Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LOCKED users list in ECC

siva123
Participant

‎10-24-2014 11:52 PM

0 Kudos

Hi Everyone,

I would like to know how to find out the users who were locked on a particular day. this is required as  have inadvertently locked/Unlocked all the users during a Production activity. But there were many Terminated users locked in the system and those users are also unlocked die to this. when I searched in the forums, I could see a Transaction PAR2 & a table PA0000 to get the terminated users list. but in my case, It displays the users who are still in the company. so I thought it will be better to find a way to get the list of user "LOCKED" just before the Production activity so that I can LOCK those users again.

thanks for the help in advance

regards,

ASK

10 REPLIES 10

Former Member

‎10-25-2014 12:18 AM

0 Kudos

I can only assume that the "production activity" was some crappy Z-program or SQL statement which hit the wrong field in USR02 or did not respect the release dependent application dependencies of the single fields of the table.

So you created this mess and your customer is responsible for it by expecting you to get it right without checking that you know what you are doing.

You must get yourself an expert consultant to fix this problem if you hobbled the database.

Note that SAP will probably also only offer you the option of cancelling support (good luck!) or consulting if you do such things.

It is not application support. But it is interesting SCN discussion.

Perhaps you can tell us more about the problem? How did it happen? Perhaps I am wrong?

Cheers,

Julius

siva123
Participant
In response to Former Member

‎10-25-2014 1:51 AM

0 Kudos

Hi Julius,

sorry. the production activity was a Support Pack  Patching. we normally take a list of Locked users before we begin with the SP upgrade but this time, we failed to do. so all the users were locked and when the SP upgrade was done all the users were Unlocked. now we want to lock all the Previously locked users as those users are terminated employees.

thanks,

ASK

Colleen
Advisor
Advisor
In response to Former Member

‎10-25-2014 3:21 AM

0 Kudos

What transaction or program did you run to lock them in the first place?

siva123
Participant
In response to Former Member

‎10-25-2014 3:49 AM

0 Kudos

SU10

Former Member
In response to Former Member

‎10-25-2014 8:30 AM

0 Kudos

OK, then I must appologize to you. I was sure as hell that you had a Z-program or had manipulated the database. That does happen very often by people called "ask" and "basis basis", but you are actually "a sk".. -> Arun Siva Kumar

Anyway, you should be able to put humpty dumpty together again by checking the change documents via report RSUSR100N. Trick will be that all users locked where USR02-UFLAG was 0 before hand will need to be unlocked, plus also those with 128 because only the password was locked or when the password had been deactivated (eg. batch users or SSO is used).

As of release 7.31 there is a much better solution -> you can define a special security policy in transaction SECPOL and assign it to the admins who should be able to logon. Then via RZ11 parameter login/server_logon_restriction you can block all new logons without having to process all the user master records each time. See SAP Note 1891583.

Cheers and sorry again for misinterpreting your question about "production activity".

Julius

Colleen
Advisor
Advisor
In response to Former Member

‎10-26-2014 11:26 AM

0 Kudos

I thought I'd ask the simple question for that reason

Thanks for the tip on applying SECPOL instead on constantly locking down users.

Cheers

Col

Former Member

‎10-25-2014 4:53 AM

0 Kudos

Hii ASK,

Just try with RSUSR200 Tcode .It show the list of User locked and Logon date Full deatils about users .

You can Fliter it as You wish

I hope this will help You

Thanks & Regards,

Uga

martin_voros
Active Contributor

‎10-25-2014 7:30 AM

0 Kudos

Hi,

It's a good practice to assign terminated users to a special user group (e.g. TERMINATED). If that was the case in your landscape you would not have any problem. You would just lock all users that belong to this special group. Other users would be unlocked.

You can have a look at change documents for lock.

Cheers

Former Member

‎10-27-2014 10:25 AM

0 Kudos

Hi Ask,

Yes, you can use RSUSR100N progaram(Use SA38 to Run) or SUIM change documents for users to get user lock details.

 

RSUSR100N program gives list of user by Administrator lock and incorrect logon locks with interval of time(i.e From date and To date).

                     So you can get list of users before activity date and after activity date with lock status.

conclusion: By getting report you can keep lock all the user who are locked before actvity, rest of the users you can unlock.

use bellow to know lock status!!

0- Not Locked

32- Locked Globally By Administrator

64- Locked Locally By Administrator

128- Locked Due To Incorrect Logons

Thanks & Regards,

/. Sreekanth R Chenchani

Former Member

‎10-30-2014 6:55 AM

0 Kudos

good