Redpeaks V6.8
Trouble shooting
Monitors Guide
Sidebar
products:promonitor:6.8:installguide:authorizations
Book Creator
Add this page to your book
Add this page to your book Book Creator
Remove this page from your book
Remove this page from your book 
Manage book (
Help Table of Contents
User authorizations
OS Level application
- The root access will be required only for the installation
- A dedicated user and group (promonitor:promonitor) will be created during the installation
- The Redpeaks application is running with this user
Network authorization
- Network routes must be open between Redpeaks server and all nodes of the monitored SAP systems.
- The all ports needed are listed on prerequisites
NetWeaver - ABAP
- Redpeaks uses a Communications data user associated with the provided authorization profile
- In most cases, user can be created in client 000.
- Sometimes access to target client must be necessary as well.
- Extract from PFCG transaction of authorization profile :
| OBJECT | FIELD | LOW | ACCESS REASON |
|---|---|---|---|
| S_ADMI_FCD | S_ADMI_FCD | ST0R | Read uptime with Function Module |
| S_BTCH_ADM | BTCADMIN | * | Get background job status |
| S_DATASET | ACTVT | 33,A6 | Read lock entries |
| S_DBCON | ACTVT | 03 | DBA Job & backup status |
| S_RFC | ACTVT | 16 | RFC connection |
| S_RFC | RFC_NAME | /BDL/BDL11 | RFC destination check |
| S_RFC | RFC_NAME | /BDL/BDL3 | RFC destination check |
| S_RFC | RFC_NAME | CTS_WB0_DIS | Read RZ20 |
| S_RFC | RFC_NAME | EDI1 | EDI: Processing of one IDoc |
| S_RFC | RFC_TYPE | FUGR | Read RZ20 |
| S_RFC | RFC_NAME | GET_DB16_INFO | Get Oracle DB info (DBA jobs) |
| S_RFC | RFC_NAME | IRFC | TRFC_QINS_OVERVIEW |
| S_RFC | RFC_NAME | ORFC | TRFC_QOUT_OVERVIEW |
| S_RFC | RFC_NAME | RFC1 | Read rz20 |
| S_RFC | RFC_NAME | RSPC_API | Process chains BI |
| S_RFC | RFC_NAME | RSPC_BACKEND | Process chains BI |
| S_RFC | RFC_NAME | SADV | Get Oracle DB info (DBA jobs) |
| S_RFC | RFC_NAME | SALC | Read RZ20, cluster environment |
| S_RFC | RFC_NAME | SALX | Read RZ20 |
| S_RFC | RFC_NAME | SCA5 | DAY_ATTRIBUTES_GET (get working days) |
| S_RFC | RFC_NAME | SCSM_COLLECTOR | SWNC_COLLECTOR_GET_AGGREGATES |
| DIA response time | |||
| S_RFC | RFC_NAME | SDB6DIAG | For DB2 |
| S_RFC | RFC_NAME | SDBADIAG | For Oracle |
| S_RFC | RFC_NAME | SDDO | DD_DOMA_GET call to get RFC dest |
| S_RFC | RFC_NAME | SDIF | Read RZ20 (previous SAP version) |
| S_RFC | RFC_NAME | SDIFRUNTIME | Read RZ20 |
| S_RFC | RFC_NAME | SENT | Reports generation |
| S_RFC | RFC_NAME | SFMSS_CONFIG | Backend: DB Configuration functions |
| S_RFC | RFC_NAME | SFMSS_DBUTIL | MSSQL DB size info |
| S_RFC | RFC_NAME | SFMSS_JOBS | MSS_GET_BACKUP_HIST |
| S_RFC | RFC_NAME | SLC4 | Read RZ20 |
| S_RFC | RFC_NAME | SLO2_ALV | Reports generation |
| S_RFC | RFC_NAME | SMSSDATA | Reports generation |
