Skip to Content

Set Up and Review Audit Logs in SAP Datasphere

Beginner
10 min.
SAP Datasphere, Beginner, Tutorial
Perform audit logging to monitor and record selected actions performed in SAP Datasphere, providing you with visibility on who did what and when.
You will learn
  • About audit logging of customer-owned data within Spaces
  • How to view audit logs
jmmargojmmargoMarch 13, 2023
Created by
jmmargo
January 6, 2023
Contributors
jmmargo
meganhoy

Prerequisites

  • Step 1

    Audit logs are a simple way to monitor and record selected actions performed in SAP Datasphere.

    You can set up the change log and the read access log independently of each other. Both logs are implemented using the same mechanism, so the following steps applies

    Log in to complete tutorial
  • Step 2

    If you choose to enable audit logs, be aware that they can consume a large amount of storage in your SAP Datasphere tenant.

    To enable audit logs for specific Spaces in SAP Datasphere:

    1. Go to Space Management by clicking on the icon on the left-side menu.

    2. Select the Space in which you want to enable the audit logs, and click on the Auditing tab.

      Auditing

    3. Here, check the Enable Audit Log for Read or Change Operations checkboxes and set the retention time for the same. You can set the retention time in days. The default is 30 days, the minimum retention time is 7 days, and the maximum retention time is 10 000 days.

    If auditing has been enabled, entries of all SAP Datasphere related objects are saved in an SAP HANA Cloud, SAP HANA database audit log. These logs don’t include the objects of the database access schemas, like open SQL schemas, for example.

    Log in to complete tutorial
  • Step 3

    To enable audit logs for individual database schemas in SAP Datasphere:

    1. Go to Space Management by clicking on the icon on the left-side menu and select the Space in which you want to enable the logs.

    2. Navigate to the Data Access tab, where you can find the database users assigned to your Space.

      Data Access

    3. Now, simply select the database user you wish to enable audit logs for.

    4. Here you can check the Enable Audit Log for Read or Change Operations checkboxes and set the retention time for the same.

      Database User

    The retention time can be defined per schema.

    Please note, that the statements issued via the execute-procedure for the data lake are currently not audited in SAP Datasphere. As a result, SAP HANA policies are created for the schemas of the Space.

    The policy names of the SAP Datasphere administered objects are:

    DWC_DPP_<Space name>_READ
    DWC_DPP_<Space name>_CHANGE

    Log in to complete tutorial
  • Step 4

    1. Go to Configuration on the bottom right of your screen, and navigate to the Audit tab.

    2. Choose the space from the drop-down list that contains the audit logs you wish to see.

      View

      To configure this setting, you need the audit configuration authorization. We recommend creating a dedicated Space for audit logs, as you might not want all users to view sensitive data.

    The audit logs are saved as external data, for example, as a view. You can now select these audit logs in the Data Builder. The data is located in the AUDIT_LOG view of the DWC_AUDIT_READER schema.

    The audit logs of the database analysis user are saved separately in the ANALYSIS_AUDIT_LOG view.

    Well done!

    You have completed the 6th tutorial of this group. Now you know how to set up and view audit logs in SAP Datasphere.

    Learn in the next tutorial how to change ownership of scheduled remote table replications and data flows.

    Log in to complete tutorial
  • Step 5

    What is the default retention time for audit logging in SAP Datasphere?

    Log in to complete tutorial
Back to Top
Back to top