Confidential

After completing this lesson, you will be able to:
 Describe what auditing is
 Describe how to configure and troubleshoot auditing
 Describe the purpose and benefits of auditing dashboard
 Explain the meaning and structure of new auditing events
 Describe the ADS schema
 Describe how auditing events are stored in ADS
© 2011 SAP AG. All rights reserved.
Confidential 2

Agenda
2.
Auditing Dashboard
3.
Auditing Data Store
4.
Consistent Auditing Events
© 2011 SAP AG. All rights reserved.
Confidential 3

Auditing subsystem keeps a record of events from SAP BusinessObjects Business
Intelligence (BI) platform servers and applications.
How, what and when?
Recorded in Auditing Data Store (ADS).
Once the data is in the ADS, you can report on operations performed in system.
© 2011 SAP AG. All rights reserved.
Confidential 4

Agenda
1.
What is Auditing?
3.
Auditing Data Store
4.
Consistent Auditing Events
© 2011 SAP AG. All rights reserved.
Confidential 5

© 2011 SAP AG. All rights reserved.
Confidential 6

© 2011 SAP AG. All rights reserved.
Confidential 7

The Auditing Status Summary section is a new feature
 Metrics to optimize auditing configuration
 Alerts of potential issues with auditing
 Warnings under the following circumstances:
– The connection to the Auditing Data Store (ADS) database is unavailable.
– There is no running or enabled Client Auditing Proxy Service (CAPS)
– An Auditee has events that could not be retrieved
© 2011 SAP AG. All rights reserved.
Confidential 8

CMS collects events from all auditees once every 3 minutes.
CMS automatically adjusts polling cycle duration.
Manual configuration of polling cycle duration is not possible.
© 2011 SAP AG. All rights reserved.
Confidential 9

© 2011 SAP AG. All rights reserved.
Confidential 11

“Auditing Level” slider in “Set Events” to chose the level of auditing
“Custom” level to select individual auditing events.
Changes to auditing events and event details apply to all servers and applications.
You can enable and disable some event details.
 Query

Folder Group Details

Rights Details
 User Group Details
 Property Value Details
Note: For client auditing it may take up to two minutes after the changes have been made before the system will start recording data for any new events. Make sure you allow for this delay when implementing changes to the system.
© 2011 SAP AG. All rights reserved.
Confidential 12

© 2011 SAP AG. All rights reserved.
Confidential 13

If Auditing is enabled and ADS database not configured, audit events accumulate.
CMS must be restarted for changes in ADS database configuration to take place.
Multiple clusters can write events to the same ADS
Auto-delete: Delete events older than (days)
ADS Auto Reconnect – CMS automatically reconnects to ADS when connection is lost.
© 2011 SAP AG. All rights reserved.
Confidential 14

All auditing configuration is done in CMC, no more in CCM.
•
•
 You can configure:
In CMC > Servers > Nodes > Placeholders
• The location of temporary auditing files
 No user configurable settings for:
•
•
Auditing polling interval duration
Which events are retrieved
In CMC > Audit (Audit Dashboard)
•
•
Auditing levels and events details
Audit ADS database
• AuditInterval and AuditMaxEventsPerFile command line CMS parameters no longer supported.
© 2011 SAP AG. All rights reserved.
Confidential 15

Agenda
1.
What is Auditing?
2.
Auditing Dashboard
4.
Consistent Auditing Events
© 2011 SAP AG. All rights reserved.
Confidential 17

New auditing events and Auditing Data Store (ADS) schema are not compatible with SAP BusinessObjects Enterprise XI 3.1 auditing database.
No migration of auditing data between releases.
 Event structure and information collected has changed.
 Audit events have more information in 4.0.
 Consistency of event data.
No out of the box sample auditing universe and reports.
© 2011 SAP AG. All rights reserved.
Confidential 18

© 2011 SAP AG. All rights reserved.
Confidential 19

Key tables are ADS_EVENT and ADS_EVENT_DETAIL
ADS_EVENT contain all event properties for each event (one row per event), and includes:
 Event ID
 Origin:
– Cluster_ID
– Server_ID
– Service_Type_ID
– Client_Type_ID


Action ID
Object Properties (on which resource the operation is performed)
 Time (when event took place):
– Start_Time (in GMT)
– Duration_ms
– Time_Added_To_ADS
 User (who caused auditable operation)
– User ID
– User Name -
-
-
-
-
Object_ID
Object_Name
Object_Type
Folder_Path
Folder ID
Top_Folder_Name
– Session ID
 Event type (which operation)
– Event_Type_ID
– Status ID
Top_Folder _ID
© 2011 SAP AG. All rights reserved.
Confidential 20

Agenda
1.
What is Auditing?
2.
Auditing Dashboard
3.
Auditing Data Store
© 2011 SAP AG. All rights reserved.
Confidential 21

Auditing events are now transversally consistent.
There are two types of events:
 Common
 Specific
© 2011 SAP AG. All rights reserved.
Confidential 22

Event
Name
ID Minimal
Auditing
Level
Description
View 1,002 Default
Refresh 1,003 Default
Prompt 1,004 Default
Create
Delete
Modify
Save
1,005
1,006
1,007
1,008
Default
Default
Default
Default
User viewed a document / object
User refreshed an object
User selected value for a prompt
User created an object
User deleted an object
User modified property(ies) of an object
Saving a document / object locally, remotely or to CMS repository. In the same of different format.
User searched for a document, text Search
Edit
Run
Deliver
1,009 Default
1,010 Default
1,011 Default
1,012 Default
User edited a the content of an object
A job was run
An object was attempted to be delivered
Retrieve 1,013 Complete Object is retrieved from CMS
Logon 1,014 Minimal User logon
Logout
Trigger
1,015
1,016
Minimal
Complete
User logout
An event was triggered
© 2011 SAP AG. All rights reserved.
Confidential 23

