Enterprise Resource Planning Blogs by SAP
Get insights and updates about cloud ERP and RISE with SAP, SAP S/4HANA and SAP S/4HANA Cloud, and more enterprise management capabilities with SAP blog posts.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Switching to Spaces and Pages Experience Sharing - Using Display Security Audit Log Fiori App

George_Yu
Product and Topic Expert
Product and Topic Expert
‎01-30-2024 10:17 PM
0 Kudos

Introduction

In preparation of switching to Spaces and Pages from 2402 Release of SAP S/4HANA Public Cloud, I have been working with many customers. In this series of blogs, I will share our common experience with you.

First, let me introduce an overlooked Fiori App called Display Security Audit Log.

 

What is the Fiori App "Display Security Audit Log"?

According to SAP Fiori Apps Reference Library, the Display Security Audit Log app displays information about security-relevant events that occur in your SAP system. This can be necessary in case of an audit.  It has the following two key features:

  • Recording of security-relevant events in your SAP system.
  • Access to previously specified log files in the form of an audit analysis report.

To access this app, you need either one of the business user roles of

  • SAP_BR_ADMINISTRATOR
  • SAP_BR_DATA_PRIVACY_SPECIALIST
  • SAP_BR_EXTERNAL_AUDITOR

All above three roles have their corresponding spaces and pages:

  • Spaces
    • SAP_BR_ADMINISTRATOR
    • SAP_BR_DATA_PRIVACY_SPECIALIST
    • SAP_BR_EXTERNAL_AUDITOR
  • Pages
    • SAP_CORE-PGT_AUDIT_PC
    • SAP_CORE_PGT_DPP_PC
    • SAP_CORE_PGT_SEC_PC

When you access this app in 2308 release, there are two versions available. Try to avoid using the one marked as Deprecated. At a minimum, I noticed that Deprecated one has less filter fields, 9 vs. 12. One important filter field called Event Message Text is not there, which I will use extensively.

Below figure is the Display Security Audit Log app screen. The upper portion is the filter, and you can use the Adapt Filters button to add/remove filter fields.

Display Security Audit Log app.png

Display Security Audit Log app

The lower portion displays the event log. Click on the Settings button to select which fields you want to display. Also, you can export the entire list as an Excel file, a great feature for us as Sherlock Holmes, the legendary detective.

 

Scenario 1 – How Do I Know Which Apps A User Has Been Using?

Some of customer systems have created hundreds (I am not exaggerating) business user roles, and none of them have spaces and pages defined. With the switch to spaces and pages in 2402 upgrade, they have a lot of work to do.

First, I tell them the right approach is to adopt as many as SAP business role templates as possible. We talked about the cloud mindset many times.  What is the cloud mindset? Using standard functions/templates! If you didn’t do it then, do it now!!

Second, take a closer look at those roles defined and assigned to users. Are they being used in the past 3 months? We need to narrow down a short list of business user roles which we want to tackle.

Third, using Display Security Audit Log app to help you finding out Fiori apps have been used. At this writing of this blog, there are 6216 Fiori apps for SAP S/4HANA Cloud. There is no way you will use all of them.

Here is how I do it:

  • Launch the Display Security Audit Log app.
  • Enter the following in the Filter area:
    • In the Timestamp filter field, enter a date greater than October 1, 2023. That way I have 3+ months of auditing data.
    • In the Event ID filter field, select GU1 for frontend application.
    • In the User ID filter field, enter a user ID, such as CB998000007.
    • In the ABAP Source filter field, exclude any program starts from C_xxx, which are CDS views related.
  • In the Event Log settings, I remove several columns but ensure I have the Event Message Text.

After hitting the Go button, I retrieved 2499 entries as Audit Log. That is a lot to deal with.

Output from Event Log.png

Output from Event Log

Don’t worry. Let’s export the log to an Excel file Audit Log Events.xlsx to massage the data.

After opening the Excel file, we use the Remove Duplicates function to remove all the duplicated entries in the Event Message Text column.

Remove all the duplicated entries in the Event Message Text column.png

 Remove all the duplicated entries in the Event Message Text column

After the execution, I got 132 entries left from 2499.

Now let’s try to sort data out in the column ABAP Source.

  • APS_xxx: these are Fiori apps, such as APS_IAM_BROLE2_SRV for Maintain Business Roles app
  • CMD_xxx: these are Fiori apps, such as CMD_QLTY_PROD_SALES_ALP_SRV for Data Quality Evaluation Overview for Products app
  • PPM_xxx: these are Fiori apps, such as PPM_PRO_PROJECT_OVP_SRV for My Projects - Project Manager app
  • CA_xxx: these are Fiori apps, such as CA_FM_DEFERRED_ADOPTION_SRV for Activate New Features app
  • C_xxx: these are for CDS views, not an app (I excluded them in the query above; there are over 500 of them)
  • /UI2/xxx, /SSB/xxx, /IWxxx, /CPD/xxx: not an app

After filtering out non-apps entries, I can reduce the entry number to less than 110 from 132.

This example is a little bit on the extreme side, as the user is a consultant who accesses more apps than any regular users. In my own case as a technical user, I use less than 30 apps.

With a reduced list of Fiori apps one user accessed in the past three and a half months, we can easily identify the business roles associated with them.

 

Scenario 2 – How Do I Know Which User Has Switched back to Classical Group Layout?

According to SAP Note 2970113 - SAP S/4HANA Cloud Public Edition: Replacement of SAP Fiori launchpad home page (Outdated) ..., the customer’s systems will be switched to Spaces and Pages layout during the upgrade. However, there is a grace period. The end users can still switch back to Classical Group Layout during this grace period. Some administrators want to find out who did backward switch and would like to find out the reason before final removal of this switch back feature.

To conduct this investigation, I still rely on the Display Security Audit Log app.

Here is my test: At 4:54 pm on January 18, I turned on the Spaces and Pages Layout.  At 5:22 pm, I switched back to the Classical Group Layout. This can be easily achieved by going to the User Setting.

Turning Spaces and Pages on and off at User Setting.png

 Turning Spaces and Pages on/off at User Setting

Now I ran the Display Security Audit Log app with following filter criteria:

  • Timestamp: January 18, 4:50 pm to January 18, 6:00 pm
  • User ID: CB998000008
  • Event ID: GU1

Events associated with Turning Spaces and Pages on&off.png

 Events Associated with Turning Spaces and Pages on and off

When you run this audit report, looking for the following text in the Event Message Text column:

  • SAP Fiori Data Model: Page Runtime Service. This turns on Spaces and Pages Layout
  • Flexible Workflow Administration and Smart Business Runtime. These turn on Classical Group Page Layout

All of these Fiori apps use OData services:

  • FDM_PAGE_RUNTIME_SRV: Enables users to view spaces and pages in the launchpad.
  • SWF_FLEX_ADMIN_SRV: Enables users to use workflow administration service; my guess is that is part of classical group layout launchpad.

With that information in mind, to find out who switched back to the Classical Group Page Layout, all you need to do is finding users who has events of Flexible Workflow Administration (SWF_FLEX_ADMIN_SRV) and Smart Business Runtime (/SSB/SMART_BUSINESS_RUNTIME_SRV).

 

Conclusion

In preparation of switching to Spaces and Pages upon 2402 and 2408 upgrade, you can use the Display Security Audit Log app to assist you in identifying Fiori apps one user uses, and who switched back to the Classical Group Layout.

 

My Blogs on Spaces and Pages

 

My Colleagues’ Blogs on Spaces and Pages

Popular Blog Posts