SAP HANA - Auditing

SAP HANA audit popcy tells the actions to be audited and also the condition under which the action must be performed to be relevant for auditing. Audit Popcy defines what activities have been performed in HANA system and who has performed those activities at what time.

SAP HANA database auditing feature allows monitoring action performed in HANA system. SAP HANA audit popcy must be activated on HANA system to use it. When an action is performed, the popcy triggers an audit event to write to audit trail. You can also delete audit entries in Audit trail.

In a distributed environment, where you have multiple database, Audit popcy can be enabled on each inspanidual system. For the system database, audit popcy is defined in nameserver.ini file and for tenant database, it is defined in global.ini file.

Activating an Audit Popcy

To define Audit popcy in HANA system, you should have system privilege − Audit Admin.

Go to Security option in HANA system → Auditing

Under Global Settings → set Auditing status as enabled.

You can also choose Audit trail targets. The following audit trail targets are possible −

Syslog (default) − Logging system of Linux Operating System.

Database Table − Internal database table, user who has Audit admin or Audit operator system privilege he can only run select operation on this table.

CSV text − This type of audit trail is only used for test purpose in a non-production environment.

You can also create a new Audit popcy in the Audit Popcies area → choose Create New Popcy. Enter Popcy name and actions to be audited.

Save the new popcy using the Deploy button. A new popcy is enabled automatically, when an action condition is met, an audit entry is created in Audit trail table. You can disable a popcy by changing status to disable or you can also delete the popcy.