Auditing in HANA Cloud [Hands-On]

Setting Up Auditing for Your SAP HANA Cloud Database

Overview: In this lesson, we'll explain how to configure auditing for your SAP HANA Database.

Why is This Important? Your security team has checked your SAP HANA Cloud and found that auditing is not turned on. They've asked you to set it up with some recommended settings and an additional one that logs all database connections.

What is Auditing? Think of auditing as a way to keep a close eye on what's happening in your database. It helps you track things like who's trying to access sensitive data, any changes made to the database, user logins, and more.

How Does It Work? Auditing works by defining rules (called audit policies) that specify what actions should be tracked. When one of these actions occurs, the policy is triggered, and a record of the action is saved. These policies are unique to each database.

Enabling Auditing: By default, auditing is turned off. To turn it on, you can use SAP HANA cockpit or SQL. You can also set where the audit records are stored and create custom audit policies.

What Gets Audited Automatically: Some actions are always tracked and can't be customized. These are labeled as "MandatoryAuditPolicy" and include things like creating or modifying audit policies and deleting audit records.

Why Is Auditing Useful? While auditing doesn't directly make your database more secure, it helps in a few important ways:

Detecting Problems: It can identify if someone has too much access to your database.
Spotting Intrusion Attempts: It can show if someone is trying to break into your system.
Protecting the Owner: It can defend the database owner against claims of wrongdoing.
Meeting Standards: It helps meet security requirements.

How to Use It: Most customers create audit policies to monitor and record activities in their database. By default, these records go to a local database table. You can create and activate these policies using SAP HANA cockpit or SQL.

Example in SQL: If you prefer using SQL, here's how to create and activate an audit policy:

-- Create an audit policy named "ACLoudGuruji HANA Audit Policy" that logs all connect activities at the INFO level
CREATE AUDIT POLICY "ACLoudGuruji HANA Audit Policy" AUDITING ALL CONNECT LEVEL INFO;

-- Activate the policy
ALTER AUDIT POLICY "ACLoudGuruji HANA Audit Policy" ENABLE;

Viewing the Records: You can see the audit records for all audited actions by selecting the AUDIT_LOG public system view.

Exercise:

Create Basic Set of Audit Policies:

Quickly create and configure a basic set of audit policies in line with SAP recommendations.

Prerequisites

You have the system privilege AUDIT ADMIN.

Context

Instead of manually creating and configuring audit policies, you can use a wizard to create a basic set of polices recommended by SAP. This allows you to start auditing system activity quickly and effectively. For more information about auditing, including best practices and details on the policies available in the setup wizard, see theSAP HANA Cloud, SAP HANA Database Security Guide.

Note

The basic setup does not guarantee that the configuration is optimal for your particular system. To optimize the configuration, it may be advisable to manually configure specific settings and create additional policies.

The UI notifies you if audit policies were not created using the basic setup wizard. You can disable these notifications.

Procedure

On the Database Overview, with the Security and User Management or All view selected, navigate to the Auditing card, then click the card title.
Choose Basic Setup.
Optional: In the Basic Setup dialog, you can change the notification settings for auditing, as well as navigate to Global Settings, where you can change other settings for your SAP HANA cockpit user.
Open the setup wizard by choosing Complete Setup or Change Setup.Note
If you do not wish to use the basic setup and disable notifications, choose Manually set to completed and then OK.
Select the audit policies that you want to create and adjust the retention period for individual policies if necessary.
All policies available in the basic setup have the prefix _SAP_. If you chose to create a policy that already exists, the existing policy will be replaced.
When you have finished, choose Save.

Results

The selected policies are created and enabled. Notifications about the basic setup are no longer displayed.

Audit Trial View:

For each occurrence of an audited action, one or more audit entries are written to the audit trail. You can view the audit trail in the Auditing app.

To view the audit trail, on the Database Overview page, with the Security and User Management or All view selected, click the Auditing card. Then in the Auditing app, choose Audit Trail.

Audit Entries

When an audit policy is triggered, that is, when an action in the policy occurs under the conditions defined in the policy, an audit entry is created in the audit trail. The audit trail is an internal SAP HANA database table. You can monitor the disk and memory consumption of this table here, and if necessary delete entries.

The layout of audit trail entries displayed in the SAP HANA cockpit is based on the corresponding system views for auditing. For more information, see Audit Trail Layout for Trail Target Database Table in the SAP HANA Cloud, SAP HANA Database Security Guide.

PreviousGUID based Troubleshooting [Hands-On]NextManage Database Configuration [Hands-On]

Last updated 1 month ago

Good morning

hashtagSetting Up Auditing for Your SAP HANA Cloud Database

hashtagExercise:

hashtagCreate Basic Set of Audit Policies:

hashtagPrerequisites

hashtagContext

hashtagProcedure

hashtagResults

hashtagAudit Trial View:

hashtagAudit Entries