04-03-2009 7:25 AM
Hi Friends
I locked all end users on account of account closing on 31st March.
But one of the user was able to log on to the system and he changed the password also.
How it possiable?
Vijay
04-03-2009 7:36 AM
If the user is active before lock he can do his all activity .
Before lock the user make sure all the users are logged out.(All the user who are going to lock)
If the user is logged in while looking he can change do the activities and he can also change the password till logged out. Ones if he logged out then he canu2019t do anything.
If the user is active before lock he can do his all activity.
04-03-2009 7:36 AM
> I locked all end users on account of account closing on 31st March.
> But one of the user was able to log on to the system and he changed the password also.
Did this really happen, or is it just a theoretical question?
> How it possiable?
You already know who it was... so just ask them, and then keep us posted on what he or she has to say.
Please update?
Cheers,
Julius
04-03-2009 8:12 AM
Hi
Yes, it happened on 31st March,it is not a question but fact
we createda message for SAP.
Vijay
04-03-2009 8:29 AM
Okay, I was just checking.
Did you ask the user how he did this? This would be the most direct way, as he would know what he did....
In the meanwhile, take a look in report RSUSR100(N) to see who unlocked the user ID.
Cheers,
Julius
04-03-2009 9:23 AM
H Julius
we confirmed with user , he just tried to log on , user was open , so he worked on the system.
most important thing is that , after locking all users, we took system boot also.
we tried the report RSUSR100(N) nothing is there.
Vijay
04-03-2009 9:34 AM
Are there change docs for other users which you locked?
If not, then go to transaction SE11 and display table USR02. Double-click on the field UFLAG and then select the "Where-used-list" button and search for programs which use it. Go to the botton of the list and take a look in the Z* and Y* program name space for the statement UPDATE or MODIFY.
If you find one, then show this to the SAP support folks when you open the ticket...
Cheers,
Julius
04-07-2009 8:06 AM
Hi all.
Not really an answer to the question.
I just want to mention the possibility of the user logging on with SSO.
We have seen in WAS 6.20 that even if a user is locked, the user can still logon using SSO-tickets.
If I remember correctly this was related to the password lock flag (64) and not admin lock flag (128).
The user could not log on when admin locked.
I still guess it works as designed.
/fredrik
04-07-2009 8:46 AM
04-07-2009 9:10 AM
04-07-2009 10:19 AM
04-07-2009 10:33 AM
>
> Hi
>
> we locks the user through t/code SU10
>
> Vijay
Hi Vijay, that doesn't surprise me that some users crept through. I have seen a few situations when SU10 is used and it fails to lock all users, even if the SU10 logs report that all is OK.
I prefer to do what Hari recommends and use EWZ5, though that is not without it's problems
04-07-2009 1:31 PM