10-24-2014 11:52 PM
Hi Everyone,
I would like to know how to find out the users who were locked on a particular day. this is required as have inadvertently locked/Unlocked all the users during a Production activity. But there were many Terminated users locked in the system and those users are also unlocked die to this. when I searched in the forums, I could see a Transaction PAR2 & a table PA0000 to get the terminated users list. but in my case, It displays the users who are still in the company. so I thought it will be better to find a way to get the list of user "LOCKED" just before the Production activity so that I can LOCK those users again.
thanks for the help in advance
regards,
ASK
10-25-2014 12:18 AM
I can only assume that the "production activity" was some crappy Z-program or SQL statement which hit the wrong field in USR02 or did not respect the release dependent application dependencies of the single fields of the table.
So you created this mess and your customer is responsible for it by expecting you to get it right without checking that you know what you are doing.
You must get yourself an expert consultant to fix this problem if you hobbled the database.
Note that SAP will probably also only offer you the option of cancelling support (good luck!) or consulting if you do such things.
It is not application support. But it is interesting SCN discussion.
Perhaps you can tell us more about the problem? How did it happen? Perhaps I am wrong?
Cheers,
Julius
10-25-2014 1:51 AM
Hi Julius,
sorry. the production activity was a Support Pack Patching. we normally take a list of Locked users before we begin with the SP upgrade but this time, we failed to do. so all the users were locked and when the SP upgrade was done all the users were Unlocked. now we want to lock all the Previously locked users as those users are terminated employees.
thanks,
ASK
10-25-2014 3:21 AM
10-25-2014 3:49 AM
10-25-2014 8:30 AM
OK, then I must appologize to you. I was sure as hell that you had a Z-program or had manipulated the database. That does happen very often by people called "ask" and "basis basis", but you are actually "a sk".. -> Arun Siva Kumar
Anyway, you should be able to put humpty dumpty together again by checking the change documents via report RSUSR100N. Trick will be that all users locked where USR02-UFLAG was 0 before hand will need to be unlocked, plus also those with 128 because only the password was locked or when the password had been deactivated (eg. batch users or SSO is used).
As of release 7.31 there is a much better solution -> you can define a special security policy in transaction SECPOL and assign it to the admins who should be able to logon. Then via RZ11 parameter login/server_logon_restriction you can block all new logons without having to process all the user master records each time. See SAP Note 1891583.
Cheers and sorry again for misinterpreting your question about "production activity".
Julius
10-26-2014 11:26 AM
I thought I'd ask the simple question for that reason
Thanks for the tip on applying SECPOL instead on constantly locking down users.
Cheers
Col
10-25-2014 4:53 AM
Hii ASK,
Just try with RSUSR200 Tcode .It show the list of User locked and Logon date Full deatils about users .
You can Fliter it as You wish
I hope this will help You
Thanks & Regards,
Uga
10-25-2014 7:30 AM
Hi,
It's a good practice to assign terminated users to a special user group (e.g. TERMINATED). If that was the case in your landscape you would not have any problem. You would just lock all users that belong to this special group. Other users would be unlocked.
You can have a look at change documents for lock.
Cheers
10-27-2014 10:25 AM
Hi Ask,
Yes, you can use RSUSR100N progaram(Use SA38 to Run) or SUIM change documents for users to get user lock details.
RSUSR100N program gives list of user by Administrator lock and incorrect logon locks with interval of time(i.e From date and To date).
So you can get list of users before activity date and after activity date with lock status.
conclusion: By getting report you can keep lock all the user who are locked before actvity, rest of the users you can unlock.
use bellow to know lock status!!
0- Not Locked
32- Locked Globally By Administrator
64- Locked Locally By Administrator
128- Locked Due To Incorrect Logons
Thanks & Regards,
/. Sreekanth R Chenchani
10-30-2014 6:55 AM