SAP User Interface (UI) LoggingLogging of SAP NetWeaver BW AccessSAP Custom DevelopmentOctober 2014

2© 2014 SAP SE. All rights reserved.

Disclaimer

The information in this presentation is confidential and proprietary to SAP and may not bedisclosed without the permission of SAP. This presentation is not subject to your licenseagreement or any other service or subscription agreement with SAP. SAP has no obligation topursue any course of business outlined in this document or any related presentation, or todevelop or release any functionality mentioned therein. This document, or any relatedpresentation about SAP’s strategy and possible future developments, directions, andfunctionality of products and/or platforms, are all subject to change and may be changed bySAP at any time for any reason without notice. The information in this document is not acommitment, promise, or legal obligation to deliver any material, code, or functionality. Thisdocument is provided without a warranty of any kind, either express or implied, including butnot limited to, the implied warranties of merchantability, fitness for a particular purpose, ornon-infringement. This document is for informational purposes and may not be incorporatedinto a contract. SAP assumes no responsibility for errors or omissions in this document,except if such damages were caused by SAP intentionally or grossly negligent.All forward-looking statements are subject to various risks and uncertainties that could causeactual results to differ materially from expectations. Readers are cautioned not to place unduereliance on these forward-looking statements, which speak only as of their dates, and theyshould not be relied upon in making purchasing decisions.

3© 2014 SAP SE. All rights reserved.

RCS UI LoggingData leakage: the insider threat

4© 2014 SAP SE. All rights reserved.

Summary

You are looking for improved data security?SAP supports you

The BW logging solution allows your company totrace access to SAP NetWeaver BusinessWarehouse.Hence you get the possibility to reproduce theconjunction of information accesses, which do notimplicitly arise as a result of the design of yourauthorization concept.This active form of logging of data accesses helpsyou to better distinguish between data usage anddata misuse.And delivers therefore a major contribution forbuilding trust in your SAP application systems toyour employees.

AccessControl

AuthorizationConcept

System & DatabaseLogging UI Logging

Business Background

6© 2014 SAP SE. All rights reserved.

Key Business Needs

Demand for specific protection of customer andemployee data

Demand for intensified protection of highsensitive enterprise data

Enhanced attention of data protectionadministrations with regard to logging especiallyconcerning read accesses of all data types

Sensitivity and requirements of the workcouncils for logging of data in systems

The relevance of data information systemsarises permanently. In this context the usage ofcustomer data in compliance with statutoryrequirements becomes more and more achallenge

The more open authorizations are granted in acompany the more important is the logging alsoof read accesses in order to prevent datamisusage.

7© 2014 SAP SE. All rights reserved.

Use Cases for Logging Read Access to Meet Data ProtectionRequirements

Sensitive Business Information

A merchant bank in Frankfurt wants greatersecurity for sensitive business information andto protect itself from industrial espionage.

Employees in its reporting team are authorizedto run reports. The results delivered by thesereports, and what then happens to this data, isnot logged.

Logging of all access to BW to bring aboutcomplete transparency

Human Resources

A major international freight forwarding companywants to make its human resources processes moretransparent; it wants to know which HR staff haveaccessed what sensitive employee data (notablysalary information).

HR employees are authorized to access employeedata. But do they have a valid business reason fordoing so?

Tracking access to this data avoids misuse.

Sales

A major German logistics company wants to logsales staff access to customer and accountdata.Even though customer service representativesare authorized to view certain customer data,they must have a valid business reason fordoing so.Avoidance of misuse, such as disclosure ofbusiness terms and conditions to competitors

Data Theft

Universal bank: Prevent unwanted leaks of customerdata to the competition, for example.

Logging of access to the CRM and BW system toprevent data theft and to provide an activity audit trailshould an incident occur.

Logging automated access to systems by reports andother external applications.

Audit trails serve as a deterrent.

8© 2014 SAP SE. All rights reserved.

