cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Service Account for CMS Audit and CMS database

Go to solution
former_member340306
Participant

on ‎12-16-2015 2:30 AM

0 Kudos

Hi,

I have cluster environment with 2 nodes. My CMS and CMS_audit database exist under the same SQL server instance e.g. DEV_Instance. I created two ODBC conenctions one for CMS and Audit and we are using windows NT authenticatiom rather than a dedicated SQL server account.

After the install i was able to see the CMs and the Audit tables created in the SQL server instance.

now i am running the CMS as a service account rather than local and i make the change in the SIA properties to run using the service account rather than local. I am planning to enable auditing and what confused me is that client provided me different service account and password for auditing than CMS. If understand correctly i am already using the CMS service account in SIA and it should be logging information in the CMS tables in the database (CMs) .

now i see a username and password option in the auditing section of the CMC,i have a seperate service account for audting which is different than CMS, should i enter a seperate service account or it should be the same account that is used for CMS?

how to test properly that auditing is enabled correctly and right service account is used/

Thanks

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member205064
Active Contributor
‎12-16-2015 3:13 AM
0 Kudos

you can use diffrent service accout for same DEV_Instance schema.

the diffrent service accout should have dbo rights on the DEV_Instance schema.

to check update the Audting secion with the new service account password.

if any userid\password is incorrect it will not accept it.

Enable auditing in CMC.

also monitor the Auditing log folder is the files are getting stack or getting removed from there.(writing to audting TABLE)

Show replies
Show replies
former_member340306
Participant
‎12-16-2015 3:26 AM
0 Kudos

Thanks Ronak,

So basically even when we are using a different service account for CMS in SIA, i should enter the auditing service account and password in the CMC-->Auditing section  ---

i checked in the SQL management studio and the audit service account is listed user users-->permissions with the ability to read/write modify rights.

you mentioned if the user and password is incorrect it will not accept it -- do you mean when i enter that in CMC-->Auditing OR there willl be an entry in the auditing log files?

So for enabling auditing, is there anything else that needs to be done other than what is listed under CMC-->auditing section?

so  i have the default folder for auditing i.e. sap business objects Enterprsie XI 4.0 --> Auditing.

i already see some files in it? i opened these files and actually dont understand what they are logging already when auditing is not even enabled yet -- can you give me an idea about these files and how they might chnage and what should i check to confirm that CMS is collecting the audit data correctly ?

Thanks

former_member205064
Active Contributor
‎12-16-2015 3:40 AM
0 Kudos

yes in Auditing secion if the userid\password is in correct they you will get error.

also, creating an ODBC connection will also refect error if any such issue.

For Auditing all activiy is though CMC->Auditing section.

CMS audits create audit files in the Auditing folder.

it uses Auditing Folder as temp folder and removes the files and writes in Auditing DB.

if the CMS fails to write anything in the Auditing DB the files size will keep on increasing in Auding folder.

former_member340306
Participant
‎12-16-2015 3:47 AM
0 Kudos

ok let me try that , i will let you know incase i get an error.

former_member340306
Participant
‎12-16-2015 4:17 AM
0 Kudos

Hey i amde the changes in CMC -->auditing witht he Audit user account and i didnt know how to put the information for CMS auditor, but it showed in the status bar to restart the SIA. I restarted the SIA and it seems the SIAis not restarting because of login failure !

like i mentioned SIA had a different service account information for clogin for CMS and now for audit we used a differnt service account and password.

former_member205064
Active Contributor
‎12-16-2015 4:30 AM
0 Kudos

Did you also modified the SIA account?

In the SIA property put the service account which has access to CMS DB.

This account should have admin rights on the server.

IF its still faliing to start try to start with local host and check if it works.

If it works then the issue is with the service account and its rights.

run the SIA with local host and remove the Auditing information from CMC->Auditing

STOP the SIA and run with the service Account.

Auditing is not related to CMS DB and SIA.

In your case you are using the same schema, if possible try to have seperate schema for Auditing and diffrent account.

But still if its not possible then keep same service accout in Auditing secion which is used for SIA then try to understand the schema access for both the account on the same DB.

former_member340306
Participant
‎12-16-2015 4:37 AM
0 Kudos

so i ran it as a local host , and SIA is running but for ODBC we are using the the NT account, so i am unable to login to the CMC it seems - i think to connect to the CMS it is looking for the CMS service account

former_member340306
Participant
‎12-17-2015 9:28 AM
0 Kudos

since we are using windows NT account even though we have 'audit_CMS' ODBC and 'CMS ' ODBC, but our SIA is running as a CMS service account. So for auditing i used windows authentication rather than sql server (w/user and password) - made sure that my CMS service account has both permissions to CMs and Auditing databases  {they are on the same SQL server instance , one DB schema for CMS and one for Audit}. adn everything seems to work fine.

my auditing logs are getting cleared from Auditing logs and written to ADS.

my setting for Auditing is as follows:

ADS database:

Connection name : CMS_Audit {Audit ODBC}

Type : Microsoft SQL Server

User windows authentication (checked)  {but for SQL server accounts this will be unchcked and                                                                                  user/pass} will be populated }

Please give your feedback if there is anything else that needs to be taken under consideration to improve the auditing experience.

former_member205064
Active Contributor
‎12-18-2015 6:19 AM
0 Kudos

seems ok to me.

Have u observed any issue with SIA and Audit?

former_member340306
Participant
‎12-30-2015 6:24 PM
0 Kudos

actually not yet - everything seems to work fine- i will let you know if i do

Answers (0)

Ask a Question