products:promonitor:latest:installguide:authorizations
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | |||
| products:promonitor:latest:installguide:authorizations [2026/02/06 13:47] – rbariou | products:promonitor:latest:installguide:authorizations [2026/02/20 17:43] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== User authorizations ====== | ||
| + | ===== OS Level application ===== | ||
| + | |||
| + | * The **root** access will be required **only for the installation** | ||
| + | * A dedicated user and group (**redpeaks: | ||
| + | * The Redpeaks application is running with this user | ||
| + | |||
| + | ===== Network authorization ====== | ||
| + | |||
| + | * Network routes must be open between Redpeaks server and all nodes of the monitored SAP systems. | ||
| + | * The all ports needed are listed on [[.: | ||
| + | |||
| + | ===== NetWeaver - ABAP ===== | ||
| + | |||
| + | * Redpeaks uses a **Communications data** user associated with the [[https:// | ||
| + | * In most cases, user can be created in client 000. | ||
| + | * Sometimes access to target client must be necessary as well. | ||
| + | * Extract from PFCG transaction of authorization profile : | ||
| + | |||
| + | ^ OBJECT | ||
| + | | S_ADMI_FCD | S_ADMI_FCD | ST0R | Read uptime with Function Module | ||
| + | | S_BTCH_ADM | BTCADMIN | ||
| + | | S_DATASET | ||
| + | | S_DBCON | ||
| + | | S_RFC | ACTVT | 16 | RFC connection | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_TYPE | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | | | | DIA response time | | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_XMI_PROD | EXTCOMPANY | AGENTIL | ||
| + | | S_XMI_PROD | EXTPRODUCT | SAME | RFC connection | ||
| + | | S_XMI_PROD | INTERFACE | ||
| + | | S_XMI_PROD | INTERFACE | ||
| + | | S_RFC | RFC_NAME | ||
| + | | ZSAME_RTBL | ACTVT | 16 | AGENTIL function | ||
| + | | ZSAME_RTBL | OBJNAME | ||
| + | | ZSAME_RTBL | TABLE | EDIDC TBTCO | AGENTIL function | ||
| + | | ZSAME_RTBL | TABLE | TEDS3 | AGENTIL function | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_PROGRAM | ||
| + | | S_RFC_ADM | ||
| + | | S_GUI | ACTVT | 61(Export) | ||
| + | | S_ADMI_FCD | S_ADMI_FCD | SM21 | Syslog | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_ADMI_FCD | S_ADMI_FCD | SP01 | Spool data (RSTS0014 ...) | | ||
| + | | ZSAME_RTBL | TABLE | TSP01, | ||
| + | | ZSAME_RTBL | TABLE | NRIV | Table for range numbers | ||
| + | | S_CTS_ADMI | CTS_ADMFCT | TABL | Transport monitor | ||
| + | | S_CTS_SADM | CTS_ADMFCT | TABL | Transport monitor | ||
| + | | S_CTS_SADM | DESTSYS | ||
| + | | S_CTS_SADM | DOMAIN | ||
| + | | S_TOOLS_EX | AUTH | S_TOOLS_EX_A | ||
| + | | S_ALV_LAYO | ACTVT | 23 (Maintain) | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_XMB_AUTH | ACTVT | 03 | XI | | ||
| + | | S_XMB_MONI | ACTVT | 03 | XI Message | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_ADMI_FCD | S_ADMI_FCD | AUDD | V6.3 SEC, execute RSAU_SELECT_EVENTS | ||
| + | | S_USER_GRP | ACTVT | 03, 08 | V6.3 SEC, needed for report RSUVM015 | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_TCODE | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_RFC | RFC_NAME | ||
| + | | S_PSE_ADM | ||
| + | | S_PSE_ADM | ||
| + | | S_PSE_ADM | ||
| + | | S_PSE_ADM | ||
| + | | S_PSE_ADM | ||
| + | | S_PSE_ADM | ||
| + | | S_PSE_ADM | ||
| + | | S_PSE_ADM | ||
| + | | S_PSE_ADM | ||
| + | | S_RFC | RFC_TYPE | ||
| + | | S_RFC | RFC_TYPE | ||
| + | | S_RFC | RFC_TYPE | ||
| + | | S_RZL_ADM | ||
| + | | S_RZL_ADM | ||
| + | | S_SDCC | ||
| + | | S_SDCC | ||
| + | | S_SDCC | ||
| + | | S_SDCC_ADD | | | ||
| + | | S_SDCC_ADD | SDCC_DEV_N | READ | | | ||
| + | | S_SDCC_ADD | SDCC_RUN_N | READ | | | ||
| + | | S_TABU_NAM | | | ||
| + | | S_TABU_NAM | ACTVT | 03 | | | ||
| + | | S_TABU_NAM | TABLE | ADR6 | User memory | ||
| + | | S_TABU_NAM | TABLE | APQL | Batch inputs | ||
| + | | S_TABU_NAM | TABLE | ARFCRSTATE | ||
| + | | S_TABU_NAM | TABLE | ARFCSSTATE | ||
| + | | S_TABU_NAM | TABLE | BALHDR | ||
| + | | S_TABU_NAM | TABLE | BALOBJT | ||
| + | | S_TABU_NAM | TABLE | BALSUBT | ||
| + | | S_TABU_NAM | TABLE | EDIDC | IDOC | | ||
| + | | S_TABU_NAM | TABLE | NRIV | Number ranges | ||
| + | | S_TABU_NAM | TABLE | RSCRT_RDA_ERROR | ||
| + | | S_TABU_NAM | TABLE | RSCRT_RDA_REQ | ||
| + | | S_TABU_NAM | TABLE | SNAP | Dumps | | ||
| + | | S_TABU_NAM | TABLE | SOST | SAP connect | ||
| + | | S_TABU_NAM | TABLE | TBTCO | SAP jobs | | ||
| + | | S_TABU_NAM | TABLE | TEDS3 | IDOC | | ||
| + | | S_TABU_NAM | TABLE | TPALOG | ||
| + | | S_TABU_NAM | TABLE | TSP02 | Spools | ||
| + | | S_TABU_NAM | TABLE | TSP03L | ||
| + | | S_TABU_NAM | TABLE | USR21 | Instance memory | ||
| + | | S_TABU_NAM | TABLE | VBERROR | ||
| + | | S_TABU_NAM | TABLE | VBHDR | QRFC | | ||
| + | | S_TCODE | ||
| + | | S_TCODE | ||
| + | |||
| + | |||
| + | ===== NetWeaver - SAPControl ===== | ||
| + | |||
| + | * Redpeaks uses SAPControl web services to collect information on the system. | ||
| + | * The access to these services can be either without authentication or **controlled by using an OS user similar than [SID]adm**, see [[https:// | ||
| + | * Look for the section describing the use of **service/ | ||
| + | * Methods list : | ||
| + | * **Mandatory: | ||
| + | * // | ||
| + | * // | ||
| + | * // | ||
| + | * // | ||
| + | * // | ||
| + | * // | ||
| + | * // | ||
| + | * **Optional: | ||
| + | * // | ||
| + | * // | ||
| + | * // | ||
| + | * // | ||
| + | * // | ||
| + | * // | ||
| + | * // | ||
| + | * // | ||
| + | * // | ||
| + | * // | ||
| + | * // | ||
| + | * // | ||
| + | * // | ||
| + | * // | ||
| + | * // | ||
| + | * // | ||
| + | * // | ||
| + | |||
| + | ===== HANA ===== | ||
| + | |||
| + | * Redpeaks uses JDBC connexion to connect to HANA database | ||
| + | * The user need to be associated with **MONITORING role** | ||
| + | |||
| + | ===== BusinessObjects ===== | ||
| + | |||
| + | * User access to CMS repository and CMC portal | ||
| + | |||
| + | ===== Oracle ===== | ||
| + | |||
| + | * Redpeaks uses JDBC connexion to connect to Oracle database | ||
| + | * GRANT CREATE SESSION TO YOUR_USER; | ||
| + | * Read access to below tables must be granted | ||
| + | * ALL_ERRORS | ||
| + | * ALL_OBJECTS | ||
| + | * DBA_DATA_FILES | ||
| + | * DBA_FREE_SPACE | ||
| + | * DBA_TABLESPACE_USAGE_METRICS | ||
| + | * DBA_TABLESPACES | ||
| + | * V$RMAN_BACKUP | ||
| + | * V$RMAN_BACKUP_JOB_DETAILS | ||
| + | * V$FILESTAT | ||
| + | * v$sysstat | ||
| + | * V$LIBRARYCACHE | ||
| + | * V$RESOURCE_LIMIT | ||
| + | * V$LOG_HISTORY | ||
| + | * V_$DATABASE | ||
| + | * dba_temp_files | ||
| + | * v$temp_space_header | ||
| + | | ||
| + | |||
| + | ===== MSSQL ===== | ||
| + | * Redpeaks uses JDBC connexion to connect to Oracle database | ||
| + | * Read access to below tables must be granted | ||
| + | * msdb.dbo.backupset | ||
| + | * sys.master_files | ||
| + | * sys.database_files | ||
| + | * sys.dm_os_performance_counters | ||
| + | * sys.configurations | ||
| + | * sys.dm_os_volume_stats | ||
| + | * sys.dm_io_virtual_file_stats | ||
| + | |||
| + | ===== Max DB ===== | ||
| + | |||
| + | * Redpeaks uses JDBC connexion to connect to Max DB database | ||
| + | * Read access to below tables must be granted | ||
| + | * SYSDBA.MONITOR_LOCK | ||
| + | * SYSINFO.DATAVOLUMES | ||
| + | * SYSINFO.DATASTATISTICS | ||
| + | * SYSINFO.LOGSTATISTICS | ||
| + | * SYSINFO.CACHESTATISTICS | ||
| + | * SYSINFO.INSTANCE | ||
| + | |||
| + | ===== Sybase ===== | ||
| + | |||
| + | * Redpeaks uses JDBC connexion to connect to Max DB database | ||
| + | * Read access to below tables must be granted | ||
| + | * master..sysusages | ||
| + | * master.dbo.monThread | ||
| + | * master.dbo.monDeadLock | ||
| + | * master.dbo.monErrorLog | ||
| + | * master..sysdatabases | ||
| + | * master..monDeviceSpaceUsage | ||
| + | * Stored procedures access: | ||
| + | * sp_dump_history | ||
| + | * With granular permissions **enabled**, | ||
| + | * With granular permissions **disabled**, | ||
| + | * sp_spaceusage | ||
| + | * Any user can execute sp_spaceusage to view space usage. However, you may not be able to view certain information about tables that you do not have permissions to view. | ||
| + | * sp_helpdb | ||
| + | * Any user can execute sp_helpdb | ||
| + | |||
| + | ===== DB2 ===== | ||
| + | |||
| + | * Redpeaks uses JDBC connexion to connect to DB2 database | ||
| + | * Read access to below tables must be granted | ||
| + | * SYSIBMADM.ENV_SYS_INFO | ||
| + | * SYSIBMADM.ENV_INST_INFO | ||
| + | * SYSIBMADM.ENV_SYS_RESOURCES | ||
products/promonitor/latest/installguide/authorizations.txt · Last modified: by 127.0.0.1