08-03-2009 9:20 PM
Hello,
I run a query on the first of each month looking for any user account on our R/3 4.7E that have not logged in for 120 days. I lock out all inactive accounts. I have one user account that shows up each month as iinactive yet the user claims he uses the SAP system on a regular basis. I can look at his change documents and see that I have locked him out each month and then unlock him after he emails me. According to his change documents, he hasn't changed his password since Dec 2008 although we require a new password every 90 days. Through SM20, I have no recodrs for this user in a dialog login, RFC login, transaction start, etc for the past year.
I am not having this problem with any other user account. Any ideas?
Thanks,
Michael
08-03-2009 9:33 PM
> I am not having this problem with any other user account. Any ideas?
Check the user type in SU01 as it might be SERVICE, but that is unlikely based on your description...
What you can do is disable CPIC logins and reject expired passwords for Dialog (and Communication) type users which are not via the screens of SAPMSYST (the logon program). That should cure the problem, but you would be well advised to first be sure that all your RFC connections and other "interfaces" have the correct user types set.
It is a blunt tool, but a good one IMO.
I would also ask the user how they are logging onto the system. Sounds like an Excel "system" and you are on 46C release?
Cheers,
Julius
ps: Also check your job step users and possible hardcoding of the user ID. Someone might have immortalized themselves in the system.
Edited by: Julius Bussche on Aug 3, 2009 10:35 PM
08-03-2009 9:33 PM
> I am not having this problem with any other user account. Any ideas?
Check the user type in SU01 as it might be SERVICE, but that is unlikely based on your description...
What you can do is disable CPIC logins and reject expired passwords for Dialog (and Communication) type users which are not via the screens of SAPMSYST (the logon program). That should cure the problem, but you would be well advised to first be sure that all your RFC connections and other "interfaces" have the correct user types set.
It is a blunt tool, but a good one IMO.
I would also ask the user how they are logging onto the system. Sounds like an Excel "system" and you are on 46C release?
Cheers,
Julius
ps: Also check your job step users and possible hardcoding of the user ID. Someone might have immortalized themselves in the system.
Edited by: Julius Bussche on Aug 3, 2009 10:35 PM
08-03-2009 9:35 PM
I would like to mark this question as answered. This user was not telling me the truth and has not logged in since December as I expected. He was just raising an issue to me for locking his account.
08-03-2009 9:41 PM
Strange. They could also have simply logged on...
Perhaps they just like mailing with you every 90 days... or have now found another user ID to use for this which is at the same time active via the SAPGui...
Do a check on users of type SERVICE.
Cheers,
Julius
Edited by: Julius Bussche on Aug 3, 2009 10:41 PM