Document toolboxDocument toolbox

HDB_DBCC_USRPRV

Owned by Stephen Bangs
Jul 13, 2022
3 min read

Data Description

The HDB_DBCC_USRPRV event is used in SAP to view database users and their associated privileges.

Potential Use Cases

This event could be used in the following scenarios:

  • Identify database users with excessive roles or access permissions

  • Correlate database access with HANA database audit events

Splunk Event

HDB_DBCC_USRPRV with EVENT_SUBTYPE=”ROLES”

This event shows which roles are assigned to the database user. The event will look like this in Splunk:

HDB_DBCC_USRPRV with EVENT_SUBTYPE=”SQL_PRIVILEGES”

This event shows which SQL privileges roles are assigned to the database user. The event will look like this in Splunk:

HDB_DBCC_USRPRV with EVENT_SUBTYPE=”SYS_PRIVILEGES”

This event shows which system privileges roles are assigned to the database user. The event will look like this in Splunk:

SAP Navigation

HDB_DBCC_USRPRV with EVENT_SUBTYPE=”ROLES”

Go to the dbacockpit transaction in the SAP system. Then open the Diagnostics folder on the left side of the screen, and double-click the DB Users/Privileges item. Then enter the user that you would like to view permissions and roles for, and click on the “Read User” button. The data on the bottom right of the screen will show the list of roles assigned to the user. This will match the data that is extracted and sent to Splunk.

HDB_DBCC_USRPRV with EVENT_SUBTYPE=”SQL_PRIVILEGES”

Go to the dbacockpit transaction in the SAP system. Then open the Diagnostics folder on the left side of the screen, and double-click the DB Users/Privileges item. Then enter the user that you would like to view permissions and roles for, and click on the “Read User” button. The data on the top right of the screen will show the list of SQL privileges assigned to the user. This will match the data that is extracted and sent to Splunk.

HDB_DBCC_USRPRV with EVENT_SUBTYPE=”SYS_PRIVILEGES”

Go to the dbacockpit transaction in the SAP system. Then open the Diagnostics folder on the left side of the screen, and double-click the DB Users/Privileges item. Then enter the user that you would like to view permissions and roles for, and click on the “Read User” button. The data on the bottom right of the screen will show the list of SQL privileges assigned to the user. This will match the data that is extracted and sent to Splunk.