Document toolboxDocument toolbox

SU01

Owned by Stephen Bangs
Last updated: Dec 08, 2023 by Narender Baderia
3 min read

Data Description

The SU01 event is used to give visibility of users maintained in a managed SAP system. The extractor supports extraction from multiple clients. The following information is collected: list of users with basic attributes (EVENT_SUBTYPE=””), user profiles (EVENT_SUBTYPE=”PROF”) and user roles (EVENT_SUBTYPE=”ROLE”), and user address (EVENT_SUBTYPE=”ADDR”). The default interval is 10 minutes. It extracts the snapshot of the data at the first run of the day and then extracts only delta data during the rest of the day.

Potential Use Cases

This event could be used in the following scenarios:

  • Identify potential anomalies in the environment

  • Dashboard users with certain attributes, profiles, roles, and/or addresses.

  • Lookup user profiles and roles.

Metric Filters

Metric filters are an optional configuration option for the SU01 extractor.

Extract Data From Multiple Clients

If you would like the SU01 data to reflect data from multiple clients, please follow the steps below:

  • Log into the managed client where PowerConnect is installed

  • Execute the /n/bnwvs/main transaction.

  • Stop the PowerConnect batch jobs.

  • Go to Administrator --> Setup Metric --> Metric Configuration

  • In the row with SU01 in the Group Definition field below are the parameters to be set as X.

    • ACTIVE_ONLY: To get only active users

    • COLLECT_ADDRESS: To get address information of the user that includes First Name and Last Name of the users (available from version 7.3 onwards)

    • COLLECT_PROFILE: To get profile data of the users

    • COLLECT_ROLE: To get the Roles assigned to the users

    • MULTICLIENT: To get Users detail from multiple Clients

  • Start the PowerConnect batch jobs in the administrative console.

Splunk Event

SU01 with EVENT_SUBTYPE=””

The event will look like this in Splunk:

 

SU01 with EVENT_SUBTYPE=”ROLE”

The event will look like this in Splunk:

 

SU01 with EVENT_SUBTYPE=”PROF”

The event will look like this in Splunk:

 

SU01 with EVENT_SUBTYPE=”ADDR” for Address information

The event will look like this in Splunk:

 

SAP Navigation

Log into the managed system and execute the SU01 transaction code.