The DEVACCESS event is used in SAP to determine which users have development access in the environment.
Potential Use Cases
This event could be used for the following scenarios:
Determine which users have development access in the environment.
Correlate with transaction code use to identify potential compliance concerns.
Splunk Event
The event will look like this in Splunk:
SAP Navigation
Navigate to this data by using the SE16 t-code, and enter the DEVACCESS value into the Table Name field, and execute the t-code.
Then enter the desired parameters into the selection criteria and execute.
The data displayed will match with the data in Splunk.
Field Mapping
The field mapping between the data from SAP and values in Splunk can be seen in the table below:
Field
Description
Unit of Measure
CURRENT_TIMESTAMP
The date time stamp when the information was collected
YYYYMMDDHHMMSS
EVENT_SUBTYPE
String
EVENT_TYPE
DEVACCESS
String
UNAME
User name
String
UTCDIFF
The UTC OFFSSET in HHMMSS that the data was collected in
HHMMSS
UTCSIGN
The UTC positive or negative OFFSET indicator. Positive (+) means add UTCDIFF to find the time zone of the data, negative (-) means subtract the UTCDIFF to find the time zone adjusted date time the data was collected in.
+ | -
JavaScript errors detected
Please note, these errors can depend on your browser setup.
If this problem persists, please contact our support.
