Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Data Description

The SUIM event is used to view the changes associated with SAP users, profiles, roles and authorizations. Data from multiple clients could be extracted (from SP 6.07).

Potential Use Cases

This event could be used in the following scenarios:

  • Identify and alert on changes, which could create compliance concerns

Splunk Event

SUIM with EVENT_SUBTYPE=”AUTH”

Changes of Authorizations. The event will look like this in Splunk:

SUIM with EVENT_SUBTYPE=”PROF”

Changes of Profiles. The event will look like this in Splunk:

SUIM with EVENT_SUBTYPE=”ADMR”

Changes for Roles Assignments. The event will look like this in Splunk:

SUIM with EVENT_SUBTYPE=”USER”

User related changes. The event will look like this in Splunk:

SUIM with EVENT_SUBTYPE=”ROLE”

Changes of Roles. The event will look like this in Splunk:

SAP Navigation

Log into the managed system and execute the SUIM transaction. Expand the Change Documents section to review one of options below:

Field Mapping

SUIM with EVENT_SUBTYPE=”AUTH”

Field

Description

Unit of Measure

ACTION

Type of the Change Document

String

AUTHORIZATIONF

Authorization Field

String

AUTHORIZATIONV

Authorization Value

String

AUTHORIZATON

Authorization name in user master maintenance

String

AUTHOTEXT

Authorization Name

String

COUNTER

Counter for Change Documents

Number

CURRENT_TIMESTAMP

DATEMODIFIED

Modification date

Date

EVENT_SUBTYPE

“AUTH”

String

EVENT_TYPE

“SUIM”

String

FIELD

Authorization Field

String

MANDT

Client

String

MODIFIERNAME

Last Changed By

String

OBJECTNAME

Authorization Object

String

OBJECTTEXT

Authorization Object Name

String

TIMEMODIFIED

Modification time

Time

UTCDIFF

UTCSIGN

SUIM with EVENT_SUBTYPE=”PROF”

Field

Description

Unit of Measure

ACTION

Type of the Change Document

String

AUTH

Authorization name in user master maintenance

String

COUNTER

Counter for Change Documents

Number

CURRENT_TIMESTAMP

EVENT_SUBTYPE

“SUIM”

String

EVENT_TYPE

“PROF”

String

LANGU


Logon Language

String

MANDT

Client

String

MODDATE


Modification date

Date

MODIFIER

Last Changed By

String

MODTIME


Modification time

Time

OBJECT

Authorization Object

String

PROFILE

Auth. profile in user master maintenance

String

PROFN

Auth. profile in user master maintenance

String

PROFTYP

Type of Profile (Composite or Single)

String

PTEXT

Texts in user master/authorizations

String

UTCDIFF

UTCSIGN

SUIM with EVENT_SUBTYPE=”ADMR”

Field

Description

Unit of Measure

CHANGENR

Document change number

String

DEPARTMENT

Department

String

MANDT

Client

String

NAME_FIRST

First name

String

NAME_LAST


Last name

String

OBJECTID

Role Name

String

TABDESCR

Table description

String

TABNAME

Table name

String

TCODE

Transaction in which a change was made

String

UDATE

Creation date of the change document

Date

USERNAME

User name of the person responsible in change document

String

UTIME


Time changed

Time

UTCDIFF

UTCSIGN

SUIM with EVENT_SUBTYPE=”USER”

Field

Description

Unit of Measure

UTCDIFF

UTCSIGN

SUIM with EVENT_SUBTYPE=”USER”

Field

Description

Unit of Measure

UTCDIFF

UTCSIGN

  • No labels