Product – Key Elements

The BW Logging solution records the data accessed viathe channels

BEx Analyzer, BEx WebBW Integrated PlanningMDX, BICS

Rapid and uncomplicated implementation:• Efficient implementation of legal requirements and

implementation regulations of data protectionadministrations

Optimal run time performance• Applications are not changed or touched• Logging runs in the background with minimal impact on

system resources• Competing solutions require more resources

- UI Logging produces here relief

Logging of BEx Analyzer

10© 2014 SAP SE. All rights reserved.

BEx Analyzer (Excel) Logging Processing

Enhancing the BEx Analyzer (Excel) in order to observe the in- and outcoming data traffic

11© 2014 SAP SE. All rights reserved.

BEx Analyzer (Excel) Logging can be enabled while using BEx Analyzer

BEx Analyzer (Excel) Logging

Query input (parameter, filter…)Query output (query result)The requester nameInfoprovider nameQuery name

What is logged?

Name-Value Pairs

Output Format

BEx Analyzer Logging

12© 2014 SAP SE. All rights reserved.

BEx AnalyzerConfiguration

Use SM34 in order to maintain the customizing tableEnable logging functionality :

For infobject names : BI InfoobjectsFor all queries within an infoprovider names : BI InfoprovidersFor a specific query : BI Queries

13© 2014 SAP SE. All rights reserved.

BEx AnalyzerInput data logging

Input filter while executing the queries

Query result

14© 2014 SAP SE. All rights reserved.

BEx AnalyzerOutput data logging

Output queries result set

Query result

Logging of BEx Web and BICS

16© 2014 SAP SE. All rights reserved.

BEx web / BICS Logging Processing

Enhancing the BEx Web / BICS in order to observe the in- and outcoming data traffic

17© 2014 SAP SE. All rights reserved.

BEx Web Logging can be enabled while using Bex Web

BEx Web/BICS Logging

Query input (parameter, filter…)Query output (query result)The requester nameInfoprovider nameQuery name

What is logged?

Name-Value Pairs

Output Format

BEx Web / BICS Logging

18© 2014 SAP SE. All rights reserved.

BEx Web / BICS Demo - Configuration

Use SM34 in order to maintain the customizing tableEnable logging functionality :

For infoobjet names : BI InfoobjectsFor all queries within an infoprovider names : BI InfoprovidersFor a specific query : BI Queries

19© 2014 SAP SE. All rights reserved.

BEx Web / BICS Demo - Input data logging

Input filter while executing the queries

Query result

20© 2014 SAP SE. All rights reserved.

BEx Web / BICS Demo - Output data logging

Output queries result set

Query result

Logging of MDX

22© 2014 SAP SE. All rights reserved.

MDX Logging Processing

Enhancing the RFC modules which are used from the MDX interface in order to observethe in- and outcoming data traffic

Frontend Toolsor 3rd partyproductsusingSAP MDXinterface

ExternalRepository

SAP BackendRFC Framework

Request

Response

Business Engine

RFC

Laye

r

MD

XP

roce

ssor

Legend New Enhancement

Import / Exportdata traffic

Temporary Log(Asynchronous)transfer toExternal Repository

OLA

PP

roce

ssor

23© 2014 SAP SE. All rights reserved.

MDX Logging

MDX Logging can be enabled on BI Query, Infoprovider , Infoobject

MDX Logging

Function module nameImport data special MDX commandProcessing ErrorsOutput data (if requested)

What is logged?

Name-Value PairsValue in XML format

Output Format

24© 2014 SAP SE. All rights reserved.

MDX Demo using Crystal Reports 2008

25© 2014 SAP SE. All rights reserved.

MDX Demo using Crystal Reports 2008

26© 2014 SAP SE. All rights reserved.

MDX Demo using MDX command generator for allpossible MDX RFC Function modules

27© 2014 SAP SE. All rights reserved.

MDX Demo using MDX command generator for allpossible MDX RFC Function modules

28© 2014 SAP SE. All rights reserved.

MDX Demo using MDX command generator for allpossible MDX RFC Function modules

Logging of BW Integrated Planning

30© 2014 SAP SE. All rights reserved.

