The DEVACCESS event is used in SAP to determine which users have development access in the environment.
Potential Use Cases
This event could be used for the following scenarios:
Determine which users have development access in the environment.
Correlate with transaction code use to identify potential compliance concerns.
The event will look like this in Splunk:
Navigate to this data by using the SE16 t-code, and enter the DEVACCESS value into the Table Name field, and execute the t-code.
Then enter the desired parameters into the selection criteria and execute.
The data displayed will match with the data in Splunk.
The field mapping between the data from SAP and values in Splunk can be seen in the table below:
Unit of Measure
The date time stamp when the information was collected
The UTC OFFSSET in HHMMSS that the data was collected in
The UTC positive or negative OFFSET indicator. Positive (+) means add UTCDIFF to find the time zone of the data, negative (-) means subtract the UTCDIFF to find the time zone adjusted date time the data was collected in.
+ | -