Yesterday morning someone locked the ddic user of our BW system.I want to know who tried to lock the user.I have checked through suim that cua_user has changed.But I want to know the exact username.How to do so??Solman is our CUA master client & BW,ECC are child clients.
I believe you can check in SU01 only, enter the user name and choose Display-> then have a look at the changed on field it shows the user name and the changed Date and time.
Juan,we have not security audit log..Audit Log entries are not showing.Moreover how to activate Security audit log??Is there any way we can find out other than sm20??
You can activate the security logs using the Tcode SM19. I wont think so there is any other way if security logs are not enable. Besides this you have to also set the parameter rsau/enable=1 in all the servers where you want to activate audit logs.
You can check SM21, when a user is locked is registered there together with the name of the PC where the attempt was made (Look under Terminal)... maybe that way you'll find the suspect.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.