SAP Cloud Identity Access Governance sends relevant information about changes made to security and configuration events to SAP Audit Log Service where it is stored centrally.
By default, SAP Audit Log Service allow 90 days for retention. If we wish to have a different retention time, we can enable the Audit Log service premium edition service plan to configure a flexible retention period longer than the free 90 days.
To view the logs stored in the SAP Audit Log Service we need to subscribe the Audit Log Viewer application provided by the SAP Audit Log Service in your tenant. Create a role collection with the role Audit log Auditor also made available by the log service. Assign this role collection to the users who wish to view the audit logs.
List of change logs available
| Tile | Options | Remarks |
| Application | Create/ delete | |
| Access | Create/ change/ delete | Approvers |
| Business function group | Create/ change/ delete | |
| Workflow Template | Uploaded by | |
| Job scheduler | Who scheduled the log and when | |
| Configuration | Any changes to parameters | |
| Maintain user data | Deletion of backend user and IAG users | |
| Authorization Policy | Create/ update/ change of policy/ delete | |
| Function | Activation/ deactivation | |
| Mitigation Control | Changes to owner/ monitor group | |
| Risk | Add/ Remove Functions/ Activate/ Deactivate/ Delete | |
| Risk Level | Description changes | |
| Rule Setup | Rule Upload | |
| Mass Update | Business role mass update | |
| Rulesets | Activate/ Deactivate | |
| User Access Analysis | Mitigation Control Assignment | |
| Access Request Inbox | Access Request Approve/ Reject | |
| Business Roles | Edit (access changes)/ Activate/ Deactivate/ Delete/ Content/ Assignment Approvers changes | |
| Access Request Administration | Forward / reject / cancel / approve / reject | |
| Maintain Privileged Access | Create/ edit/ deactivate | |
| Privileged Access Review Inbox | Submitted logs |
Procedure to activate the log services and view the logs:
Role Collection:
- Auditlog_Auditor for the auditlog-viewer application.
- Auditlog_Auditor for the auditlog-management application.
View of audit log:
