Log and table reference for the Microsoft Sentinel solution for SAP applications
This article describes the logs and tables available as part of the Microsoft Sentinel solution for SAP applications and its data connector.
Some logs, noted in this article, aren't sent to Microsoft Sentinel by default, but you can manually add them as needed. For more information, see Define the SAP logs that are sent to Microsoft Sentinel
Content in this article is intended for your SAP BASIS teams.
Important
Some components of the Microsoft Sentinel Threat Monitoring for SAP solution are currently in PREVIEW. The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
Use functions in your queries instead of underlying logs or tables
We strongly recommend that you use available functions as the subjects of their analysis whenever possible, instead of the underlying logs or tables.
Functions provided with the Microsoft Sentinel solution for SAP applications are intended to serve as the principal user interface to the data. They form the basis for all the built-in analytics rules and workbooks available to you out of the box. Using functions allows for changes to be made to the data infrastructure beneath the functions, without breaking user-created content.
For more information, see Microsoft Sentinel solution for SAP applications - functions reference and Functions in Azure Monitor log queries.
Log coverage
The Microsoft Sentinel solution for SAP applications collects logs from the application, OS, and data layers, providing comprehensive protection for your SAP system:
Application layer: Microsoft Sentinel monitors activities within the ABAP layer, which is the primary application layer in SAP systems, responsible for executing business logic and processing transactions. For example, Microsoft Sentinel collects logs that include user actions like sign-ins, password changes, and access to reports or files.
In addition to security monitoring, logs collected at the application layer can also be used for compliance and auditing purposes.
OS layer: Microsoft Sentinel gathers logs from the operating system to provide insights into OS-level activities, such as from the ABAP server and the virtual machines on which the SAP applications are running.
Use the Microsoft Sentinel solution for SAP applications together with security content and data connectors for your other services for comprehensive and central monitoring, correlating information across all your systems and enhancing your overall security posture.
Database layer: Ingest database logs into Microsoft Sentinel to monitor database activities, such as database administration activities and changes to table data. The Microsoft Sentinel solution for SAP applications is database-agnostic.
All logs collected by the data connector agent are stored first on the data collector agent machine, at /opt/sapcon/<sid>/log folder in the container instance. The logs are then forwarded to your Log Analytics workspace, where you can view, audit, and query them from Microsoft Sentinel.
Audit logs are collected and ingested every minute, while other logs might be ingested less frequently. Microsoft Sentinel also monitors the data connector agent heartbeat to ensure that logs are being collected and sent to the Log Analytics workspace.
Log reference
The following sections describe the SAP logs available from the Microsoft Sentinel solution for SAP applications data connector, including the table names in Microsoft Sentinel, the log purposes, and detailed log schemas.
Schema field descriptions are based on the field descriptions in the relevant SAP documentation.
- ABAP Application log
- ABAP Change Documents log
- ABAP CR log
- ABAP DB table data log (PREVIEW)
- ABAP Gateway log (PREVIEW)
- ABAP ICM log (PREVIEW)
- ABAP Job log
- ABAP Security Audit log
- ABAP Spool log
- APAB Spool Output log
- ABAP SysLog
- ABAP Workflow log
- ABAP WorkProcess log
- HANA DB Audit Trail
- JAVA files
- SAP Heartbeat Log
ABAP Application log
Microsoft Sentinel function for querying this log: SAPAppLog
Related SAP documentation: SAP Help Portal
Log purpose: Records the progress of an application execution so that you can reconstruct it later as needed.
Available by using RFC based on standard SAP table and standard services of XBP interface. This log is generated per client.
ABAPAppLog_CL log schema
| Field | Description |
|---|---|
| AppLogDateTime | Application log date time |
| CallbackProgram | Callback program |
| CallbackRoutine | Callback routine |
| CallbackType | Callback type |
| ClientID | ABAP client ID (MANDT) |
| ContextDDIC | Context DDIC structure |
| ExternalID | External log ID |
| Host | Host |
| Instance | ABAP instance, in the following syntax: <HOST>_<SYSID>_<SYSNR> |
| InternalMessageSerial | Application log message serial |
| LevelofDetail | Level of detail |
| LogHandle | Application log handle |
| LogNumber | Log number |
| MessageClass | Message class |
| MessageNumber | Message number |
| MessageText | Message text |
| MessageType | Message type |
| Object | Application log object |
| OperationMode | Operation mode |
| ProblemClass | Problem class |
| ProgramName | Program name |
| SortCriterion | Sort criterion |
| StandardText | Standard text |
| SubObject | Application log sub object |
| SystemID | System ID |
| SystemNumber | System number |
| TransactionCode | Transaction code |
| User | User |
| UserChange | User change |
ABAP Change Documents log
Microsoft Sentinel function for querying this log: SAPChangeDocsLog
Related SAP documentation: SAP Help Portal
Log purpose: Records:
SAP NetWeaver Application Server (AS) ABAP log changes to business data objects in change documents.
Other entities in the SAP system, such as user data, roles, addresses.
Available by using RFC based on standard SAP tables. This log is generated per client.
ABAPChangeDocsLog_CL log schema
| Field | Description |
|---|---|
| ActualChangeNum | Actual change number |
| ChangedTableKey | Changed table key |
| ChangeNumber | Change number |
| ClientID | ABAP client ID (MANDT) |
| CreatedfromPlannedChange | Created from planned change, in the following syntax: (‘X’ , ‘ ‘) |
| CurrencyKeyNew | Currency key: new value |
| CurrencyKeyOld | Currency key: old value |
| FieldName | Field name |
| FlagText | Flag text |
| Host | Host |
| Instance | ABAP instance, in the following syntax: <HOST>_<SYSID>_<SYSNR> |
| Language | Language |
| ObjectClass | Object class, such as BELEG, BPAR, PFCG, IDENTITY |
| ObjectID | Object ID |
| PlannedChangeNum | Planned change number |
| SystemID | System ID |
| SystemNumber | System number |
| TableName | Table name |
| TransactionCode | Transaction code |
| TypeofChange_Header | Header type of change, including: U = Change; I = Insert; E = Delete Single Docu; D = Delete; J = Insert Single Docu |
| TypeofChange_Item | Item type of change, including: U = Change; I = Insert; E = Delete Single Docu; D = Delete; J = Insert Single Docu |
| UOMNew | Unit of measure: new value |
| UOMOld | Unit of measure: old value |
| User | User |
| ValueNew | Field content: new value |
| ValueOld | Field content: old value |
| Version | Version |
ABAP CR log
Microsoft Sentinel function for querying this log: SAPCRLog
Related SAP documentation: SAP Help Portal
Log purpose: Includes the Change & Transport System (CTS) logs, including the directory objects and customizations where changes were made.
Available by using RFC based on standard tables and standard SAP services. This log is generated with data across all clients.
Note
In addition to application logging, change documents, and table recording, all changes that you make to your production system using the Change & Transport System are documented in the CTS and TMS logs.
ABAPCRLog_CL log schema
| Field | Description |
|---|---|
| Category | Category (Workbench, Customizing) |
| ClientID | ABAP client ID (MANDT) |
| Description | Description |
| Host | Host |
| Instance | ABAP instance, in the following syntax: <HOST>_<SYSID>_<SYSNR> |
| ObjectName | Object name |
| ObjectType | Object type |
| Owner | Owner |
| Request | Change request |
| Status | Status |
| SystemID | System ID |
| SystemNumber | System number |
| TableKey | Table key |
| TableName | Table name |
| ViewName | View name |
ABAP DB table data log (PREVIEW)
To have this log sent to Microsoft Sentinel, you must add it manually to the systemconfig.json file.
Microsoft Sentinel function for querying this log: SAPTableDataLog
Related SAP documentation: SAP Help Portal
Log purpose: Provides logging for those tables that are critical or susceptible to audits.
Available by using RFC with a custom service. This log is generated with data across all clients.
ABAPTableDataLog_CL log schema
| Field | Description |
|---|---|
| DBLogID | DB log ID |
| Host | Host |
| Instance | ABAP instance, in the following syntax: <HOST>_<SYSID>_<SYSNR> |
| Language | Language |
| LogKey | Log key |
| NewValue | Field new value |
| OldValue | Field old value |
| OperationTypeSQL | Operation type, Insert, Update, Delete |
| Program | Program name |
| SystemID | System ID |
| SystemNumber | System number |
| TableField | Table field |
| TableName | Table name |
| TransactionCode | Transaction code |
| UserName | User |
| VersionNumber | Version number |
ABAP Gateway log (PREVIEW)
To have this log sent to Microsoft Sentinel, you must add it manually to the systemconfig.json file.
Microsoft Sentinel function for querying this log: SAPOS_GW
Related SAP documentation: SAP Help Portal
Log purpose: Monitors Gateway activities. Available by the SAP Control web service. This log is generated with data across all clients.
ABAPOS_GW_CL log schema
| Field | Description |
|---|---|
| Host | Host |
| Instance | ABAP instance, in the following syntax: <HOST>_<SYSID>_<SYSNR> |
| MessageText | Message text |
| Severity | Message severity: Debug, Info, Warning, Error |
| SystemID | System ID |
| SystemNumber | System number |
ABAP ICM log (PREVIEW)
To have this log sent to Microsoft Sentinel, you must add it manually to the systemconfig.json file.
Microsoft Sentinel function for querying this log: SAPOS_ICM
Related SAP documentation: SAP Help Portal
Log purpose: Records inbound and outbound requests and compiles statistics of the HTTP requests.
Available by the SAP Control web service. This log is generated with data across all clients.
ABAPOS_ICM_CL log schema
| Field | Description |
|---|---|
| Host | Host |
| Instance | ABAP instance, in the following syntax: <HOST>_<SYSID>_<SYSNR> |
| MessageText | Message text |
| Severity | Message severity, including: Debug, Info, Warning, Error |
| SystemID | System ID |
| SystemNumber | System number |
ABAP Job log
Microsoft Sentinel function for querying this log: SAPJobLog
Related SAP documentation: SAP Help Portal
Log purpose: Combines all background processing job logs (SM37).
Available by using RFC based on standard SAP table and standard services of XBP interfaces. This log is generated with data across all clients.
ABAPJobLog_CL log schema
| Field | Description |
|---|---|
| ABAPProgram | ABAP program |
| BgdEventParameters | Background event parameters |
| BgdProcessingEvent | Background processing event |
| ClientID | ABAP client ID (MANDT) |
| DynproNumber | Dynpro number |
| GUIStatus | GUI status |
| Host | Host |
| Instance | ABAP instance (HOST_SYSID_SYSNR), in the following syntax: <HOST>_<SYSID>_<SYSNR> |
| JobClassification | Job classification |
| JobCount | Job count |
| JobGroup | Job group |
| JobName | Job name |
| JobPriority | Job priority |
| MessageClass | Message class |
| MessageNumber | Message number |
| MessageText | Message text |
| MessageType | Message type |
| ReleaseUser | Job release user |
| SchedulingDateTime | Scheduling date time |
| StartDateTime | Start date time |
| SystemID | System ID |
| SystemNumber | System number |
| TargetServer | Target server |
| User | User |
| UserReleaseInstance | ABAP instance - user release |
| WorkProcessID | Work process ID |
| WorkProcessNumber | Work process Number |
ABAP Security Audit log
Microsoft Sentinel function for querying this log: SAPAuditLog
Related SAP documentation: SAP Help Portal
Log purpose: Records the following data:
- Security-related changes to the SAP system environment, such as changes to main user records
- Information that provides a higher level of data, such as successful and unsuccessful sign-in attempts
- Information that enables the reconstruction of a series of events, such as successful or unsuccessful transaction starts
Available by using RFC XAL/SAL interfaces. SAL is available starting from version Basis 7.50. This log is generated with data across all clients.
ABAPAuditLog_CL log schema
| Field | Description |
|---|---|
| ABAPProgramName | Program name, SAL only |
| AlertSeverity | Alert severity |
| AlertSeverityText | Alert severity text, SAL only |
| AlertValue | Alert value |
| AuditClassID | Audit class ID, SAL only |
| ClientID | ABAP client ID (MANDT) |
| Computer | User machine, SAL only |
| User email | |
| Host | Host |
| Instance | ABAP instance, in the following syntax: <HOST>_<SYSID>_<SYSNR> |
| MessageClass | Message class |
| MessageContainerID | Message container ID, XAL Only |
| MessageID | Message ID, such as ‘AU1’,’AU2’… |
| MessageText | Message text |
| MonitoringObjectName | MTE Monitor object name, XAL only |
| MonitorShortName | MTE Monitor short name, XAL only |
| SAPProcesType | System Log: SAP process type, SAL only |
| B* - Background Processing | |
| D* - Dialog Processing | |
| U* - Update Tasks | |
| SAPWPName | System Log: Work process number, SAL only |
| SystemID | System ID |
| SystemNumber | System number |
| TerminalIPv6 | User machine IP, SAL only |
| TransactionCode | Transaction code, SAL only |
| User | User |
| Variable1 | Message variable 1 |
| Variable2 | Message variable 2 |
| Variable3 | Message variable 3 |
| Variable4 | Message variable 4 |
ABAP Spool log
Microsoft Sentinel function for querying this log: SAPSpoolLog
Related SAP documentation: SAP Help Portal
Log purpose: Serves as the main log for SAP printing with the history of spool requests. (SP01).
