Auditing in BI4

Auditing in BI 4.0

Orange Business ServicesSAP Active Global SupportAutumn 2013

© 2011 SAP AG. All rights reserved. 2Customer

Agenda

1. What is Auditing?2. Auditing Dashboard3. Auditing Data Store4. Consistent Auditing Events


What is Auditing?

Keep a record of significant events on servers and applications

Can give you a picture of:

What information is being accessed

How it's being accessed and changed

Who is performing these operations

Information recorded in a database called the Auditing Data Store (ADS)

Can design custom reports based off of data in the ADS

No packaged sample universes or reports included with BI4

Samples can be found on the SAP Developer Network (SDN) site

Keep a record of significant events on servers and applications

Can give you a picture of:

What information is being accessed

How it's being accessed and changed

Who is performing these operations

Information recorded in a database called the Auditing Data Store (ADS)

Can design custom reports based off of data in the ADS

No packaged sample universes or reports included with BI4

Samples can be found on the SAP Developer Network (SDN) site


Auditing Install in 4.0

Special license keys not required in 4.0

For performance reasons it is recommended to have auditing DB separate from

Central Management Server (CMS) DB

After install, auditing is preconfigured, enabled and running

Silent install provides no auditing command line parameter

Special license keys not required in 4.0

For performance reasons it is recommended to have auditing DB separate from

Central Management Server (CMS) DB

After install, auditing is preconfigured, enabled and running

Silent install provides no auditing command line parameter


Agenda



Auditing Install in 4.0

Special license keys not required in 4.0For performance reasons it is recommended to have auditing DBseparate from Central Management Server (CMS) DBAfter install, auditing is preconfigured, enabled and runningOption to not configure auditing disables auditing and hence no auditingevents are firedSilent install provides no auditing command line parameter


Auditing Dashboard


Auditing Dashboard:Status Summary Section Overview

The Auditing Status Summary section is a new featureMetrics to optimize auditing configurationAlerts of potential issues with auditingWarnings under the following circumstances:

– The connection to the Auditing Data Store (ADS) database is unavailable.– There is no running or enabled Client Auditing Proxy Service (CAPS)– An Auditee has events that could not be retrieved

The Auditing Status Summary section is a new featureMetrics to optimize auditing configurationAlerts of potential issues with auditingWarnings under the following circumstances:

– The connection to the Auditing Data Store (ADS) database is unavailable.– There is no running or enabled Client Auditing Proxy Service (CAPS)– An Auditee has events that could not be retrieved


Auditing Dashboard: Status Summary SectionMetrics

CMS collects events from all auditees once every 3 minutes.CMS automatically adjusts polling cycle duration.Manual configuration of polling cycle duration is not possible.



Auditing Dashboard: Status Summary SectionPolling Cycle




What happens during the polling cycle?Server auditing

1. An auditable event is performed by the server.2. The auditee writes events in a temporary file.3. The auditor polls the auditee and requests a batch of auditing events.4. The auditee retrieves the events from the temporary files.5. The auditee transmits the events to the auditor.6. The auditor writes events to the ADS and signals the auditee to delete the events from

the temporary files.

1. An auditable event is performed by the server.2. The auditee writes events in a temporary file.3. The auditor polls the auditee and requests a batch of auditing events.4. The auditee retrieves the events from the temporary files.5. The auditee transmits the events to the auditor.6. The auditor writes events to the ADS and signals the auditee to delete the events from

the temporary files.


What happens during the polling cycle?Client auditing


What happens during the polling cycle?Client auditing via CAPS

Client Auditing Proxy Service (CAPS)


Client Auditing: CAPS

To enable client auditing (events sent by clients) you must have at least oneAdaptive Processing Server (“APS”) with Client Auditing Proxy Service(“CAPS”).

For high availability and load balancing it is highly recommended to have atleast 2 APS servers with CAPS services

Each APS to be hosted on a different machine to minimize the effect ofhardware failure

It is critical to have at least one CAPS always available, otherwise clientevents will be lost

Make sure that each APS request port is open in the firewall between clientsand APS to allow client events to be delivered to CAPS

To enable client auditing (events sent by clients) you must have at least oneAdaptive Processing Server (“APS”) with Client Auditing Proxy Service(“CAPS”).

