthen system security.

System security control strategies are as follows:

1) Setting the time of in-system TRACE to be less than or equal to 3 days by ST03,ST03N.

2)Manually set the TRACE content and time period with SM19 to control every step of the system operation.

Basic monitoring strategy:

1)Make a daily check once a day, check the action in the system through ST22,SM21,OY18,ST02,ST04 to control the daily operation status.

2)The system administrator monitors the user's system actions every three days through STAT, with SM20 to monitor the more detailed content, and for some inappropriate user actions can be completed through SUIM to monitor.

3) SM20 can also provide detailed feedback on any actions taken by the system administrator, and a list of the system administrator's actions can be made every two weeks.

? About SAP audit:

Broadly speaking, it actually refers to SAP basis security as well as its OS, DB audit, while narrowly speaking, it is the audit of the system control provided by SAP FI/CO, MM, SD, etc. Right.

SAP comes with two audit functions, one is the event level audit log, parameter rsau/enable = 1 to enable the function, and then SM19 configure the event to be audited, SM20 to do audit log analysis.

The other is the audit of the table. The other is the audit of table, that is, the audit of important data parameter table changes, the parameter rec/client to turn on the function, according to the management definition of the SAP system key data table list, use SE13 to configure the properties of the data table, start the function of these data table change log. Then use SCU3 to view the change log of these critical data tables.

audit log is stored as a file on the operating system, so it can be deleted without sap_all but with OS root privileges.

So the OS admin must be separate from the SAP admin.

If you can do this SOD, even if SAP_ALL deletes the audit log on SAP, the action of deleting the audit log can be recorded by SAP. So audit log can still play a role.