BW-IP Logging Processing

Enhancing the RFC Functionmodule which are used from the BW-IP Tools to storechanged planning values

Frontend Tools

BW FrontendBEx Analyzer(BW-BEX-XLS)

BEx WebApplications(BW-BEX-WEB)

Query withBW-IntegratedPlanning function

ExternalRepository

SAP BackendRFC Framework

Request

Response

Business Engine

RFC

Laye

r

BIC

SIP

Pro

cess

or

Legend New Enhancement

Import / Exportdata traffic

Temporary Log(Asynchronous)transfer toExternal Repository

OLA

PP

roce

ssor

31© 2014 SAP SE. All rights reserved.

BW-IP Logging

BW-IP Logging can be enabled on BI Query, Infoprovider , Infoobject

BI-IP Logging

Selected Values via BW-BEX loggingbefore changeChanged BI-IP Value in CubeSelected Values via BW-BEX loggingafter change

What is logged?

Name-Value Pairs

Output Format

32© 2014 SAP SE. All rights reserved.

BW-IP Logging using BW-BEX-WEB

33© 2014 SAP SE. All rights reserved.

BW-IP Logging using BW-BEX-WEB

34© 2014 SAP SE. All rights reserved.

BW-IP Logging using BW-BEX-WEB

35© 2014 SAP SE. All rights reserved.

The Offering of SAP

The UI logging products are provided by SAP Custom DevelopmentIndividual enhancements and adaptations are possibleMaintenance can be offered

Currently supported UI technologies and interfaces:Logging of SAP GUI for Windows / HTML / JavaLogging of CRM Web Client UILogging of Business Warehouse Access (BEx Analyzer, BEx Web, BW-IP, BICS, MDX)Logging of Web Dynpro ABAPLogging of RFC/BAPI and Web Service

Supported SAP NetWeaver releases: NW 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40

Further (user) interface technologies and releases on request

36© 2014 SAP SE. All rights reserved.

Tobias KellerProduct Owner

SAP SE, Custom Development

T +49 6227-7-74995

E tobias.keller@sap.comwww.sap.com

Your Contact – RCS UI Logging

Martin LoitzTechnical Product Owner

SAP SE, Custom Development

T +49 6227-7-48810

E Martin.Loitz@sap.comwww.sap.com

Visit our SAP UI Logging channel on SCN:http://scn.sap.com/community/ui-logging…your one-shop-stop for product information,release news, Q&A, and more

37© 2014 SAP SE. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for anypurpose without the express permission of SAP SE. The information containedherein may be changed without prior notice.Some software products marketed by SAP SE and its distributors containproprietary software components of other software vendors.Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks ofMicrosoft Corporation.IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5,System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries,zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6,POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes,BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF,Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere,Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBMCorporation.Linux is the registered trademark of Linus Torvalds in the U.S. and othercountries.Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks orregistered trademarks of Adobe Systems Incorporated in the United States and/orother countries.Oracle and Java are registered trademarks of Oracle and/or its affiliates.UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, andMultiWin are trademarks or registered trademarks of Citrix Systems, Inc.HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®,World Wide Web Consortium, Massachusetts Institute of Technology.

© 2014 SAP SE. All rights reserved.

SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjectsExplorer, StreamWork, and other SAP products and services mentioned herein aswell as their respective logos are trademarks or registered trademarks of SAP SEin Germany and other countries.

Business Objects and the Business Objects logo, BusinessObjects, CrystalReports, Crystal Decisions, Web Intelligence, Xcelsius, and other BusinessObjects products and services mentioned herein as well as their respective logosare trademarks or registered trademarks of Business Objects Software Ltd.Business Objects is anSAP company.

Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and otherSybase products and services mentioned herein as well as their respective logosare trademarks or registered trademarks of Sybase, Inc. Sybase is an SAPcompany.

All other product and service names mentioned are the trademarks of theirrespective companies. Data contained in this document serves informationalpurposes only. National product specifications may vary.

The information in this document is proprietary to SAP. No part of this documentmay be reproduced, copied, or transmitted in any form or for any purpose withoutthe express prior written permission of SAP SE.