For high availability and load balancing it is highly recommended to have atleast 2 APS servers with CAPS services

Each APS to be hosted on a different machine to minimize the effect ofhardware failure

It is critical to have at least one CAPS always available, otherwise clientevents will be lost

Make sure that each APS request port is open in the firewall between clientsand APS to allow client events to be delivered to CAPS

The preinstalled APS hosts CAPS. Instead ofusing a pre-installed APS with CAPS, it isrecommended to create a new APS dedicatedonly to CAPS. This will significantly improveperformance and high availability.


Back to the Auditing DashboardStatus Summary Section


Auditing Dashboard: Configuring Auditing Events andEvent Details

Use the “Auditing Level” slider in “Set Events” to chose the level of auditingChoose “Custom” to select individual auditing eventsChanges apply to all servers and applications.You can enable and disable some event details:

QueryUser Group DetailsFolder Path DetailsRights DetailsProperty Value Details

Note: For client auditing it may take up to two minutes after the changes havebeen made before the system will start recording data for any new events. Makesure you allow for this delay when implementing changes to the system.

Use the “Auditing Level” slider in “Set Events” to chose the level of auditingChoose “Custom” to select individual auditing eventsChanges apply to all servers and applications.You can enable and disable some event details:

QueryUser Group DetailsFolder Path DetailsRights DetailsProperty Value Details

Note: For client auditing it may take up to two minutes after the changes havebeen made before the system will start recording data for any new events. Makesure you allow for this delay when implementing changes to the system.


Auditing Dashboard : Configuring ADS Database

If Auditing is enabled and ADS database not configured, audit eventsaccumulate.

CMS must be restarted for changes in ADS database configuration to takeplace.

Multiple clusters can write events to the same ADSAuto-delete: Delete events older than (days)ADS Auto Reconnect – CMS automatically reconnects to ADS when connection

is lost.

If Auditing is enabled and ADS database not configured, audit eventsaccumulate.

CMS must be restarted for changes in ADS database configuration to takeplace.

Multiple clusters can write events to the same ADSAuto-delete: Delete events older than (days)ADS Auto Reconnect – CMS automatically reconnects to ADS when connection

is lost.


Summary of Audit Configuration in CMC

You cannot configure:• Auditing polling interval duration• Which events are retrieved• AuditInterval and AuditMaxEventsPerFile

command line CMS parameters no longersupported.

You can configure:• In CMC > Servers > Nodes >

Placeholders• The location of temporary auditing files

• In CMC > Audit (Audit Dashboard)• Auditing levels and events details• Audit ADS database

All auditing configuration is done in CMC, no more in CCM.


Agenda



Migration

New auditing events and ADS schema are not compatible with XI 3.1 auditingdatabase.

No migration of auditing data between releases.Event structure and information collected has changed.Audit events have more information in 4.0.Consistency of event data.

No out of the box sample auditing universe and reports.

New auditing events and ADS schema are not compatible with XI 3.1 auditingdatabase.

No migration of auditing data between releases.Event structure and information collected has changed.Audit events have more information in 4.0.Consistency of event data.

No out of the box sample auditing universe and reports.

Caution: If you specify an older version of the auditing database duringthe installation, the contents of the database will be re-initialized andpermanently deleted!


ADS: schema


Key tables are ADS_EVENT and ADS_EVENT_DETAILADS_EVENT contain all event properties for each event (onerow per event), and includes:

Event IDOrigin:– Cluster_ID– Server_ID– Service_Type_ID– Client_Type_IDTime (when event took place):– Start_Time (in GMT)– Duration_ms– Time_Added_To_ADSUser (who caused auditable operation)– User ID– User Name– Session IDEvent type (which operation)– Event_Type_ID– Status ID

Action IDObject Properties (on which resource the

operation is performed)-Object_ID-Object_Name-Object_Type-Folder_Path-Folder ID-Top_Folder_Name-Top_Folder _ID

ADS: ADS_EVENT


Agenda



Auditing Transversal Consistency

Auditing events are now transversally consistent.There are two types of events:

CommonSpecific


Auditing Common Events

EventName

ID MinimalAuditingLevel

Description

View 1,002 Default User viewed a document / object

Refresh 1,003 Default User refreshed an object

Prompt 1,004 Default User selected value for a prompt

Create 1,005 Default User created an object

Delete 1,006 Default User deleted an object

Modify 1,007 Default User modified property(ies) of an object

Save 1,008 Default Saving a document / object locally, remotely or to CMSrepository. In the same of different format.

