locked uers log on

Former Member · ‎04-03-2009

Hi Friends

I locked all end users on account of account closing on 31st March.

But one of the user was able to log on to the system and he changed the password also.

How it possiable?

Vijay

Former Member · ‎04-03-2009

If the user is active before lock he can do his all activity .

Before lock the user make sure all the users are logged out.(All the user who are going to lock)

If the user is logged in while looking he can change do the activities and he can also change the password till logged out. Ones if he logged out then he canu2019t do anything.

If the user is active before lock he can do his all activity.

Former Member · ‎04-03-2009

> I locked all end users on account of account closing on 31st March.

> But one of the user was able to log on to the system and he changed the password also.

Did this really happen, or is it just a theoretical question?

> How it possiable?

You already know who it was... so just ask them, and then keep us posted on what he or she has to say.

Please update?

Cheers,

Julius

Former Member · ‎04-03-2009

Hi

Yes, it happened on 31st March,it is not a question but fact

we createda message for SAP.

Vijay

Former Member · ‎04-03-2009

Okay, I was just checking.

Did you ask the user how he did this? This would be the most direct way, as he would know what he did....

In the meanwhile, take a look in report RSUSR100(N) to see who unlocked the user ID.

Cheers,

Julius

Former Member · ‎04-03-2009

H Julius

we confirmed with user , he just tried to log on , user was open , so he worked on the system.

most important thing is that , after locking all users, we took system boot also.

we tried the report RSUSR100(N) nothing is there.

Vijay

Former Member · ‎04-03-2009

Are there change docs for other users which you locked?

If not, then go to transaction SE11 and display table USR02. Double-click on the field UFLAG and then select the "Where-used-list" button and search for programs which use it. Go to the botton of the list and take a look in the Z* and Y* program name space for the statement UPDATE or MODIFY.

If you find one, then show this to the SAP support folks when you open the ticket...

Cheers,

Julius

fredrik_borlie · ‎04-07-2009

Hi all.

Not really an answer to the question.

I just want to mention the possibility of the user logging on with SSO.

We have seen in WAS 6.20 that even if a user is locked, the user can still logon using SSO-tickets.

If I remember correctly this was related to the password lock flag (64) and not admin lock flag (128).

The user could not log on when admin locked.

I still guess it works as designed.

/fredrik

Former Member · ‎04-07-2009

How did you lock the users?

Former Member · ‎04-07-2009

Hi

You can lock all the userIds using tcode EWZ5

Former Member · ‎04-07-2009

Hi

we locks the user through t/code SU10

Vijay

Former Member · ‎04-07-2009

>


> Hi 
> 
> we locks the user through t/code SU10
> 
> Vijay

Hi Vijay, that doesn't surprise me that some users crept through. I have seen a few situations when SU10 is used and it fails to lock all users, even if the SU10 logs report that all is OK.

I prefer to do what Hari recommends and use EWZ5, though that is not without it's problems

Former Member · ‎04-07-2009

Hi

we have created a OSS message and waiting for SAP reply

Vijay