 Doesn’t apply. No auditing events is triggered by the component.
 - Auditing event is triggered by the component.
 - The component relies on CMS event with the same name. No auditing event is triggered by the component.
 The “Save” results in CMS firing Create or Modify events. No auditing event is triggered by the component.
S - The component relies on Search Service event. No auditing event is triggered by the component
 The event generated by Live Office Web Services provider on behalf of the client
 - The event generated by Query as a Web Service and Live Office Web Services provider on behalf of the client
© 2011 SAP AG. All rights reserved.
Confidential 24

BI Platform
Event Name
Rights
Modification
ID Minimal
Level
Description
10003 Minimal Right on object were modified
Custom
Access Level
Modified
Auditing
Modification
10004 Minimal Custom Access Level was modified
10006 Minimal Tracks changes in auditing events state (enabled/disabled)
Components Generating Events
Event Name
Rights Modification
Custom Access Level Modified
Auditing Modification
CMS Event
Service




 
© 2011 SAP AG. All rights reserved.
Confidential 25

SAP BusinessObjects Web Intelligence (WEBI) Events:
Event
Name
Drill Out Of
Scope
Page
Retrieved
ID Minimal
Level
10201 Complete
10202 Complete
Description
Drill Out Of Scope
WebI document page retrieved
Generated by
WRC, WEBI
Server
WEBI Server
Components Generating Events:
Event Name
Drill Out Of Scope
Page Retrieved
WEBI Rich
Client


WEBI
Processing
Service


© 2011 SAP AG. All rights reserved.
Confidential 26

SAP BusinessObjects Analysis Events:
Event Name
MDAS
Session
ID Minimal
Level
Description
10300 Complete MDAS Session operation performed
Cube
Connection
10301 Complete Cube Connection operation performed
Generated by
MDAS service
MDAS service
© 2011 SAP AG. All rights reserved.
Confidential 27

Example of sequence of events for viewing an SAP Crystal Reports report
(document A) on demand with prompts in BI Launchpad.
Component Event
BI Launchpad View
CMS
CR Proc
Service
Retrieve
Prompt
CR Proc
Service
CR Cache
Service
Refresh
View
Note
Object ID = CUID of document A
Object ID = CUID of document A
Object ID = CUID of document A
Prompt Name = Country
Prompt Value = USA
Object ID = CUID of document A
Query = select * from ….
Object ID = CUID of document A
© 2011 SAP AG. All rights reserved.
Confidential 29

Example of sequence of events for viewing an SAP BusinessObjects Web
Intelligence document (document A) in CMC with two prompts .
Component
CMC
CMS
SAP
BusinessObjects
Web Intelligence
Proc Service
Event
View
Retrieve
Prompt
SAP
BusinessObjects
Web Intelligence
Proc Service
Refresh
Note
Object ID = CUID of document A
Object ID = CUID of document A
Object ID = CUID of document A
Bunch = 1
 Prompt Name = Region
 Prompt Value = East
 Prompt Value = West
Bunch = 2
 Prompt Name = Country
 Prompt Value = USA
 Prompt Value = Canada
Object ID = CUID of document A
Bunch = 1
 Universe Name = Sales
 Universe ID = CUID of Sales universe
 Universe Object Name = Quarter
 Universe Object Name = Customer
Bunch = 2
 Universe Name = Orders
 Universe ID = CUID of Orders universe
 Universe Object Name = Amount
Query = SELECT * FROM …
Object ID = CUID of document A
© 2011 SAP AG. All rights reserved.
SAP
BusinessObjects
Web Intelligence
Proc Service
View
Confidential 30

After completing this lesson, you are now able to:
 Describe what auditing is
 Describe how to configure and troubleshoot auditing
 Describe the purpose and benefits of auditing dashboard
 Explain the meaning and structure of new auditing events
 Describe the ADS schema
 Describe how auditing events are stored in ADS
© 2011 SAP AG. All rights reserved.
Confidential 34

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.
Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft
Corporation.
IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x,
System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server,
PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER,
OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP,
RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX,
Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation.
Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries.
Oracle is a registered trademark of Oracle Corporation.
UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.
Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc.
HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World
Wide Web Consortium, Massachusetts Institute of Technology.
Java is a registered trademark of Sun Microsystems, Inc.
JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape.
SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer,
StreamWork, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries.
Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal
Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is an SAP company.
Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Sybase, Inc. Sybase is an SAP company.
All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.
The information in this document is proprietary to SAP. No part of this document may be reproduced, copied, or transmitted in any form or for any purpose without the express prior written permission of SAP AG.
This document is a preliminary version and not subject to your license agreement or any other agreement with SAP. This document contains only intended strategies, developments, and functionalities of the SAP® product and is not intended to be binding upon SAP to any particular course of business, product strategy, and/or development. Please note that this document is subject to change and may be changed by SAP at any time without notice.
SAP assumes no responsibility for errors or omissions in this document. SAP does not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.
SAP shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials.
This limitation shall not apply in cases of intent or gross negligence.
The statutory liability for personal injury and defective products is not affected. SAP has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third-party Web pages nor provide any warranty whatsoever relating to third-party Web pages.
© 2011 SAP AG. All rights reserved.
Confidential 36