In this lesson, you will configure auditing for a SAP HANA Database instance.
The security team has informed you that your SAP HANA Cloud was screened, and it was found that no auditing was activated. The security team asked you to setup the recommended SAP HANA Cloud Basic policies and an additional that logs all database connections to the SAP HANA Cloud database instance.
Auditing Database Activity
See the following video for an overview about Auditing database activity.
This allows you, for example, to log and monitor read access to sensitive data or who unsuccessfully tried to log-on to the database. The following database actions are typically audited:
- Access to or changing of sensitive information
- Creation or deletion of database objects
- Authentication of users
- Changes to user authorization
- Changes to system configuration
An audit policy defines the actions that are to be audited. It also outlines the conditions under which the action must occur for it to be relevant for auditing. When an action occurs, the policy is triggered and an audit event is written to the audit trail. Audit policies are specific to each database.
Audit logging is disabled by default. You can use the SAP HANA cockpit or SQL to enable auditing, configure audit trail targets, and create audit policies.
If auditing is active, certain actions are always audited and are therefore not available for inclusion in user-defined audit policies. In the audit trail, these actions are labeled with the internal audit policy name MandatoryAuditPolicy. Mandatory audit actions include the following:
- Creation, modification, or deletion of audit policies
- Enabling or disabling audit policies
- Deletion of audit entries from the audit trail
Enable the Auditing Basic Setup
Although auditing does not directly increase the security of your database, a well designed audit can help you achieve greater security in the following ways:
- Detect security vulnerabilities if too many privileges were granted to certain users
- Reveal attempts to breach security
- Protect the system owner against accusations of security violations and data misuse
- Allow the system owner to meet security standards
Auditing provides better visibility on what actions were performed or attempted in the SAP HANA database. It is therefore recommended to create a basic set of policies.
For a quick start, SAP HANA cockpit provides a Auditing Basic Setup wizard to help you apply SAP's recommended auditing policies settings.
Create an Audit Policy
In general, customers create audit policies for monitoring and recording activity in their database with an audit log that writes to a local database table. Use the SAP HANA cockpit or the SQL Console in SAP HANA database explorer to create and activate audit policies, read the audit trails.
To create and activate an audit policy In the SQL Console you can use the following commands:
-- The SQL statement shown here creates the same audit policy as the demonstration shown in SAP HANA cockpit. -- Create the policy "HC200 Demo Audit Policy" CREATE AUDIT POLICY "HC200 Demo Audit Policy" AUDITING ALL CONNECT LEVEL INFO; -- Activate the policy "HC200 Demo Audit Policy" ALTER AUDIT POLICY "HC200 Demo Audit Policy" ENABLE;
Viewing the Audit Trail
For each occurrence of an audited action, one or more audit entries are created and written to the audit trail.
Audit entries are accessible through the public system view AUDIT_LOG, as well as the union of these views ALL_AUDIT_LOG. The table below describes the layout of the full audit trail, that is ALL_AUDIT_LOG.