| S_RFC | RFC_NAME | SRFC | Read rz20, secure RFC |
| S_RFC | RFC_NAME | STD1 | Reports generation on ECC 6 |
| S_RFC | RFC_NAME | STD4 | Reports generation on ECC 6 |
| S_RFC | RFC_NAME | STOR | Break Down Objects: R3TR Objects |
| S_RFC | RFC_NAME | STUB | Read uptime with Function Module |
| S_RFC | RFC_NAME | SXMB | Read rz20 |
| S_RFC | RFC_NAME | SXMI | Read rz20 |
| S_RFC | RFC_NAME | SYST | Read rz20 |
| S_RFC | RFC_NAME | SDTX | For RFC_READ_TABLE |
| S_RFC | RFC_NAME | SPIAGENTALE | Agents in ALE/IDoc |
| S_RFC | RFC_NAME | SXBP | Job status |
| S_RFC | RFC_NAME | SYSU | RFC resource administration |
| S_RFC | RFC_NAME | THFB | Task handler functions |
| S_RFC | RFC_NAME | TMW_CLIENT_INTERFACES | Remote Interfaces for CM Server |
| S_RFC | RFC_NAME | TMW_CHANGEABILITY | System Modifiability Control |
| S_RFC | RFC_NAME | ZAGLMON | AGENTIL function call |
| S_RFC | RFC_NAME | /SDF/RI_ORACLE | /SDF/GET_DB12_INFO |
| S_XMI_PROD | EXTCOMPANY | AGENTIL | RFC connection |
| S_XMI_PROD | EXTPRODUCT | SAME | RFC connection |
| S_XMI_PROD | INTERFACE | XAL | RFC connection |
| S_XMI_PROD | INTERFACE | XMB | RFC connection |
| S_RFC | RFC_NAME | SCSM_GLOB_SYSTEM | SWNC_GET_WORKLOAD_SNAPSHOT function |
| ZSAME_RTBL | ACTVT | 16 | AGENTIL function |
| ZSAME_RTBL | OBJNAME | SAMEFUNC | AGENTIL function |
| ZSAME_RTBL | TABLE | EDIDC TBTCO | AGENTIL function |
| ZSAME_RTBL | TABLE | TEDS3 | AGENTIL function |
| S_RFC | RFC_NAME | /SDF/IS_ABAP | Update service |
| S_RFC | RFC_NAME | INSTALL | Execute function INST_EXECUTE_REPORT |
| S_RFC | RFC_NAME | STUN | Locks on DB objects |
| S_RFC | RFC_NAME | TMW_TRACKING | Transports |
| S_RFC | RFC_NAME | STPA | Transports |
| S_RFC | RFC_NAME | SUNI | Execute function FUNCTION_EXISTS |
| S_PROGRAM | P_ACTION | SUBMIT | Reports RSM13001, RSRFCPIN |
| S_RFC_ADM | ACTVT | Ext. maint. | For RFC destinations |
| S_GUI | ACTVT | 61(Export) | Syslog |
| S_ADMI_FCD | S_ADMI_FCD | SM21 | Syslog |
| S_RFC | RFC_NAME | RSLG | Syslog ALV style |
| S_RFC | RFC_NAME | SCSM_MTES_GET | Load CCMSTreeElements (defined tables) |
| S_ADMI_FCD | S_ADMI_FCD | SP01 | Spool data (RSTS0014 …) |
| ZSAME_RTBL | TABLE | TSP01,TSP02 | Tables for spools |
| ZSAME_RTBL | TABLE | NRIV | Table for range numbers |
| S_CTS_ADMI | CTS_ADMFCT | TABL | Transport monitor |
| S_CTS_SADM | CTS_ADMFCT | TABL | Transport monitor |
| S_CTS_SADM | DESTSYS | * | Transport monitor |
| S_CTS_SADM | DOMAIN | * | Transport monitor |
| S_TOOLS_EX | AUTH | S_TOOLS_EX_A | SAP Transaction time monitor |
| S_ALV_LAYO | ACTVT | 23 (Maintain) | Reports monitor |
| S_RFC | RFC_NAME | SFMSS_SIZE | Execute function MSS_GET_DBSZHIST |
| S_RFC | RFC_NAME | SXMB_MONI | Execute SXMB_GET_MESSAGE_LIST |
| S_XMB_AUTH | ACTVT | 03 | XI |
| S_XMB_MONI | ACTVT | 03 | XI Message |
| S_RFC | RFC_NAME | /SDF/CCMS_TOOLS | Get system timezone |
