06-15-2009 7:55 PM
Hi there,
Anybody knows where does SAP storage the number of incorrect logons?!
There is the transaction s_bce_68001402, but i could not find where it is storaged
I've checked the table USH02, but there is no data about it.
Thanks in advance,
Dany Anderson
06-15-2009 8:35 PM
06-15-2009 8:44 PM
> Take a look at the coding of report RSUSR006.
>
This is same as S_BCE_68001402 and will give Count in the last column (right side)..
Edited by: Dipanjan Sanpui on Jun 15, 2009 3:52 PM
06-15-2009 8:58 PM
> This is same as S_BCE_68001402 and will give Count in the last column (right side)..
But it might make a difference if the OP places the cursor on the field and hits F1 on the keyboard to look at the technical properties (or looks at the tables used in the coding, and the application logic - if authorized...:-)
RSUSR006 will do it for you.
Cheers,
Julius
06-15-2009 9:17 PM
06-15-2009 8:43 PM
SUIM -> Change Documents -> for users (S_BCE_68001439) -> Unmark all except "Incorrect Logon Lock set" ... execute .. will give a list of Incorrect Logon lock for users you provided for a given specified time.
Regards,
Dipanjan
06-15-2009 8:52 PM
Also you may try RSUSR200....
for "Selection by Logon Attempts".. Mark only the "Users with Incorrect Logon Attempts".... mark/unmark other option such as User type etc. execute... The Last column will give you the number of Incorrect Attempts made by the user....
Regards,
Dipanjan
06-15-2009 9:22 PM
Let me explain the reason about that.
The Audit asked me to turn on the Security Audit Log, but our server has not sized to support it, so after many hours talking, they decided that it would be need to collect the user logon attempts and in what day/hour each it happened.
So i need the following informations:
- username
- date and time
- user locked status (if it happened)
One more time, thank you very much
Dany Anderson
06-15-2009 9:32 PM
If you are interested to check "Multiple Logons" and "Post Expiration Logons" attempts by users .. (these topics are very favorite of Auditors.. .. and will surely ask you).. you can use the following..
Go to USMM ...
1. User Data Analysis
2. In the Existing Measurement Data window.. go to tab "User Analysis"
3. Click on Any of the Button you want to check
Regards,
Dipanjan
06-15-2009 9:46 PM
Dipanjan,
There is no button called User Data Analysis (our release is R/3 Enterprise).
I think there is only in ECC release.
06-15-2009 9:51 PM
You will find those Buttons inside "Measurement Statistics" screen... in 4.7 EE..
Regards,
Dipanjan
06-15-2009 10:06 PM
Yes, there is.
But our Audit wants another method.
When they asked it me, they suggest the following:
- Creating a application that audit all successful and unsuccessful connections from the SAP systems.
- That application has to storage the username, date/time and the reason.
- Besides it, the company auditor will have to analyse all audit data.
Because of that, i thought to share my problem with you to see if somebody has already had the same problem than i have.
Thanks again,
Dany Anderson
06-15-2009 10:39 PM
hmm.. you need to activate SM20 audit log facility (through SM19) in that case..
Regards,
Dipanjan
06-16-2009 12:29 AM
Dany,
To get the all details of "Locked due to incorrect Logon" we need to run SUIM --> Change Documents --> For users. Then
1 .Put the userlist in the user tab.
2. Put the date date range.
3. uncheck "Changes to Auths" and check "Changes to header data"
4. Then check "Incorrect Logon Lock Set"
Then execute it. It will provide you the details for locked due to incorrect logon..
For getting the details of successful logon, security log settings(SM20) needs to be activated. you can get the details from there.