Search 1,009 Default User searched for a document, text

Edit 1,010 Default User edited a the content of an object

Run 1,011 Default A job was run

Deliver 1,012 Default An object was attempted to be delivered

Retrieve 1,013 Complete Object is retrieved from CMS

Logon 1,014 Minimal User logon

Logout 1,015 Minimal User logout

Trigger 1,016 Complete An event was triggered


Auditing Common Events (cont.)

- Doesn’t apply. No auditing events is triggered by the component.- Auditing event is triggered by the component.- The component relies on CMS event with the same name. No auditing event is triggered by the component.- The “Save” results in CMS firing Create or Modify events. No auditing event is triggered by the component.

S - The component relies on Search Service event. No auditing event is triggered by the component- The event generated by Live Office Web Services provider on behalf of the client- The event generated by Query as a Web Service and Live Office Web Services provider on behalf of the client


BI Platform Specific Events

BI Platform

Components Generating Events

Event Name ID MinimalLevel

Description

RightsModification

10003 Minimal Right on object were modified

CustomAccess LevelModified

10004 Minimal Custom Access Level wasmodified

AuditingModification

10006 Minimal Tracks changes in auditingevents state (enabled/disabled)

Event Name CMS EventService

Rights Modification

Custom Access Level Modified

Auditing Modification


SAP BusinessObjects Web Intelligence Specific Events

SAP BusinessObjects Web Intelligence (WEBI) Events:

Components Generating Events:

EventName

ID MinimalLevel

Description Generatedby

Drill Out OfScope

10201 Complete Drill Out Of Scope WRC, WEBIServer

PageRetrieved

10202 Complete WebI document pageretrieved

WEBI Server

Event Name WEBI RichClient

WEBIProcessingService

Drill Out Of Scope

Page Retrieved


SAP BusinessObjects Analysis Specific Events

SAP BusinessObjects Analysis Events:

Event Name ID MinimalLevel

Description Generatedby

MDASSession

10300 Complete MDAS Session operationperformed

MDASservice

CubeConnection

10301 Complete Cube Connection operationperformed

MDASservice


Auditing Events: Workflow Example 1

Example of sequence of events for viewing an SAP Crystal Reports report(document A) on demand with prompts in BI Launchpad.

Component Event Note

BI Launchpad View Object ID = CUID of document A

CMS Retrieve Object ID = CUID of document A

CR ProcService

Prompt Object ID = CUID of document APrompt Name = CountryPrompt Value = USA

CR ProcService

Refresh Object ID = CUID of document AQuery = select * from ….

CR CacheService

View Object ID = CUID of document A


Auditing Events: Workflow Example 2

Example of sequence of events for viewing an SAP BusinessObjects WebIntelligence document (document A) in CMC with two prompts.

Component Event Note

CMC View Object ID = CUID of document A

CMS Retrieve Object ID = CUID of document A

SAPBusinessObjectsWeb IntelligenceProc Service

Prompt Object ID = CUID of document ABunch = 1Prompt Name = RegionPrompt Value = EastPrompt Value = West

Bunch = 2Prompt Name = CountryPrompt Value = USAPrompt Value = Canada


Refresh Object ID = CUID of document ABunch = 1Universe Name = SalesUniverse ID = CUID of Sales universeUniverse Object Name = QuarterUniverse Object Name = Customer

Bunch = 2Universe Name = OrdersUniverse ID = CUID of Orders universeUniverse Object Name = Amount

Query = SELECT * FROM …


View Object ID = CUID of document A


Supported Databases

Thank You!

Contact information:


No part of this publication may be reproduced or transmitted in any form or for anypurpose without the express permission of SAP AG. The information containedherein may be changed without prior notice.Some software products marketed by SAP AG and its distributors containproprietary software components of other software vendors.Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks ofMicrosoft Corporation.IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5,System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries,zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6,POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes,BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF,Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere,Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBMCorporation.Linux is the registered trademark of Linus Torvalds in the U.S. and othercountries.Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks orregistered trademarks of Adobe Systems Incorporated in the United States and/orother countries.Oracle and Java are registered trademarks of Oracle and/or its affiliates.UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, andMultiWin are trademarks or registered trademarks of Citrix Systems, Inc.HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®,World Wide Web Consortium, Massachusetts Institute of Technology.

