Show TOC

AuditingLocate this document in the navigation structure

Audit certain key administrative actions.

An auditing record captures:
  • Time the time at which the administrative action took place.
  • User the login of the account that requested the action.
  • Action the audited action: create, update, delete, login, deploy, disable, assign, and so on.
  • Target type the target object type on which the action is requested by the user, such as Domain, Package, Connection, Application connection, and so on.
  • Target name the target object name on which the action is requested by the user. Target type plus Target name identifies a unique object.
  • Success the outcome of the action: True - the action was performed successfully; False - the action failed for some reason, such as a validation failure.
Note Some actions are recorded with additional information that gives more contextual information about the action/target object details, or explanation of the requested action, including details such as the MBO package deployment mode, deployment/import error messages for MBO package failures, and so on.
The administration actions for which audit records are created include:
  • Login to SAP Mobile Server
  • Create/Delete and Enable/Disable a domain
  • Deploy/Delete and Enable/Disable an MBO package
  • Create/Update/Delete an EIS connection
  • Create/Update/Delete an EIS connection template
  • Start/Stop/Restart SAP Mobile Server
  • Update of a cluster configuration
  • Create/Delete an application. Supported update actions are:
    • Add/Delete a customization resource bundle for an application
    • Assign/Unassign a customization resource bundle to or from an application connection or an application connection template
    • Create/Delete/Update push configurations for an application
    • Change the application connection template priority for an application
    • Register/Delete/Update/Reregister/Clone/Lock/Unlock an application connection
    • Delete the package user of an application connection
  • Assign/Unassign an application to or from a domain
  • Assign/Unassign an application to or from an MBO package
  • Assign/Unassign/Set default Hybrid App to an application connection or application connection template
  • Create/Update/Delete an application connection template
  • Create/Update/Delete a security configuration
  • Create/Delete a logical role, and update “Role Mappings” of a logical role in a security configuration
  • Create/Update/Delete a domain administrator
  • Assign/Unassign a domain administrator to or from a domain
  • Deploy/Delete a Hybrid App
  • Import an MBO package/application/Hybrid App
  • Assign/Unassign/Set default security configuration for a domain
Special Cases
Be aware of these special cases and restrictions:
  • The audit record for the "Server start" and "Server stop" actions from the Windows service panel, Start menu, or desktop shortcut does not include the user name.
  • The "Start server" and "Stop server" actions from SAP Control Center or the Management API result in the creation of two audit records - one with the user name and the second without the user name.
  • The "Restart server" action from the Windows service panel, Start menu, or desktop shortcut is logged as a stop followed by a start action.
  • The "Restart server" action from SAP Control Center or the Management API results in the creation of three audit records – a restart record with the user name, a stop record, and a start record without the user name.
  • The "Stop scale out node" action from the Windows service panel, Start menu, or desktop shortcut is not audited.
  • The "MBO package deployment" action results in the creation of multiple audit records:
    1. An audit record for the MBO package deployment action.
    2. Zero, one or more update role mapping audit records (depending on how many role mappings are performed during package deployment).
  • The MBO package deletion action results in multiple audit records:
    1. Zero, one or more update role mapping audit records (depending on the logical roles used in the package).
    2. An audit record for the MBO package deletion action.
  • Any failed create/delete action (such as failure to create/delete a Web container port) against the cluster configuration is audited as an “update” failed action.
  • Creating/deleting/updating providers (Authentication providers, Authorization providers, and so on) of the security configuration and changing the order of providers is logged as an update security configuration action.
  • The server stop/start/restart audit records indicate that the action was received by SAP Mobile Server, and not the actual outcome of the requested action.
  • EIS Connection creation or EIS connection template creation results in two audit records: one create and one update.
  • Logging into SAP Mobile Server from tools other than SAP Control Center (such as the public API, command line utility, or SAP Mobile WorkSpace) are not audited.