cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Result of blocking a user

Former Member

on ‎09-07-2009 4:59 PM

0 Kudos

Hello everyone,

I would like to clarify the impact of blocking a user. More particularly the impact on the background jobs.

I create a normal user, and i assign to it a standard job. The job runs OK. Now i block this user, and i relaunch this job --> the job fails with reason that the user is locked.

When i do the same for DDIC, this doesn't happen, say i trigger a background job using DDIC, even though DDIC is locked, the job still continues.

How come it works with DDIC and not with another user ?

Also, i thought that the result of blocking a user was only to unable it to LOG onto the system. Am i wrong ?

Thanks in advance for your help.

Kr,

a

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎09-08-2009 10:16 AM
0 Kudos

Hi all,

Thanks for your answers, they helped me.

I've done some test cases. Actually DDIC behaves like any other user when locked --> the job fails.

Also, when DDIC is locked due to incorrect logons, then the job doesn't fail.

So it's strange then what SAP recommends from their security audit --> they recommend to block DDIC, SAP* and such. How are the jobs supposed to run then ?

Thanks,

a

Show replies
Show replies
Former Member
‎09-08-2009 8:43 AM
0 Kudos

Hi all,

Jobs that are scheduled with the help of DDIC or SAP* would run even after the user is locked.

This happens because when a job runs, the shared user memory area occupied by this work process is utilized by the system for all the other users except for these two super users. So no matter whether DDIC is locked or not, the job would run.

hope this helps.

regards,

Sree.

Show replies
Show replies
anindya_bose
Active Contributor
‎09-08-2009 9:14 AM
0 Kudos

>Jobs that are scheduled with the help of DDIC

I think this happens for "Incorrect Logon" lock only..If an administrator locks DDIC, job should not run with DDIC.

former_member185031
Active Contributor
‎09-08-2009 7:13 AM
0 Kudos

>>create a normal user, and i assign to it a standard job. The job runs OK. Now i block this user, and i relaunch this job --> the >>job fails with reason that the user is locked.

That's correct

>>When i do the same for DDIC, this doesn't happen, say i trigger a background job using DDIC, even though DDIC is locked, the >>job still continues.

In this point i agree with Anindya, either the job is only scheduled by DDIC and runs with another user which you can check in Step, or the job runs in some another client where user DDIC is not locked.

Regards,

Subhash

Show replies
Show replies
anindya_bose
Active Contributor
‎09-08-2009 5:14 AM
0 Kudos

Not sure for DDIC but if you lock an user under whose name a job is supposed to run, the job will definitely fail. But you should check whether its the user who created the job or the user under whose name the job is running.

Initial screen of SM37 shows you the name of the job creator, if that user is locked..no problem job will still run..provided job is running under different user id. You can check that from "STEP" of a job.

For DDIC, if it is 000 client, and DDIC is locked by "Incorrect Logon" I observed jobs to run with DDIC. But if it is "Administrator Lock", job fails. From SUIM try to finf how DDIC was locked.

You can try the same for other client as well.

Show replies
Show replies
Ask a Question