Available by using RFC based on standard SAP table. This log is generated with data across all clients.
ABAPSpoolLog_CL log schema
| Field | Description |
|---|---|
| ArchiveStatus | Archive status |
| ArchiveType | Archive type |
| ArchivingDevice | Archiving device |
| AutoRereoute | Auto reroute |
| ClientID | ABAP client ID (MANDT) |
| CountryKey | Country key |
| DeleteSpoolRequestAuto | Delete spool request auto |
| DelFlag | Deletion flag |
| Department | Department |
| DocumentType | Document type |
| ExternalMode | External mode |
| FormatType | Format type |
| Host | Host |
| Instance | ABAP instance, in the following syntax: <HOST>_<SYSID>_<SYSNR> |
| NumofCopies | Number of copies |
| OutputDevice | Output device |
| PrinterLongName | Printer long name |
| PrintImmediately | Print immediately |
| PrintOSCoverPage | Print OSCover page |
| PrintSAPCoverPage | Print SAPCover page |
| Priority | Priority |
| RecipientofSpoolRequest | Recipient of spool request |
| SpoolErrorStatus | Spool error status |
| SpoolRequestCompleted | Spool request completed |
| SpoolRequestisALogForAnotherRequest | Spool request is a log for another request |
| SpoolRequestName | Spool request name |
| SpoolRequestNumber | Spool request number |
| SpoolRequestSuffix1 | Spool request suffix1 |
| SpoolRequestSuffix2 | Spool request suffix2 |
| SpoolRequestTitle | Spool request title |
| SystemID | System ID |
| SystemNumber | System number |
| TelecommunicationsPartner | Telecommunications partner |
| TelecommunicationsPartnerE | Telecommunications partner E |
| TemSeGeneralcounter | Temse counter |
| TemseNumAddProtectionRule | Temse number add protection rule |
| TemseNumChangeProtectionRule | Temse number change protection rule |
| TemseNumDeleteProtectionRule | Temse number delete protection rule |
| TemSeObjectName | Temse object name |
| TemSeObjectPart | TemSe object part |
| TemseReadProtectionRule | Temse read protection rule |
| User | User |
| ValueAuthCheck | Value auth check |
APAB Spool Output log
Microsoft Sentinel function for querying this log: SAPSpoolOutputLog
Related SAP documentation: SAP Help Portal
Log purpose: Serves as the main log for SAP Printing with the history of spool output requests. (SP02).
Available by using RFC with a custom service based on standard tables. This log is generated with data across all clients.
ABAPSpoolOutputLog_CL log schema
| Field | Description |
|---|---|
| AppServer | Application server |
| ClientID | ABAP client ID (MANDT) |
| Comment | Comment |
| CopyCount | Copy count |
| CopyCounter | Copy counter |
| Department | Department |
| ErrorSpoolRequestNumber | Error request number |
| FormatType | Format type |
| Host | Host |
| HostName | Host name |
| HostSpoolerID | Host spooler ID |
| Instance | ABAP instance |
| LastPage | Last page |
| NumofCopies | Number of copies |
| OutputDevice | Output device |
| OutputRequestNumber | Output request number |
| OutputRequestStatus | Output request status |
| PhysicalFormatType | Physical format type |
| PrinterLongName | Printer long name |
| PrintRequestSize | Print request size |
| Priority | Priority |
| ReasonforOutputRequest | Reason for output request |
| RecipientofSpoolRequest | Recipient of spool request |
| SpoolNumberofOutputReqProcessed | Number of output requests - processed |
| SpoolNumberofOutputReqWithErrors | Number of output requests - with errors |
| SpoolNumberofOutputReqWithProblems | Number of output requests - with problems |
| SpoolRequestNumber | Spool request number |
| StartPage | Start page |
| SystemID | System ID |
| SystemNumber | System number |
| TelecommunicationsPartner | Telecommunications partner |
| TemSeGeneralcounter | Temse counter |
| Title | Title |
| User | User |
ABAP Syslog
To have this log sent to Microsoft Sentinel, you must add it manually to the systemconfig.json file.
