There is a requirement to get the status of all users with access to SOI to know if they are are allowed to login and which permission they have

The following command exports the data:

D:\CA\SC\EmbeddedEntitlementsManager\bin\safex -h localhost -u EiamAdmin -f d:\export_user_soi.xml -p $Pass

The content of export_user_soi.xml is as follows:

<Safex>
  <Attach label="SOI"/>
  <Export file="d:\SOI.xml" maxsearchsize="1000" globalfolders="n" globalusergroups="n" globalusers="n" globalsettings="n" folders="n" usergroups="y" users="y" calendars="n" policies="n" appobjects="n"/>
  <Detach/>
</Safex>

As a result a file named SOI.xml is created. 

For a user, that's still enabled in SOI, the result looks like this:

<User folder="/" name="user1">
 <GroupMembership>Operators (read-write)</GroupMembership>
 <Attribute name="Suspended">false</Attribute>
</User>

Sometimes however the suspended flag is missing

<User folder="/" name="user2">
 <GroupMembership>Operators (read-write)</GroupMembership>
</User>

Release : 4.2

Component : Service Operations Insight (SOI) Security

Depending on the EEM version, the suspended attribute might be returned as false or it may be missing from the returned data.

Either are normal behaviour.

The user is only truly suspended when the suspended attribute is returned as true

<User folder="/" name="user3">
 <GroupMembership>Operators (read-write)</GroupMembership>
 <Attribute name="Suspended">true</Attribute>
</User>