SAP HANA audit policy specifies the actions to be audited and also the condition under which the action must be performed to be relevant for auditing. Audit Policy defines what activities have been performed in HANA system and who has performed those activities at what time.
SAP HANA database auditing feature allows to monitor the action performed in HANA system. SAP HANA audit policy must be activated on HANA system to use it. When an action is performed, the policy triggers an audit event to write an audit trail. You can also delete audit entries in Audit trail.
In a distributed environment, where you have multiple database, Audit policy can be enabled on each individual system. For the system database, audit policy is defined in nameserver.ini file and for tenant database it is defined in global.ini file.
You can configure and activate Auditing policy in SAP HANA system using SAP HANA Cockpit. There is an Auditing app in SAP HANA Cockpit that can be used for auditing activities.
The role required to perform auditing in HANA system − sap.hana.security.cockpit.roles::MaintainAuditPolicy
In SAP HANA Cockpit, Auditing tile is available under SAP HANA Security Overview as in the following screenshot.
When you open Auditing App, navigate to Configuration tab and select Edit button from the bottom.
Next, select Auditing status to Enabled. You have to configure multiple audit trail targets: one for the system (Overall Audit Trail Target), and optionally one or more for the severity of audited actions that is the audit level of the corresponding audit entries.
If you do not configure a specific target for an audit level, audit entries are written to the audit trail target configured for the system.
By default, database table is default audit trail target. You can also select - Syslog, CSV text file for audit trail target.
You can define an audit policy to monitor the actions for audit. When an action is performed, the policy is triggered and an audit event is written to audit trail. You can create an audit policy using Auditing app of HANA system.
Step 1 − To create an Audit Policy, navigate to Audit Policies tab.
Step 2 − On the right side, create Audit Policy button. Click the Create Audit Policy button and enter the Policy name.
Step 3 − Select the status of Audit Policy. You can select Enabled/Disabled option.
Step 4 − Select the Action status.
SUCCESSFUL − The action is audited only when the SQL statement is successfully executed.
UNSUCCESSFUL − The action is audited only when the SQL statement is unsuccessfully executed.
ALL − The action is audited when the SQL statement is both successfully and unsuccessfully executed.
Step 5 − Select the audit level. The audit level specifies the severity of the audit entry written to the audit trail when the actions in the policy occur.
Step 6 − Select Audit Trail Target. Audit entries triggered by this policy will be written to the specified audit trail target(s).
Step 7 − Enter the actions to be audited by clicking the add button and selecting the relevant actions.
There are different Actions that can be selected using Add Action button as shown in the following screenshot.
In Add action, you need to enter the target object(s) to be audited by clicking the add button and selecting the relevant objects. You can also select actions to be audited. For example: SELECT, INSERT, UPDATE, DELETE, and EXECUTE. You can click the Save button to SAVE the policy.
In SAP HANA Cockpit, you can check the audit details of all Audit Policies. When you open the Audit app of SAP HANA Cockpit, navigate to Audit Policies tab. You will find the following details.
Note − You can manage Auditing Policy in SAP HANA Studio as well. Please check our SAP HANA tutorial −
https://www.howcodex.com/sap_hana/sap_hana_auditing.htm