Agnostic Guides
Solution Guide
AuditLink
8 min
auditlink is a tool that facilitates the secure collection, packaging, and sharing of audit related files it enables users to gather documents and content linked to sap objects (archivelink only), organize them into audit bundles, and distribute those bundles to auditors or relevant personnel at the end of the process, auditlink generates an optional html file that contains a summarized list of the all the collected contents there are 4 methods to run auditlink delivered reports customized or new reports by yourself the customer best practice is to copy delivered report and change to suite your needs excel spreadsheet direct archivelink table selectdion refer to the section 'execution' for user instructions on how to run the various methods pre configuration requirements setup content repositories, cms profiles and tags, and rfc destination as part of a standard link enterprise implementation these will enable rfc communication between sap and external repository(ies) sap security requirements running auditlink requires 2 types of sap authorizations link enterprise sap t code authorization mandatory any auditlink end user will need access to the below transaction to create auditlink bundles this should be granted by your sap securitiy team /dflow/auditlink optional for a user to view previously create auditlink bundles (for everyone), the below transaction can be granted /dflow/auditlinkdash link enterprise global or attachment level authorization when you create a bundle, link enterprise checks its own config via transaction /dflow/sys and choose the menu path configure >auditlink >security at least 1 entry in this table must exist for details on this configuration, please refer to the section below labeled auditlink configuration #3 security bundle location configuration the destination for saving audit bundles must be a mounted drive (e g , network share or mapped drive) accessbile by both accessbile by both the sap system (in the background) and the user this is setup in the 3 elements of setup/configuration below albeit configured in different methods and syntax, these three elements must resolve to the exactly the same location (ie be a 3 way match) 1\) transaction file assign the physical path of the mounted drive to the logical path zauditlink using transaction file in sap you must create the zauditlink logical file and zauditlink file path in your system the destination (ie home base for the bundles), albeit may not match in terms of format (example linux sap system vs windows network drive), must resolve to the same location as the user workstation accessbile drive below, as well as the section auditlink configurations 2 1 1 below confirm the mounted drive is properly connected to the sap system, allowing read/write access during audit bundle generation the physical path must have the parmaers \<param 1>\\\<filename> in exact casing wih the '\\' in between example of logical file example of a windows mounted drive logical path example of an azure file share mount logical file path 2\) user workstation (os) accessible ensure the end user has appropriate read and write permissions to a mounted drive to the same location as the above file transaction as well as the section auditlink configurations 2 1 1 below example of user workstation windows share 3\) bundle locations see section auditlink configurations 2 1 1 below additional auditlink configuration configure the auditlink rule via transaction /dflow/sys and choose the menu path configure >auditlink there are four auditlink rule elements to configure base connectivity assign cms tag to content repository this tag identifies the rfc connection used to retrieve content from defined repository bundle locations define allowed locations where users can save audit bundles 1 "root" location configuration entry is required, user based locations are optional wroot location this must match the mounted drive in the " transaction file " and " user workstation accessbile " location in the requirements outlined above this entry is specified with a ' ' in the user field example user location (optional) this entry is at the user id level and forces a bundle to be created in a folder within the root location this could be by user or by controlling area or however you wish to organize your bundles this typically is only used when you want to keep certain bundles separate for security or organization reasons specify a location with no '\\', just a folder name example note the folder coa1000 must already exist within the root location security this table specifies whether or not to enforce an s wfar obj authorization check this can be used to prevent users who do not typcially have authorization to view attachments to still create bundles this can be determined by option 1 a "global rule" level ( or user id) or whether to enforace at attachment level using the user id level this is checked first leave all fields blank except for enter the sap user id in the user name field example wildcard level this is checked 2nd leave all fields blank except for a in the user name field this is the most straight forward way to configuration auditlink with or without s wfar obj authorization (see below) example option 2 this is only check if a global rule in option 1 is not found based on content repository, sap object, and document type (note user name field is ignored in this check) do not uses 's this option will perform 4 levels of granularity exact match at repository id and sap object and doctype exact match at repository id and sap object doctype left blank exact match at repository id and doctype sap object left blank exact match at repository id doctype and sap object left blank regardless of which option, a rule must be found, and that rule determine whether s wfar obj (activity 03) is checked at the attachment level this is determine by within the found rule, enabling/disabling the field "en authcheck" as shown in the above example note at least one entry is required in this table reports define reports to be executed when generating an audit bundle reports are based on a business object and tailored to the audit context incl headerdocs include attachments at the header level of the document in the final bundle include html generate and include an html file summarizing the list of attachments this file will be saved in the bundle folder include results add a txt results file to the bundle, showing a summarized count of successfully retrieved attachments and noting any failures email send an automatic notification email to the user once the bundle creation process is complete run auto automatically generates a bundle name using the current date, time, and sap user skips manual naming prompts