Configuring Read Access Logging
You configure Read Access Logging to determine what read access to data is logged and under which conditions.
To log read access to data, you must define three settings:
- Logging purpose – A way to classify each log entry. For example, "Privacy" or "Finance records." Each log entry is based on a logging purpose. See Defining Logging Purposes
- Logging domain – A way to classify and group each field that appears in a log entry. For example, "HR - User data" or "Finance - Sales data". See Defining Log Domains
- Configuration – You configure Read Access Logging to determine what read access to data is logged and under which conditions. See Defining Configurations in Read Access Logging and the text below.
A Read Access Logging "configuration" contain the settings for logging read access to data. Whereas logging purposes and logging domains are just ways to classify and organize logs and the fields in them, configurations are the core of the setting up and maintenance of read access logging. You specify one or more configurations for the objects you want to log.
-
A log context.
A log context is the key field that other fields displayed within the logging session are related to. When read access is logged and the log context changes, previous values displayed for all other dependent fields are deleted from memory and new values are logged together with the log context. For example, the log context of a configuration for a HR application may be the employee number. As soon as a new employee number is entered, values for all other fields such as religion, salary, etc., no longer belong to the employee previously displayed. With the help of the log context, the values for the religion and salary fields are always logged with the correct employee number.
The log context allows you to see all field values in their correct context. For detailed information on how to use the log context in your configurations, see Tips for Configurations with Log Contexts.
-
One or more log groups
A log group is a collection of fields that are displayed in the same log entry (based on the logging purpose). For example, in Web services, the fields are elements of the underlying Web service message; in Web Dynpro, the fields are UI elements of Web Dynpro applications.
-
One or more conditions (optional)
Conditions are the rules you define for when the fields in the log group are logged. Conditions contain expressions, which are built using select options.
Conditions are optional. If a log group contains no conditions, then every read access to the fields in the log group is logged.
The relationship between these different elements is depicted below.
You can also specify a log group without conditions. If you define more than one condition, each condition is processed separately. For each configuration, one entry per logging purpose is stored. For example, if Condition 1 applies to Log Group 1 for the logging purpose Data Security, and Condition 2 applies to Log Group 2 for the logging purpose Data Privacy, two log entries are created. However, if Conditions 1 and 2 both log Data Security as the logging purpose, only one log entry is created, even though the conditions belong to separate log groups.
| Scenario | Boolean relationship |
|---|---|
|
More than one condition in a configuration. |
OR |
|
More than one expression in a condition |
OR |
|
More than one select option in an expression |
AND Exception: Select options using the same field have an OR relationship. |
The table below explains the different options available for constructing an expression using select options:
| Option | Description | Example |
|---|---|---|
| Inclusive | Includes the specified value. |
Inclusive & Equals: 10 Value: 10 Result: TRUE |
| Exclusive | Excludes the specified value. |
Exclusive & Equals: 10 Value: 10 Result: TRUE (all entries not equal to 10 are logged) |
| Equals | = |
Equals: 10 Value: 10 Result: TRUE |
| Is Greater Than | > |
Is Greater Than: 10 Value: 11 Result: TRUE |
| Is Less Than | < |
Is Less Than: 10 Value: 11 Result: FALSE |
| Is Greater Equals | >= |
Is Greater Equals: 10 Value: 10.1 Result: TRUE |
| Is Less Equals | <= |
Is Less Equals: 10 Value: 10.1 Result: FALSE |
| Is Between | Value is located between specified value |
Is Between: 1 and 10 Value: 5 Result: TRUE Is Between: A and D Value: E Result: FALSE |
| Covers Pattern | Value fulfills specified pattern, which can use the asterisk * wildcard. |
Covers Pattern: install Value: installed Result: FALSE Covers Pattern: install* Value: installed Result: TRUE Covers Pattern: *install* Value: uninstalled Result: TRUE |
| Initial | The field contains no value. |