How to check user history of logon.

former_member362299 · ‎12-11-2014

Hi experts,

I need to check logon details for a particular user, like last 1 week, which date he logged in and what are all the Tcodes he used. Tell me the detailed steps

Regards

Manjappa

former_member201782 · ‎12-11-2014

Hello Manjappa,

You can go to TCode SUIM to check logon history. You need to search by User/By Logon Date and Password change.

There are different search criteria available in SUIM. You can try those based on your requirement.

Hope this helps.

Thanks,

Srikanth

former_member362299 · ‎12-11-2014

Hi Srikanth,

SUIM it only current day login details, i want 1week details. Do i need to set some parameter?

if yes how?

Regards

Manjappa

former_member200428 · ‎12-11-2014

Hi Manjappa,

There is a perfect tool which is present within SAP. With the help of transaction code ST03N,

execute ST03N- select the time period you wanted to find.

Under user and settlement statistics, find the user and double click on the user id to find the transaction codes executed by the user.

Hope this helps you out.

Private_Member_69416 · ‎12-11-2014

Hi Manjappa,

The best way is to define security audit in SM19.

Filters in audit classes "Dialog Logon" and "Transaction Start"

Then you can check in SM20 what users logon/logut times were or

transaction executed in details.

If you can't prepare and need to analyse past actions,

you can only look in transactions described above.

In addition you can analyse workload details per user (last 24h) in transaction STAD.

Regrads

Przemek

former_member201782 · ‎12-12-2014

Hello Manjappa,

You can try below.

1. Goto STAD, Give date and hit Enter. This will give you all the transactions executed for that day with users list.

2. Goto ST03N--->Expert Mode--->Expand Instance name-->Double on week you want to view. Below in Analysis Views, Goto Transaction profile/standard to check what transactions have been executed for that week (but you do not have user name in this list). Goto User and Settlement Statistics to check User history for that week (but you do not have Transaction code in the list)

So you have to prepare some custom report based on STAD and ST03N.

You can also access STAD from ST03N. In ST03N, Expand Detailed Analysis and double click on Business Transaction Analysis.

Hope this helps.

Thanks.

Best Regards,

Srikanth

Former Member · ‎12-12-2014

Hi,

SM19 & SM20 is the best option to check the 1 week ago used t-codes by user but before that SM19 should be in active for that user and you will get the audit log in SM20. Usually in support projects SM19 will be enabled for all the users.

from STAD t-code will get only the data for (24 hrs) and if there is any custom t-code for STAD we will get the data from months ago.

currently we are using custom t-code which will get the data for minimum 3 months ago.

Regards,

Babu

Former Member · ‎12-12-2014

Yes, and make absolutely sure, you contacted your Basis-guys beforehand. Not out of politeness, but just to avoid being decapitated the next time you show up on their territory.

SM19 and SM20 for a single user, over a week, for every transaction is not (!!) a performant way to find out what a single person is doing in the system. Especially not in productive landscapes with multiple application servers, where you would have to run the log on every instance because load balancing. Bleh!

ST03N will give you some data - the beauty of which is: they are strictly performance-orientated and a Basis tool and hence respect such things as protection of data privacy of which some countries, in fact, have laws about. You don't get all the data sorted by userID out of ST03N.

So, the first question we ask here, before we throw around technical advice is:

Why would you need such data?
Has HR explicitely authorized you to extract such data from the system?

Private_Member_69416 · ‎12-12-2014

?

I don't see the problem.

I have activated SM19 in whole landscape. With multiple application servers. For almost all audit events.

It's great - especially when auditors wants login times for set of users since 1 year or

dates and times when spacial transactions were executed.

Analyse in SM20 is across all application servers you have.

It's security basic to activate security logging on production systems.

Former Member · ‎12-12-2014

If you do it for security purposes, that might be alright. But you don't monitor the work performance of one/every employee with every transaction (and time-stamps on that) without the consent of said/every employee.

I can't think of a SAP-using country where this doesn't have legal implications.

Message was edited by: Mylene Euridice Dorias Just to clarify: security purposes means external calls, RFCs, the use of an emergency user etc. It does not mean: all users regardless.

Private_Member_69416 · ‎12-12-2014

SM20 transaction times executions don't give you exact performance - you don't know how long he was there. More such data you can take from ST03N - steps, utilizations, times.

The have clear hands you need to have appropriate corporate policy to collect and permission from authorized unit to process.

In every moment you can face challenges like: someone did processing as absent user.

Without wide logging you know nothing.

Former Member · ‎12-12-2014

Well, no - they do not have clear hands, in case the corporate policy allows to collect personal data. Not even if the authorized unit agrees.

There is something like law that forbids expressly the collection of exactly those data.

I don't know where you live/work but judging by your name I would hazard the guess: Poland. Let me tell you something: it's forbidden by the law to collect personal data (which work performance data are) without the consent of the respective user.

If you don't believe me, contact:

Mr. Wojciech Rafal Wiewiórowski

ul. Stawki 2

PL 00-193 Warszawa

who is the representative in such matters in Poland.

Why do you think, we make out authorizations in SAP as strict as possible? Why do we define emergency-users? Why do we apply all manner of security restrictions?

In order to AVOID having to monitor all "subjects". Because. The Law.

Private_Member_69416 · ‎12-12-2014

It’s my last post in this topic I have nothing to add to help Manjappa

If you have law/moral objections against monitoring use of transactions – ok.

Not all countries have the same legislations.

In Poland employer hasn’t strict regulations about monitoring employees.

He can protect his interests by assuring if employee is dong his work properly.

In some cases employer have even obligation by law to do this to prevent harms to third persons.

Of course right for privacy is more protected, but for example all emails can be fully investigated when corporate policy forbids using infrastructure for private communication.

For your knowledge Mr. Wojciech Rafal Wiewiórowski is no longer head of GIODO. He was cancelled by parliament some days ago.

Thanks for the discussion

Former Member · ‎12-15-2014

Ahh.. I love the smell of flamewars in the morning...

IMO there is always, in all countries, a necessity to protect certain data. For example the STAD data is always there for 48 hours, and the SU53 buffer information is always there for a default of 100 errors, and a ST01 trace is irreplaceable for trouble shooting, and the GOS history db has the last 20 memory values in it, and USR02 has lock counters and logon dates which are always there.

So activating the security audit log to collect security related data for a rainy day is correct and should be protected (you need to get past several authority-checks for s_admi_fcd AUDD, s_dataset, s_c_funct before you can read it..) with regards to reading and using the data.

If you don't have a log, you might get into trouble with legal requirements as well. If you don't protect the log you can certainly get into trouble (as Mylene has pointed out).

Cheers,

Julius

former_member362299 · ‎12-15-2014

Thanks Babu

Former Member · ‎12-15-2014

This message was moderated.