Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Change Logs for Download and Upload of Roles in PFCG

Go to solution
former_member185447
Active Contributor

‎05-12-2015 2:39 AM

0 Kudos

Hello Security Team,

One of our user has downloaded roles from PFCG and we need to find out who has done that.

Are there any change logs or report Where I can see who has downloaded and uploaded roles in PFCG?

Regards,

Deepak M

1 ACCEPTED SOLUTION

Go to solution
Colleen
Advisor
Advisor

‎05-12-2015 4:41 AM

0 Kudos

Hi Deepak

Why do you need to know? I'd be more concerned about uploading.

Downloading won't write any change logs. At best you might find who went to PFCG in STAD or SM20 logs.

If you want to restrict downloading roles then restrict ACTVT within S_USER_AGR for DL (Download) or UL (upload).  If you have Firefighter (and it's important to restrict) then you could allow it there.

Regards

Colleen

4 REPLIES 4

Go to solution
Colleen
Advisor
Advisor

‎05-12-2015 4:41 AM

0 Kudos

Hi Deepak

Why do you need to know? I'd be more concerned about uploading.

Downloading won't write any change logs. At best you might find who went to PFCG in STAD or SM20 logs.

If you want to restrict downloading roles then restrict ACTVT within S_USER_AGR for DL (Download) or UL (upload).  If you have Firefighter (and it's important to restrict) then you could allow it there.

Regards

Colleen

Go to solution
former_member185447
Active Contributor
In response to Colleen

‎05-12-2015 5:49 AM

0 Kudos

Hello Colleen,

More than who has downloaded, I  am just wondering since its something important,
My doubt is: Whether there are any change logs for download and upload of roles?

If it is there, How to look into Change Logs and

If it is not there: Why didn't SAP not come with change logs for downloading and uploading in roles?

Regards,

Deepak M

P.S : @Colleen: Missing you lot on the GRC Space in Documents and Blogs...Please be more Active

Go to solution
Colleen
Advisor
Advisor
In response to Colleen

‎05-12-2015 6:43 AM

0 Kudos

Hi Deepak

Change logs aren't written for download as you are effectively downloading a file. You can prevent access which is valid to do to limit who is allowed to download security. Why is downloading a problem in your system?

For upload, change documents should exist but they won't show that you uploaded. If you see changes directly in a client then they weren't transport. Again, limit who is allowed to upload. If you have firefighter shift the authorisation there.

Regards

Colleen

P.S. I haven't had access to a GRC system for over a year. I am less active in the space as quite a few others have stepped up. I read the posts but there is no value in me contributing outdated knowledge - it is far better to let the newer members with current experience jump in and answer/produce content. GRC space is a lot more active than it was 2 years ago

Go to solution
Former Member

‎05-12-2015 3:30 PM

0 Kudos

Deepak,

As long as you have security audit log enabled in the client, you should be able to see who downloaded the role or just the profile. Good luck!

Pawan.