Microsoft Sentinel function for querying this log: SAPOS_Syslog
Related SAP documentation: SAP Help Portal
Log purpose: Records all SAP NetWeaver Application Server (SAP NetWeaver AS) ABAP system errors, warnings, user locks because of failed sign-in attempts from known users, and process messages.
Available by the SAP Control web service. This log is generated with data across all clients.
ABAPOS_Syslog_CL log schema
| Field | Description |
|---|---|
| ClientID | ABAP client ID (MANDT) |
| Host | Host |
| Instance | ABAP instance, in the following syntax: <HOST>_<SYSID>_<SYSNR> |
| MessageNumber | Message number |
| MessageText | Message text |
| Severity | Message severity, one of the following values: Debug, Info, Warning, Error |
| SystemID | System ID |
| SystemNumber | System number |
| TransacationCode | Transaction code |
| Type | SAP process type |
| User | User |
ABAP Workflow log
Microsoft Sentinel function for querying this log: SAPWorkflowLog
Related SAP documentation: SAP Help Portal
Log purpose: The SAP Business Workflow (WebFlow Engine) enables you to define business processes that aren't yet mapped in the SAP system.
For example, unmapped business processes might be simple release or approval procedures, or more complex business processes such as creating base material and then coordinating the associated departments.
Available by using RFC based on standard SAP tables. This log is generated per client.
ABAPWorkflowLog_CL log schema
| Field | Description |
|---|---|
| ActualAgent | Actual agent |
| Address | Address |
| ApplicationArea | Application area |
| CallbackFunction | Callback function |
| ClientID | ABAP client ID (MANDT) |
| CreationDateTime | Creation date time |
| Creator | Creator |
| CreatorAddress | Creator address |
| ErrorType | Error type |
| ExceptionforMethod | Exception for method |
| Host | Host |
| Instance | ABAP instance (HOST_SYSID_SYSNR), in the following syntax: <HOST>_<SYSID>_<SYSNR> |
| Language | Language |
| LogCounter | Log counter |
| MessageNumber | Message number |
| MessageType | Message type |
| MethodUser | Method user |
| Priority | Priority |
| SimpleContainer | Simple container, packed as a list of key-value entities for the work item |
| Status | Status |
| SuperWI | Super WI |
| SystemID | System ID |
| SystemNumber | System number |
| TaskID | Task ID |
| TasksClassification | Task classifications |
| TaskText | Task text |
| TopTaskID | Top task ID |
| UserCreated | User created |
| WIText | Work item text |
| WIType | Work item type |
| WorkflowAction | Workflow action |
| WorkItemID | Work item ID |
ABAP WorkProcess log
To have this log sent to Microsoft Sentinel, you must add it manually to the systemconfig.json file.
Microsoft Sentinel function for querying this log: SAPOS_WP
Related SAP documentation: SAP Help Portal
Log purpose: Combines all work process logs. (default:
dev_*).Available by the SAP Control web service. This log is generated with data across all clients.
ABAPOS_WP_CL log schema
| Field | Description |
|---|---|
| Host | Host |
| Instance | ABAP instance, in the following syntax: <HOST>_<SYSID>_<SYSNR> |
| MessageText | Message text |
| Severity | Message severity: Debug, Info, Warning, Error |
| SystemID | System ID |
| SystemNumber | System number |
| WPNumber | Work process number |
HANA DB Audit Trail
Collecting the HANA DB Audit Trail log is an example of how Microsoft Sentinel collects database layer activities. To have this log sent to Microsoft Sentinel, you must deploy Azure Monitor Agent to gather Syslog data from the machine running HANA DB.
Microsoft Sentinel function for querying this log: SAPSyslog
Related SAP documentation: General | Audit Trail
Log purpose: Records user actions, or attempted actions in the SAP HANA database. For example, enables you to log and monitor read access to sensitive data.
Available by the Microsoft Sentinel Linux Agent for Syslog. This log is generated with data across all clients.
Syslog log schema
| Field | Description |
|---|---|
| Computer | Host name |
| HostIP | Host IP |
| HostName | Host name |
| ProcessID | Process ID |
| ProcessName | Process name: HDB* |
| SeverityLevel | Alert |
| SourceSystem | Source system OS, Linux |
| SyslogMessage | Message, an unparsed audit trail message |
JAVA files
To have this log sent to Microsoft Sentinel, you must add it manually to the systemconfig.json file.
