The DEVACCESS event is used in SAP to determine which users have development access in the environment.
Potential Use Cases
This event could be used for the following scenarios:
Determine which users have development access in the environment.
Correlate with transaction code use to identify potential compliance concerns.
The event will look like this in Splunk:
Navigate to this data by using the SE16 t-code, and enter the DEVACCESS value into the Table Name field, and execute the t-code.
Then enter the desired parameters into the selection criteria and execute.
The data displayed will match with the data in Splunk.