HDB_DBCC_USRPRV
Data Description
The HDB_DBCC_USRPRV event is used in SAP to view database users and their associated privileges.
Potential Use Cases
This event could be used in the following scenarios:
Identify database users with excessive roles or access permissions
Correlate database access with HANA database audit events
Splunk Event
HDB_DBCC_USRPRV with EVENT_SUBTYPE=”ROLES”
This event shows which roles are assigned to the database user. The event will look like this in Splunk:
HDB_DBCC_USRPRV with EVENT_SUBTYPE=”SQL_PRIVILEGES”
This event shows which SQL privileges roles are assigned to the database user. The event will look like this in Splunk:
HDB_DBCC_USRPRV with EVENT_SUBTYPE=”SYS_PRIVILEGES”
This event shows which system privileges roles are assigned to the database user. The event will look like this in Splunk:
SAP Navigation
HDB_DBCC_USRPRV with EVENT_SUBTYPE=”ROLES”
Go to the dbacockpit transaction in the SAP system. Then open the Diagnostics folder on the left side of the screen, and double-click the DB Users/Privileges item. Then enter the user that you would like to view permissions and roles for, and click on the “Read User” button. The data on the bottom right of the screen will show the list of roles assigned to the user. This will match the data that is extracted and sent to Splunk.
HDB_DBCC_USRPRV with EVENT_SUBTYPE=”SQL_PRIVILEGES”
Go to the dbacockpit transaction in the SAP system. Then open the Diagnostics folder on the left side of the screen, and double-click the DB Users/Privileges item. Then enter the user that you would like to view permissions and roles for, and click on the “Read User” button. The data on the top right of the screen will show the list of SQL privileges assigned to the user. This will match the data that is extracted and sent to Splunk.
HDB_DBCC_USRPRV with EVENT_SUBTYPE=”SYS_PRIVILEGES”
Go to the dbacockpit transaction in the SAP system. Then open the Diagnostics folder on the left side of the screen, and double-click the DB Users/Privileges item. Then enter the user that you would like to view permissions and roles for, and click on the “Read User” button. The data on the bottom right of the screen will show the list of SQL privileges assigned to the user. This will match the data that is extracted and sent to Splunk.