Microsoft Sentinel function for querying this log: SAPJAVAFilesLogs
Related SAP documentation: General | Java Security Audit Log
Log purpose: Combines all Java files-based logs, including the Security Audit Log, and System (cluster and server process), Performance, and Gateway logs. Also includes Developer Traces and Default Trace logs.
Available by the SAP Control web service. This log is generated with data across all clients.
JavaFilesLogsCL log schema
| Field | Description |
|---|---|
| Application | Java application |
| ClientID | Client ID |
| CSNComponent | CSN component, such as BC-XI-IBD |
| DCComponent | DC component, such as com.sap.xi.util.misc |
| DSRCounter | DSR counter |
| DSRRootContentID | DSR context GUID |
| DSRTransaction | DSR transaction GUID |
| Host | Host |
| Instance | Java instance, in the following syntax: <HOST>_<SYSID>_<SYSNR> |
| Location | Java class |
| LogName | Java logName, such as: Available, defaulttrace, dev*, security, and so on |
| MessageText | Message text |
| MNo | Message number |
| Pid | Process ID |
| Program | Program name |
| Session | Session |
| Severity | Message severity, including: Debug,Info,Warning,Error |
| Solution | Solution |
| SystemID | System ID |
| SystemNumber | System number |
| ThreadName | Thread name |
| Thrown | Exception thrown |
| TimeZone | Timezone |
| User | User |
SAP Heartbeat Log
Microsoft Sentinel function for querying this log: SAPConnectorHealth
Log purpose: Provides heartbeat and other health information on the connectivity between the agents and the different SAP systems.
Automatically created for any agents of the Microsoft Sentinel for SAP data connector.
SAP_HeartBeat_CL log schema
| Field | Description |
|---|---|
| TimeGenerated | Time of log posting event |
| agent_id_s | Agent ID in agent's configuration (automatically generated) |
| agent_ver_s | Agent version |
| host_s | The agent's host name |
| system_id_s | Netweaver ABAP System ID / Netweaver SAPControl Host (preview) / Java SAPControl host (preview) |
| push_timestamp_d | Timestamp of the extraction, according to the agent's time zone |
| agent_timezone_s | Agent's time zone |
Reference of tables retrieved directly from SAP systems
This section lists the data tables that are retrieved directly from the SAP system and ingested into Microsoft Sentinel exactly as they are.
To have the data from these tables ingested into Microsoft Sentinel, configure the relevant settings in the systemconfig.json file. For more information, see Configuring user master data collection.
The data retrieved from these tables provides a clear view of the authorization structure, group membership, and user profiles. It also allows you to track the process of authorization grants and revokes, and identify and govern the risks associated with those processes.
The tables listed below are required to enable functions that identify privileged users, map users to roles, groups, and authorizations.
For best results, refer to these tables using the name in the Microsoft Sentinel function name column in the following table:
| Table name | Table description | Microsoft Sentinel function name |
|---|---|---|
| USR01 | User master record (runtime data) | SAP_USR01 |
| USR02 | Sign-in data (kernel-side use) | SAP_USR02 |
| UST04 | User masters Maps users to profiles |
SAP_UST04 |
| AGR_USERS | Assignment of roles to users | SAP_AGR_USERS |
| AGR_1251 | Authorization data for the activity group | SAP_AGR_1251 |
| USGRP_USER | Assignment of users to user groups | SAP_USGRP_USER |
| USR21 | User name / Address key assignment | SAP_USR21 |
| ADR6 | Email addresses (business address services) | SAP_ADR6 |
| USRSTAMP | Time stamp for all changes to the user | SAP_USRSTAMP |
| ADCP | Person / Address assignment (business address services) | SAP_ADCP |
| USR05 | User master parameter ID | SAP_USR05 |
| AGR_PROF | Profile name for role | SAP_AGR_PROF |
| AGR_FLAGS | Role attributes | SAP_AGR_FLAGS |
| DEVACCESS | Table for development user | SAP_DEVACCESS |
| AGR_DEFINE | Role definition | SAP_AGR_DEFINE |
| AGR_AGRS | Roles in composite roles | SAP_AGR_AGRS |
| PAHI | History of the system, database, and SAP parameters | SAP_PAHI |
| SNCSYSACL (PREVIEW) | SNC Access Control List (ACL): Systems | SAP_SNCSYSACL |
| USRACL (PREVIEW) | SNC Access Control List (ACL): User | SAP_USRACL |
Related content
For more information, see: