3578156 - Audit Logging in SAP Datasphere

More information about how Audit Logging in Datasphere works is necessary.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

SAP Datasphere

Audit logs are records of read or change actions performed in the database. They allow you to see who performed which action at which point in time.

Space Administrators can enable audit logs for read or change actions in their space, so that Administrators can then get an overview of space audit logs and delete them if needed (for example to free up disk space).
See more in Audit Logging

Each topic below contains more details on Audit Logging: how to activate, retention time, viewing, deletion, exporting, monitoring, behavior regarding disk storage and more.

Enabling Audit Logging

> For specific Spaces

1. Go to Space Management by clicking on the icon on the left-side menu.
2. Select the Space in which you want to enable the audit logs, and click on the Auditing tab.
   See Enable Audit Logging

> For individual Database schemas

1. Go to Space Management by clicking on the icon on the left-side menu and select the Space in which you want to enable the logs.
2. Navigate to the Database Access tab, where you can choose to expose data for consumption, as well as find (and create) the database users assigned to your Space.
3. Now, simply select the database user you wish to enable audit logs for.
4. Here you can check the Enable Audit Log for Read or Change Operations checkboxes and set the retention time for the same.
   

Audit Log Retention
You can set the Audit Log Retention time in days. The default is 30 days, the minimum retention time is 7 days, and the maximum retention time is 10 000 days. The retention period of 7 days is the minimum value and no more configurations in regards of the granularity are possible.

• Where auditing logs is stored: If auditing has been enabled, entries of all SAP Datasphere related objects are saved in an SAP HANA Cloud, SAP HANA database audit log. These logs don’t include the objects of the database access schemas, like open SQL schemas, for example.The audit logs are saved as external data, for example, as a view. You can now select these audit logs in the Data Builder. The data is located in the AUDIT_LOG view of the DWC_AUDIT_READER schema
• The audit logs of the database analysis user are saved separately in the ANALYSIS_AUDIT_LOG view.

View Auditing Logs

1. Go to System -> Configuration on the bottom right of your screen, and navigate to the Audit tab.
2. Choose the space from the drop-down list that contains the audit logs you wish to see.
3. If you want to keep the audit log entries generated for your space, you can export them before the space is deleted.
   See more in Monitor Database Operations with Audit Logs

Audit Logs Deletion
You can delete audit logs in two ways:

1. For Spaces for which auditing is enabled
   For each space, you can delete separately all the audit log entries recorded for read operations and all the audit log entries recorded for change operations. All the entries recorded before the date and time you specify are deleted.
2. All read audit logs recorded for all database analysis users.
   They are grouped together into the audit policy DWC_ANALYSIS_USERS_AUDIT_ALL.
   See - Delete Audit Logs

Audit Logs Exporting
You can export audit log entries before they are deleted.
If you want to keep the audit log entries generated for your space, you can export them before they are automatically deleted by these actions:deleting a spacedeleting a database user (open SQL schema)disabling an audit policy for a spacedisabling an audit policy for a database user (open SQL schema) and unassigning an HDI container from a space.
For more see Export Audit Logs

Monitor Database Operations with Audit Logs
Monitor the read and change actions (policies) performed in the database with audit logs, and see who did what and when.
If Space Administrators have enabled audit logs to be created for their space (see Enable Audit Logging), you can get an overview of these audit logs. You can do analytics on audit logs by assigning the audit views to a dedicated space and then work with them in a view in the Data Builder.
For more, see Monitor Database Operations with Audit Logs

Audit Logs Disk Space Consumption
Audit logs consumption plays a role in Datasphere's operational dynamics. Space locking occurs when audit logs consumption exceeds defined thresholds, in which case the system behavior considers total disk usage. Audit logs, which track read and change operations, can consume significant disk space over time and can impact the system functionally.  

The Datasphere system responds differently when it comes to the tenant's disk usage percentage compared to the size consumption of the audit logs:

When the total size of all audit logs across all spaces reaches 40% of the tenant disk storage and the overall disk usage exceeds 75%, the system will lock the spaces consuming more than 30% of the total audit log size.
For a total disk size below 75%, even with the total audit logs at 40%, all spaces will operate normally.

Some considerations:

• Deleting the Audit Logs according to "Delete Audit Logs" may not immediately free the disk space used for storage. After audit log deletion, the LOB garbage collection and disk reclaim processes are automatically triggered by SAP Datasphere. However, the actual disk space is often not freed immediately — especially when a large number of logs are deleted at once. In such cases, it is recommended to delete audit logs in smaller batches to allow multiple reclaim cycles.
• At the moment, there is no built-in option in SAP Datasphere to trigger email notifications when disk usage reaches a certain threshold (e.g., 90%). SAP recommends performing regular housekeeping and managing audit logs proactively.
• Manual execution of reclaim operations is not possible due to permission restrictions in the cloud environment.
• SAP recommends the following best practices:
  • Audit Log Policies: Enable audit logging only for activities that are truly relevant to your compliance or monitoring requirements. All read and write operations are logged, which can quickly consume a lot of storage.
  • Retention Period: Set the retention period for audit logs as short as possible to avoid large logs.
  • Audit Log Deletion: Perform deletions in smaller batches to allow the automatic reclaim processes (LOB garbage collection, disk reclaim) to free space more efficiently.
  • Regular Monitoring: Monitor available storage in your spaces and overall tenant usage regularly.
  • Data Management: Review and remove unused or obsolete data to avoid unnecessary disk space consumption

Audit Logs Monitoring

It is NOT possible to monitor the Audit Log size on a per Space basis. If you would like to see this functionality implemented in the future, refer to KBA 3332382 How to create an enhancement request for SAP Datasphere?
Audit Logs consume HANA memory and not Space memory. The Audit Logs are stored separately to the Space memory allocations. They are stored in a separate DB Schema and this does not eat into the Space memory allocations.
It is possible to monitor the Audit Log disk usage in System Monitor. This shows the space used by Audit Logs as a % of the overall space allocation of the Datasphere tenant, as per the image below:

It is also possible to monitor the number of entries in System -> Configuration -> Audit. The audit log overview in configuration tab shows only the audit log policies from the spaces, as per image below: 

More Audit Logs details:

• All changes are logged to the Audit Logs, including Audit Log changes.
• It is currently not possible to restrict Audit logs from capturing logs related to internal System users alone. All changes must be logged for auditing purposes even internal System changes.

• SAP Help Logging Read and Change Actions for Audit
• SAP Help Monitor Database Operations with Audit Logs
• SAP Help Unlock a Locked Space
• SAP Help Delete Audit Logs
• KBA 3416979 -  Datasphere Audit Log Data occupies more storage considering the number of entries in system configuration.

AuditLogs, Alert, Audit, Auditing, logging, enable, query, DS, requirement, need, configure, storage consumption, space locking, disk reclaim, monitoring logs, locked space, audit log threshold, database schema, storage optimization,  , KBA , DS-SM , Space Management , DS-SEC , Security (Users, Roles) , How To