(DI-2302) Collector for user password monitoring
The technical name of the Collector for SAP user details is /DVD/MON_CL_COL_USR
This collector reports data about SAP users in a compliance context: how many users are locked, how many users have initial passwords, tracks how old passwords exist, and how many users are no longer valid.
The expected maximum age of passwords is configurable.
Default KPIs delivered with this collector
The following KPIs are delivered with this collector:
KPI name | Description | Unit | Detail table |
|---|---|---|---|
USR_INVALID | Number of expired users | Count | No |
USR_LOCK | Number of locked users | Count | No |
USR_INIT | Number of users that never logged in | Count | No |
USR_INIT_PW | Number of users with initial pasword | Count | No |
USR_OLD | Number of users with password age above preset threshold | Count | No |
USR_SAPS_DEL | Number of deleted SAP* users on system (across all clients) | Count | No |
USR_SAPS_KER | A Flag that indicates an imminent security risk on a system. Value 1 is returned, if the SAP* user is removed on any client and a kernel login using SAP* is permitted. Related is profile parameter login/no_automatic_user_sapstar. | Bool | No |
Parameters
The following parameters are used for this collector:
Parameter name | Description | Default value |
|---|---|---|
OLD_PASSWORD | Specifies threshold for number of days since last password change. The number of users with aged passwords are reported by KPI USR_OLD | 180 |