Basic agent monitoring

The SAP agent creates an IBMMON_AGENT in the SAP system when the agent transport is imported.

This user ID is IBMMON_AGENT with the default password ITMMYSAP. It is preconfigured to be Communication Type user-only and to use the /IBMMON/AUTH authorization profile. This profile, which is created at transport import time, contains the minimal set of permissions to run the agent Advanced Business Application Programming (ABAP) code. Also, this profile accepts a set of limited actions on your SAP system.

If this user ID name is unacceptable, for example, if it violates your naming conventions that are used during installation, you can create a different user ID. The user ID can be any allowable SAP user ID, but it requires the complete set of permissions in the /IBMMON/AUTH profile. The user ID requires Communication Type user-only access.

The default user ID provides sufficient authority only for the following purposes:
  • Monitoring and data collection
  • Closing Computing Center Management System (CCMS) alerts
  • Enabling, disabling, and resetting gateway statistics
  • Resetting Oracle database statistics
If you choose to limit the action capabilities of the agent, you can remove some of the action permissions such as closing CCMS alerts.
To access data on the IBM® Cloud App Management UI Portal for specific components, ensure that you have appropriate authorizations. Following table lists the authorizations that are required to access the data from different sub nodes:
Table 1. The list of authorizations
Sub nodes Authorization objects Authorization description
General system authorizations that include the following sub nodes:
  • Ins
  • Sys
 S_ADMI_FCD To access the System
S_BDS_DS -BC-SRV-KPR-BDS To access the Document Set
S_BTCH_JOB To run operations on the background jobs
S_CCM_RECV For transferring the Central System Repository data
S_C_FUNCT To make C calls in the ABAP programs
S_DATASET To access files
S_RFC To check RFC access. The S_RFC authorization object contains the following two subauthorizations:
  • RFC1: To provide the authorizations for the RFC1 function group.
  • SDIFRUNTIME: To provide the authorizations for the SDIFRUNTIME function group.
S_RFCACL For RFC User
S_RZL_ADM To access Computing Center Management System (CCMS): System Administration
S_TCODE To check Transaction Code at Transaction Start
S_TOOLS_EX To access Tools Performance Monitor
Authorizations for Solution manager that include the following sub nodes:
  • Lds
  • Sol
 D_MD_DATA -DMD To view Data Contents of Master Data
D_SOLMANBU To access a Session Type of the Solution Manager
D_SOLM_ACT To access a Solution in the Solution Manager
D_SOL_VSBL To view a Solution in the Solution Manager
S_CTS_SADM To view System-Specific Administration (Transport)
S_TABU_RFC  To view Client Comparison and Copy: Data Export with RFC
Authorizations for PI that includes the PI sub node S_XMB_MONI To access XI Message Monitoring
Authorizations for MAI that includes the Slm sub node AI_DIAGE2E To access Solution Diagnostics end-to-end analysis
AI_LMDB_OB To access Landscape Management Database (LMDB) Objects
SM_MOAL_TC To access Monitoring and Alerting
SM_WC_VIEW To access Work Center User Interface Elements
S_RFC_ADM To access Administration options for RFC Destination
S_RS_AUTH To access BI Analysis in Role
SM_APPTYPE To access Solution Manager App Type
SM_APP_ID To access applications provided in Work center