| S_ADMI_FCD | S_ADMI_FCD | AUDD | V6.3 SEC, execute RSAU_SELECT_EVENTS |
| S_USER_GRP | ACTVT | 03, 08 | V6.3 SEC, needed for report RSUVM015 |
| S_RFC | RFC_NAME | SFMSS_PERF | V6.3 Get MSSQL performance statistics |
| S_RFC | RFC_NAME | SADE | MAXDB backups |
| S_TCODE | TCD | SM04 | SM04 SAP user memory utilization |
| S_RFC | RFC_NAME | SUGU | Read installed components |
| S_RFC | RFC_NAME | RFC_METADATA | XAL Logon |
| S_RFC | RFC_NAME | SYSE | Get Logon group |
| S_RFC | RFC_NAME | THFB2 | Get Logon group |
| S_RFC | RFC_NAME | /SDF/CCMS_GET_TIME_INFO | System timezone |
| S_RFC | RFC_NAME | /SDF/GET_DB12_INFO | Oracle |
| S_RFC | RFC_NAME | /SDW/EWA_GET_HARDWARE_INFO | System info |
| S_RFC | RFC_NAME | /SDF/SYB_DB_OPTIONS | Sybase |
| S_RFC | RFC_NAME | /SDF/SYB_SPACE_UTIL_DB | Sybase |
| S_RFC | RFC_NAME | /SDF/SYB_TRANS_BACKUP | Sybase |
| S_RFC | RFC_NAME | BAPI_SYSTEM_MON_GETTREE | CCMS Mte |
| S_RFC | RFC_NAME | BAPI_SYSTEM_MTE_GETGENPROP | CCMS Mte |
| S_RFC | RFC_NAME | BAPI_SYSTEM_MTE_GETPERFCURVAL | CCMS Mte |
| S_RFC | RFC_NAME | BAPI_SYSTEM_MTE_GETTXTPROP | CCMS Mte |
| S_RFC | RFC_NAME | BAPI_XBP_JOB_JOBLOG_READ | SAP jobs |
| S_RFC | RFC_NAME | BAPI_XBP_JOB_SELECT | SAP jobs |
| S_RFC | RFC_NAME | BAPI_XMI_LOGON | XMI LOGON |
| S_RFC | RFC_NAME | DB_ORA_INSTANCE_INFO | ORACLE |
| S_RFC | RFC_NAME | DB02_ORA_FILL_TS | ORACLE |
| S_RFC | RFC_NAME | DB6_DIAG_DDIC_CONSISTENCY | DB2 |
| S_RFC | RFC_NAME | DB6_PM_BACKUPHISTORY | DB2 |
| S_RFC | RFC_NAME | DB6_PM_DBCONFIG | DB2 |
| S_RFC | RFC_NAME | DB6_PM_DBSNAP | DB2 |
| S_RFC | RFC_NAME | DB6_PM_DBSTOR | DB2 |
| S_RFC | RFC_NAME | DB6_PM_TABSPACECONFIG | DB2 |
| S_RFC | RFC_NAME | DELIVERY_GET_INSTALLED_COMPS | INSTALLED COMPONENTS |
| S_RFC | RFC_NAME | FUNCTION_EXISTS | FUNCTION CHECK |
| S_RFC | RFC_NAME | GET_BACKUP_HISTORY_SDB | MSSQL |
| S_RFC | RFC_NAME | GET_DBDATA_MSS | MSSQL |
| S_RFC | RFC_NAME | ICM_GET_INFO2 | ICM |
| S_RFC | RFC_NAME | INST_EXECUTE_REPORT | REPORTS |
| S_RFC | RFC_NAME | MSS_GET_BACKUP_HIST | MSSQL |
| S_RFC | RFC_NAME | MSS_GET_DB_SIZE_INFO | MSSQL |
| S_RFC | RFC_NAME | OCS_CRM | |
| S_RFC | RFC_NAME | OCS_GET_INSTALLED_COMPS | INSTALLED COMPONENTS |
| S_RFC | RFC_NAME | OCS_GET_INSTALLED_SWPRODUCTS | INSTALLED SW |
| S_RFC | RFC_NAME | RFC_GET_FUNCTION_INTERFACE | |
| S_RFC | RFC_NAME | RFC_METADATA_GET | System info |
| S_RFC | RFC_NAME | RFC_READ_TABLE | Table |
| S_RFC | RFC_NAME | RFC_SYSTEM_INFO | System info |
| S_RFC | RFC_NAME | RFCPING | ABAP check |
| S_RFC | RFC_NAME | RSPC_API_CHAIN_GET_RUNS | Process chains |
| S_RFC | RFC_NAME | S_DB_EXCLUSIVE_LOCK_WAITERS | LOCKS |
| S_RFC | RFC_NAME | S_PSE_ADM | Get ABAP certificates |
| S_RFC | RFC_NAME | S_RZL_ADM | Get ABAP parameters |
| S_RFC | RFC_NAME | SAPTUNE_GET_SUMMARY_STATISTIC | Response times |
| S_RFC | RFC_NAME | SAPTUNE_SYSTEM_STARTUP | Response times |
| S_RFC | RFC_NAME | SL_RFC_TMS_CFG_READ_CONFIG | Landscape domain |
