Users with incorrect logons

Former Member · ‎06-15-2009

Hi there,

Anybody knows where does SAP storage the number of incorrect logons?!

There is the transaction s_bce_68001402, but i could not find where it is storaged

I've checked the table USH02, but there is no data about it.

Thanks in advance,

Dany Anderson

Former Member · ‎06-15-2009

Take a look at the coding of report RSUSR006.

Cheers,

Julius

sdipanjan · ‎06-15-2009

> Take a look at the coding of report RSUSR006.

>

This is same as S_BCE_68001402 and will give Count in the last column (right side)..

Edited by: Dipanjan Sanpui on Jun 15, 2009 3:52 PM

Former Member · ‎06-15-2009

> This is same as S_BCE_68001402 and will give Count in the last column (right side)..

But it might make a difference if the OP places the cursor on the field and hits F1 on the keyboard to look at the technical properties (or looks at the tables used in the coding, and the application logic - if authorized...:-)

RSUSR006 will do it for you.

Cheers,

Julius

sdipanjan · ‎06-15-2009

I edited my previous post...

sdipanjan · ‎06-15-2009

SUIM -> Change Documents -> for users (S_BCE_68001439) -> Unmark all except "Incorrect Logon Lock set" ... execute .. will give a list of Incorrect Logon lock for users you provided for a given specified time.

Regards,

Dipanjan

sdipanjan · ‎06-15-2009

Also you may try RSUSR200....

for "Selection by Logon Attempts".. Mark only the "Users with Incorrect Logon Attempts".... mark/unmark other option such as User type etc. execute... The Last column will give you the number of Incorrect Attempts made by the user....

Regards,

Dipanjan

Former Member · ‎06-15-2009

Let me explain the reason about that.

The Audit asked me to turn on the Security Audit Log, but our server has not sized to support it, so after many hours talking, they decided that it would be need to collect the user logon attempts and in what day/hour each it happened.

So i need the following informations:

- username

- date and time

- user locked status (if it happened)

One more time, thank you very much

Dany Anderson

sdipanjan · ‎06-15-2009

If you are interested to check "Multiple Logons" and "Post Expiration Logons" attempts by users .. (these topics are very favorite of Auditors.. .. and will surely ask you).. you can use the following..

Go to USMM ...

1. User Data Analysis

2. In the Existing Measurement Data window.. go to tab "User Analysis"

3. Click on Any of the Button you want to check

Regards,

Dipanjan

Former Member · ‎06-15-2009

Dipanjan,

There is no button called User Data Analysis (our release is R/3 Enterprise).

I think there is only in ECC release.

sdipanjan · ‎06-15-2009

You will find those Buttons inside "Measurement Statistics" screen... in 4.7 EE..

Regards,

Dipanjan

Former Member · ‎06-15-2009

Yes, there is.

But our Audit wants another method.

When they asked it me, they suggest the following:

- Creating a application that audit all successful and unsuccessful connections from the SAP systems.

- That application has to storage the username, date/time and the reason.

- Besides it, the company auditor will have to analyse all audit data.

Because of that, i thought to share my problem with you to see if somebody has already had the same problem than i have.

Thanks again,

Dany Anderson

sdipanjan · ‎06-15-2009

hmm.. you need to activate SM20 audit log facility (through SM19) in that case..

Regards,

Dipanjan

Former Member · ‎06-16-2009

Dany,

To get the all details of "Locked due to incorrect Logon" we need to run SUIM --> Change Documents --> For users. Then

1 .Put the userlist in the user tab.

2. Put the date date range.

3. uncheck "Changes to Auths" and check "Changes to header data"

4. Then check "Incorrect Logon Lock Set"

Then execute it. It will provide you the details for locked due to incorrect logon..

For getting the details of successful logon, security log settings(SM20) needs to be activated. you can get the details from there.