Home

|

|

Enable Audit Log/ Change Log in SAP IAG

Enable Audit Log/ Change Log in SAP IAG

enable audit log sap enable security audit log in sap audit log enable in sap sap enable audit log how to enable audit log in sap how to configure audit log in sap sap enable security audit log sap audit log configuration sap enable audit log

SAP Cloud Identity Access Governance sends relevant information about changes made to security and configuration events to SAP Audit Log Service where it is stored centrally.

By default, SAP Audit Log Service allow 90 days for retention. If we wish to have a different retention time, we can enable the Audit Log service premium edition service plan to configure a flexible retention period longer than the free 90 days.

To view the logs stored in the SAP Audit Log Service we need to subscribe the Audit Log Viewer application provided by the SAP Audit Log Service in your tenant. Create a role collection with the role Audit log Auditor also made available by the log service. Assign this role collection to the users who wish to view the audit logs.

List of change logs available

Tile Options Remarks
Application Create/ delete
Access Create/ change/ delete Approvers
Business function group Create/ change/ delete
Workflow Template Uploaded by
Job scheduler Who scheduled the log and when
Configuration Any changes to parameters
Maintain user data Deletion of backend user and IAG users
Authorization Policy Create/ update/ change of policy/ delete
Function Activation/ deactivation
Mitigation Control Changes to owner/ monitor group
Risk Add/ Remove Functions/ Activate/ Deactivate/ Delete
Risk Level Description changes
Rule Setup Rule Upload
Mass Update Business role mass update
Rulesets Activate/ Deactivate
User Access Analysis Mitigation Control Assignment
Access Request Inbox Access Request Approve/ Reject
Business Roles Edit (access changes)/ Activate/ Deactivate/ Delete/ Content/ Assignment Approvers changes
Access Request Administration Forward / reject / cancel / approve / reject
Maintain Privileged Access Create/ edit/ deactivate
Privileged Access Review Inbox Submitted logs

Procedure to activate the log services and view the logs: 

Role Collection:

  • Auditlog_Auditor for the auditlog-viewer application.
  • Auditlog_Auditor for the auditlog-management application.

View of audit log: 

Scroll to Top