| S_RFC | RFC_NAME | SWNC_GET_WORKLOAD_SNAPSHOT | Response times |
| S_RFC | RFC_NAME | SXMB_GET_MESSAGE_LIST | PIXI messages |
| S_RFC | RFC_NAME | SXMI_LOGON | SXMI logon |
| S_RFC | RFC_NAME | SXMI_XMB_APPSERV_LIST_READ | ABAP application server |
| S_RFC | RFC_NAME | SXMI_XMB_SYSLOG_READ | System logs |
| S_RFC | RFC_NAME | SXMI_XMB_WP_LIST_READ | Work processes |
| S_RFC | RFC_NAME | SYSTEM_GET_LOGON_GROUP_INFO | Logon group |
| S_RFC | RFC_NAME | SYSTEM_RESET_RFC_SERVER | ABAP connection |
| S_RFC | RFC_NAME | TH_REQUEST_QUEUE | Dispatcher queues |
| S_RFC | RFC_NAME | TH_SAPREL2 | SAP release |
| S_RFC | RFC_NAME | TMW_GET_SAP_CLIENTS | ABAP client config |
| S_RFC | RFC_NAME | TMW_GET_SYSTEM_CHANGEABILITY | ABAP system change cfg |
| S_RFC | RFC_NAME | TRFC_QIN_OVERVIEW | INBOUND TRFC |
| S_RFC | RFC_NAME | TRFC_QOUT_OVERVIEW | OUTBOUND TRFC |
| S_PSE_ADM | ACTVT | 03 | Get ABAP certificates |
| S_PSE_ADM | PSEAPPLIC | Get ABAP certificates | |
| S_PSE_ADM | PSECONTEXT | Get ABAP certificates | |
| S_PSE_ADM | PSECONTEXT | PROG | Get ABAP certificates |
| S_PSE_ADM | PSECONTEXT | SMIM | Get ABAP certificates |
| S_PSE_ADM | PSECONTEXT | SSFA | Get ABAP certificates |
| S_PSE_ADM | PSECONTEXT | SSLC | Get ABAP certificates |
| S_PSE_ADM | PSECONTEXT | SSLS | Get ABAP certificates |
| S_PSE_ADM | PSECONTEXT | WSS | Get ABAP certificates |
| S_RFC | RFC_TYPE | FUGR | |
| S_RFC | RFC_TYPE | FUNC | |
| S_RFC | RFC_TYPE | FUGR FUNC | |
| S_RZL_ADM | |||
| S_RZL_ADM | ACTVT | 03 | |
| S_SDCC | |||
| S_SDCC | SDCC_DEV | READ | |
| S_SDCC | SDCC_RUN | READ | |
| S_SDCC_ADD | |||
| S_SDCC_ADD | SDCC_DEV_N | READ | |
| S_SDCC_ADD | SDCC_RUN_N | READ | |
| S_TABU_NAM | |||
| S_TABU_NAM | ACTVT | 03 | |
| S_TABU_NAM | TABLE | ADR6 | User memory |
| S_TABU_NAM | TABLE | APQL | Batch inputs |
| S_TABU_NAM | TABLE | ARFCRSTATE | TRFC |
| S_TABU_NAM | TABLE | ARFCSSTATE | TRFC |
| S_TABU_NAM | TABLE | BALHDR | Application logs |
| S_TABU_NAM | TABLE | BALOBJT | Application logs |
| S_TABU_NAM | TABLE | BALSUBT | Application logs |
| S_TABU_NAM | TABLE | EDIDC | IDOC |
| S_TABU_NAM | TABLE | NRIV | Number ranges |
| S_TABU_NAM | TABLE | RSCRT_RDA_ERROR | Abap real time |
| S_TABU_NAM | TABLE | RSCRT_RDA_REQ | Abap real time |
| S_TABU_NAM | TABLE | SNAP | Dumps |
| S_TABU_NAM | TABLE | SOST | SAP connect |
| S_TABU_NAM | TABLE | TBTCO | SAP jobs |
| S_TABU_NAM | TABLE | TEDS3 | IDOC |
| S_TABU_NAM | TABLE | TPALOG | Transports |
| S_TABU_NAM | TABLE | TSP02 | Spools |
| S_TABU_NAM | TABLE | TSP03L | Spools |
| S_TABU_NAM | TABLE | USR21 | Instance memory |
| S_TABU_NAM | TABLE | VBERROR | QRFC |
| S_TABU_NAM | TABLE | VBHDR | QRFC |
| S_TCODE | TCD | RZ11 | Parameters |
| S_TCODE | TCD | SM51 | App server |
NetWeaver - SAPControl
- Redpeaks uses SAPControl web services to collect information on the system.