© 2011 SAP AG. All rights reserved.

SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjectsExplorer, StreamWork, and other SAP products and services mentioned herein aswell as their respective logos are trademarks or registered trademarks of SAP AGin Germany and other countries.

Business Objects and the Business Objects logo, BusinessObjects, CrystalReports, Crystal Decisions, Web Intelligence, Xcelsius, and other BusinessObjects products and services mentioned herein as well as their respective logosare trademarks or registered trademarks of Business Objects Software Ltd.Business Objects is anSAP company.

Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and otherSybase products and services mentioned herein as well as their respective logosare trademarks or registered trademarks of Sybase, Inc. Sybase is an SAPcompany.

All other product and service names mentioned are the trademarks of theirrespective companies. Data contained in this document serves informationalpurposes only. National product specifications may vary.

The information in this document is proprietary to SAP. No part of this documentmay be reproduced, copied, or transmitted in any form or for any purpose withoutthe express prior written permission of SAP AG.


© 2011 SAP AG. Alle Rechte vorbehalten.

Weitergabe und Vervielfältigung dieser Publikation oder von Teilen daraus sind,zu welchem Zweck und in welcher Form auch immer, ohne die ausdrücklicheschriftliche Genehmigung durch SAP AG nicht gestattet. In dieser Publikationenthaltene Informationen können ohne vorherige Ankündigung geändert werden.Die von SAP AG oder deren Vertriebsfirmen angebotenen Softwareproduktekönnen Softwarekomponenten auch anderer Softwarehersteller enthalten.Microsoft, Windows, Excel, Outlook, und PowerPoint sind eingetragene Markender Microsoft Corporation.IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5,System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries,zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6,POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes,BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF,Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere,Netfinity, Tivoli und Informix sind Marken oder eingetragene Marken der IBMCorporation.Linux ist eine eingetragene Marke von Linus Torvalds in den USA und anderenLändern.Adobe, das Adobe-Logo, Acrobat, PostScript und Reader sind Marken odereingetragene Marken von Adobe Systems Incorporated in den USA und/oderanderen Ländern.Oracle und Java sind eingetragene Marken von Oracle und/oder ihrerTochtergesellschaften.UNIX, X/Open, OSF/1 und Motif sind eingetragene Marken der Open Group.Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame undMultiWin sind Marken oder eingetragene Marken von Citrix Systems, Inc.

HTML, XML, XHTML und W3C sind Marken oder eingetragene Marken desW3C®, World Wide Web Consortium, Massachusetts Institute of Technology.SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjectsExplorer, StreamWork und weitere im Text erwähnte SAP-Produkte und -Dienstleistungen sowie die entsprechenden Logos sind Marken oder eingetrageneMarken der SAP AG in Deutschland und anderen Ländern.Business Objects und das Business-Objects-Logo, BusinessObjects, CrystalReports, Crystal Decisions, Web Intelligence, Xcelsius und andere im Texterwähnte Business-Objects-Produkte und Dienstleistungen sowie dieentsprechenden Logos sind Marken oder eingetragene Marken der BusinessObjects Software Ltd. Business Objects ist ein Unternehmen der SAP AG.

Sybase und Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere undweitere im Text erwähnte Sybase-Produkte und -Dienstleistungen sowie dieentsprechenden Logos sind Marken oder eingetragene Marken der Sybase Inc.Sybase ist ein Unternehmen der SAP AG.Alle anderen Namen von Produkten und Dienstleistungen sind Marken derjeweiligen Firmen. Die Angaben im Text sind unverbindlich und dienen lediglich zuInformationszwecken. Produkte können länderspezifische Unterschiedeaufweisen.Die in dieser Publikation enthaltene Information ist Eigentum der SAP. Weitergabeund Vervielfältigung dieser Publikation oder von Teilen daraus sind, zu welchemZweck und in welcher Form auch immer, nur mit ausdrücklicher schriftlicherGenehmigung durch SAP AG gestattet.


Headline area

Drawing area

White space

The Grid

Documents

Auditing in BI4