Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User locked but no change document

Go to solution
sebastian_konrad
Explorer

‎11-21-2009 7:21 PM

0 Kudos

Hello together,

i hope you are able to help me. i have a little problem.

In our system are many users are locked. So i have unlocked the user. the first point is that i cant find any change document who has locked the users. so where can i found something about that. MAny users of them are not locked at morning.

THe second problem is, that i see now in the change documents that i have unlocked the users and set a new password. I dont set a new password.

i dont know what here is happening but i hope you can help me.

please tell me if you need some more informations.

SAP ECC 6.0

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎11-22-2009 11:30 AM

0 Kudos

Are you using CUA for user administration?? Have you unlocked these users from CUA??

10 REPLIES 10

Go to solution
Former Member

‎11-22-2009 10:54 AM

0 Kudos

What is the value of your parameter login/failed_user_auto_unlock in the system?

Cheers,

Julius

Go to solution
sebastian_konrad
Explorer

‎11-22-2009 11:06 AM

0 Kudos

Hello,

the parameter is 0.

I dont think that some parameter are the problem, because they are in all system the same.

i dont know what the problem is.

Go to solution
Former Member

‎11-22-2009 11:30 AM

0 Kudos

Are you using CUA for user administration?? Have you unlocked these users from CUA??

Go to solution
Former Member
In response to Former Member

‎11-23-2009 9:27 AM

0 Kudos

1. We can locked the all the users in centrally (Global Lock) using SU01.

2. Using SU10 to lock the mass users ID in system.

3. Recently any system upgrade happened?( Basis Team centrally locked the users )

4. System Refresh or System Copy happened? (Basis Team centrally locked the users).

Go to solution
Former Member
In response to Former Member

‎11-23-2009 10:07 AM

0 Kudos

Good ponits.. the plot thinkens

Another possibility, particularly if change documents are missing... is a custom program.

In SE11 select USR02 and do a where-used-list lookup on it. Keep an eye on any programs in the Z* and Y* range with the name "LOCK" in it somewhere, and whether it is touching field UFLAG (e.g. MODIFY OR UPDATE statements, etc).

Cheers,

Julius

Go to solution
Former Member
In response to Former Member

‎07-24-2015 3:40 PM

0 Kudos

HI Julius,

Though this is an old post, i have a question related to your above comment. If a custom program is indeed being used to lock users (which is the case at our client), how do we track those changes? Those dont come up in change docs in suim or DBTABLOG. Do you think the Change Documents service is not being called in the custom program which call tables CDHDR and CDPOS? I am trying to understand does SAP support change log if users are locked via a custom program? if not, then it is a huge audit risk.

Thanks

SV

Go to solution
Bernhard_SAP
Employee
Employee

‎11-23-2009 10:41 AM

0 Kudos

Hello,

did you check the USH02 tabele directly for change log entries or only by SUIM?

I strongly recommend to check the table content directly in this case to proof, if the lock-chg.-documents are really missing or if there is a problem in SUIM.

Regarding the password change entry when unlocking a user: please have a look at SAP note #1402852. As the structure of ush02 has been changed, such strange records appear at the first change of a user after upgrading a system....

b.rgds, Bernhard

Go to solution
radhakrishnan_r
Participant
In response to Bernhard_SAP

‎07-24-2015 5:59 PM

0 Kudos

RFC connections could be the issue and those usernames are used in RFC when they rest the password it will attempt to use existing password if its not updated in the RFC destination.

Please close the thread since its a very old one

Go to solution
Former Member

‎07-27-2015 3:57 PM

0 Kudos

HI Guys,

Though this is an old post, i have a question related to your above comments. If a custom program is indeed being used to lock users (which is the case at our client), how do we track those changes? Those dont come up in change docs in suim or DBTABLOG. Do you think the Change Documents service is not being called in the custom program which call tables CDHDR and CDPOS? I am trying to understand does SAP support change log if users are locked via a custom program? if not, then it is a huge audit risk.

Thanks

Sandesh

Go to solution
Colleen
Advisor
Advisor
In response to Former Member

‎07-28-2015 2:13 PM

0 Kudos

I'd have someone review the code and look at what it does. It is manually updating UFLAG with a specific value (not 128, 64, etc) or is it calling a function module

If the code is hitting the database directly and not writing logs or change docs then that is an audit/tracking issue

SAP would "support" it is the custom code catered for it.

Regards

Colleen