- The access to these services can be either without authentication or controlled by using an OS user similar than [SID]adm, see Note 927637
- Look for the section describing the use of service/protectedwebmethods, make sure to allow the access of all Getter/Reader services
- Methods list :
- Mandatory:
- GetVersionInfo
- GetAlertTree
- GetAlerts
- J2EEGetComponentList
- J2EEGetProcessList
- GetProcessList
- GetSystemInstanceList
- Optional:
- GetEnvironment
- GetQueueStatistic
- GetInstanceProperties
- ListDeveloperTraces
- ListLogFiles
- ABAPReadSyslog
- ABAPReadRawSyslog
- ABAPGetWPTable
- J2EEGetThreadList
- J2EEGetSessionList
- J2EEGetCacheStatistic
- J2EEGetApplicationAliasList
- J2EEGetVMGCHistory
- J2EEGetVMHeapInfo
- ReadDeveloperTrace
- GetStartProfile
- GetTraceFile
HANA
- Redpeaks uses JDBC connexion to connect to HANA database
- The user need to be associated with MONITORING role
BusinessObjects
- User access to CMS repository and CMC portal
Oracle
- Redpeaks uses JDBC connexion to connect to Oracle database
- GRANT CREATE SESSION TO YOUR_USER;
- Read access to below tables must be granted
- ALL_ERRORS
- ALL_OBJECTS
- DBA_DATA_FILES
- DBA_FREE_SPACE
- DBA_TABLESPACE_USAGE_METRICS
- DBA_TABLESPACES
- V$RMAN_BACKUP
- V$RMAN_BACKUP_JOB_DETAILS
- V$FILESTAT
- v$sysstat
- V$LIBRARYCACHE
- V$RESOURCE_LIMIT
- V$LOG_HISTORY
MSSQL
- Redpeaks uses JDBC connexion to connect to Oracle database
- Read access to below tables must be granted
- msdb.dbo.backupset
- sys.master_files
- sys.database_files
- sys.dm_os_performance_counters
- sys.configurations
- sys.dm_os_volume_stats
- sys.dm_io_virtual_file_stats
Max DB
- Redpeaks uses JDBC connexion to connect to Max DB database
- Read access to below tables must be granted
- SYSDBA.MONITOR_LOCK
- SYSINFO.DATAVOLUMES
- SYSINFO.DATASTATISTICS
- SYSINFO.LOGSTATISTICS
- SYSINFO.CACHESTATISTICS
- SYSINFO.INSTANCE
Sybase
- Redpeaks uses JDBC connexion to connect to Max DB database
- Read access to below tables must be granted
- master..sysusages
- master.dbo.monThread
- master.dbo.monDeadLock
- master.dbo.monErrorLog
- master..sysdatabases
- master..monDeviceSpaceUsage
- Stored procedures access:
- sp_dump_history
- With granular permissions enabled, you must be a user with manage dump configuration privilege
- With granular permissions disabled, you must be a user with sa_role or oper_role
- sp_spaceusage
- Any user can execute sp_spaceusage to view space usage. However, you may not be able to view certain information about tables that you do not have permissions to view.
- sp_helpdb
- Any user can execute sp_helpdb
/home/clients/8c48b436badcd3a0bdaaba8c59a54bf1/wiki-web/data/pages/products/promonitor/6.8/installguide/authorizations.txt · Last modified: 2025/02/11 15:39 by sfidan
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
