cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Who locks my SAP user ID

Go to solution
Former Member

on ‎08-26-2009 11:13 AM

0 Kudos

Hi Experts,

I need to understand how my ID gets locked due to incorrect password attempts.

It can be a dialog user or communication user. Its clear that someone tries to login with incorrect password and locks the user ID. Is there a way to identify from which machine/IP address is the incorrect logon attempt made.

Regards,

Karthick.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎08-27-2009 10:45 AM
0 Kudos

Hi,

Please check through table USR41 and USR41_MLD in TCODE:se16. You will get users with all the terminal ID. Here you filter the output with your ID.

Hope this will help.

Thx.

Show replies
Show replies

Answers (8)

Answers (8)

former_member906139
Active Participant
‎09-01-2009 1:44 PM
0 Kudos

Hello Karthik,

You have mentioned as the user which is getting locked is communication user.

Then it must be used in Some RFC to login to your system from other system.

You are trying to trace the terminal from where the user is loged in or tryied to login and in those attepts locked the user by incorrect logons (Please correct me if I am wrong). but as this is communication user, dialog login is not possible.

Hence I guess there will be no trace for terminal from where it is logged in.

Now as your user is getting frequently locked, please check where it is used for any RFC connection in any System.

Please update on this issue.

Regards,

Abhay

Show replies
Show replies
Former Member
‎09-01-2009 5:44 AM
0 Kudos

Hi ,

Thanks for the suggestion. USR41 table provides the terminal details. Is that sure that it provides the terminal details of any type of user , even for communication/RFC users and the user entry if it is tried with incorrect password though he does not login ?

What is the significance of USR41_MLD table as the data are odselete data. Also is that USR41 table has data of the current date only ? Is there a way to get the history of data .

Regards,

Karthick.

Show replies
Show replies
Former Member
‎09-01-2009 7:07 AM
0 Kudos

Hi Karthick,

I think the table USR41 will contain the entry of users who loged in to the system with terminal id.It will not have entry for locked users.

USR41_MLD will have the information on multiple login.

the terminal id from which the user trying to login with wrong password you can get from sm21 or from sm20.

Note 1050441 - SecAudit: Only short terminal names and no transaction codes

Note 1233843 - SAL: Host name truncated after 8 characters in SM20

Regards

Ashok Dalai

Former Member
‎09-01-2009 12:22 PM
0 Kudos

Hello Kathrick

As above mentioned table USR41 & USR41_MLD will not display the lock user-id by which terminal nor by the SUIM tcode.

The user can have the complete detail about user-id locked by sm21 / sm20 , whcih displaying the terminal detail in log.

REgards

Anwer Waseem

Former Member
‎08-27-2009 3:24 AM
0 Kudos

Hi All,

I have checked from SU01 as well as SUIM. Everywhere it mentiones the timing and the reason why the user got locked. But no where it provides the details of from which machine the request was made.

example: If we attempt to login to Visual Admin or ir/portal with incorrect password of J2ee_admin user it gets locked which is expected. But who lock it !!

Regards,

Karthick.

Show replies
Show replies
former_member185031
Active Contributor
‎08-27-2009 9:27 AM
0 Kudos

As Juan said, if audit log is enabled then you can find the terminal name drom SM20 from the attemts made on ABAP side but for java side i dont have any idea.

Regards,

Subhash

Former Member
‎08-27-2009 9:41 AM
0 Kudos

of course, you would have to configure RFC/CPIC login in the audit classes in SM19 at first. just to be on the safe side, you might also want to flag RFC call.

Former Member
‎08-26-2009 3:01 PM
0 Kudos

Hi,

please check table usr02 for password lock history.

Thanks & Regards,

Vidaydhar K

Show replies
Show replies
Former Member
‎08-26-2009 12:01 PM
0 Kudos

Hi ,

Thanks for the feedback. The user type is Communication user. Its not recorded in SM21 or SM04.

Regards,

Karthick.

Show replies
Show replies
Former Member
‎08-26-2009 2:50 PM
0 Kudos

Did you try to check change documents via SUIM as suggested earlier?

you can access directly via SU01 -> information-> Change documents for user- > enter your user name and select incorrect logon lock set

or via suim-> change documents -> for users

Former Member
‎08-26-2009 11:46 AM
0 Kudos

You will get some of the information in suim too.

Show replies
Show replies
Former Member
‎08-26-2009 11:24 AM
0 Kudos

hello,

check the tcode sm04 which shows you the terminal(hostnames) from where the users are logged in.

thanks,

Prasanna

Show replies
Show replies
JPReyes
Active Contributor
‎08-26-2009 11:21 AM
0 Kudos

Yes, if its a dialog attempt will be registered in SM20 or SM21(both with terminal name)

If your user is been used on a RFC will most likely be locked by a recurrent job at the same time every time so look for jobs cancelled.

Regards

Juan

Show replies
Show replies
Ask a Question