SE16, SE16N and SE16H are frequently used transactions. They can be used in positive way to quickly fetch data. They can also be a security risk, since it might lead to unwanted data display.
Questions that will be answered in this blog are:
- Which users used SE16N?
- How much data do the user pull using SE16N?
- Which tables did the users read using SE16N?
- How to check which changes were performed using SE16N?
Which users are using SE16?
Start transaction ST03 or ST03N, and create detailed settings for recording of SE16N:
Save the values and let the system collect the data.
Now in ST03 in the tree below Transaction Profile, the Details for SE16N are shown. Double clicking on the EXEC function will give details on the execution step:
The DB data is normally shown more to the right.
This will give you information on who used SE16N, and how much data transfer was happening.
Which tables were read using SE16N?
If you want to know which table was read during SE16N, you must first activate activity DU9 (generic table access) in the SAP audit log. Go to transaction RSAU_CONFIG and make sure this activity is on:
Now you can use audit log display the audit log with transaction RSAU_READ_LOG or RSAU_READ_LOG_ADM (this is the version without user ID and terminal):
Select DU9 only to make the report faster.
You can now see the tables accessed via SE16N:
In many analysis cases it is sufficient to see which tables are read, and how frequently.
Use RSAU_READ_LOG to see also user and terminal information.
The audit log is a powerful tool. Be aware of privacy related rules in your company.
Changes done with SE16N
On ECC or S4HANA systems, changes to SE16N are recorded in tables SE16N_CD_DATA and SE16N_CD_KEY. You can display the changes done using report RKSE16N_CD_DISPLAY:
OSS notes for RKSE16N_CD_DISPLAY: