cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Lock users out of the system with a SQL server 2005 script

Former Member

on ‎01-27-2011 10:56 PM

0 Kudos

I need to lock users out of the system before I start up SAP. If the below script unlocks users can someone tell me how to lock all users?

update <sid>.USR02 set UFLAG=0 where BNAME='users' and MANDT=<client number>

And with an exception to keep some users unlocked.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎01-28-2011 2:41 AM
0 Kudos

Hi Chris,

I would suggest you to first lock all users and then unlock the needed users;

To lock:

update <sid>.USR02 set UFLAG=128 where BNAME='users' and MANDT=<client number>

The above query will lock all users, then run a separate query to unlock the BASIS or required users.

You can put both the queries in a script.

Regards,

SBK

Show replies
Show replies
Former Member
‎01-28-2011 8:13 AM
0 Kudos

So if I want to lock all users I just have to enter BNAME='users' and if I want to unlock an individual I enter there username in BNAME='csoden' for example?

update <sid>.USR02 set UFLAG=128 where BNAME='users' and MANDT=<client number>

I found this somewhere else can someone confirm its correct for me-

0 Not Locked

32 Locked Globally By Administrator

64 Locked Locally By Administrator

128 Locked Due To Incorrect Logons (Limited Term)

Former Member
‎01-28-2011 12:01 PM
0 Kudos

Thanks for your help

To lock or unlock users:-

To lock individual users-

update <sid>.USR02 set UFLAG=64 where BNAME='USERNAME' and MANDT=<CLIENT NUMBER>

To lock all users-

update <sid>.USR02 set UFLAG=64 where MANDT=<CLIENT NUMBER>

To unlock users change the UFLAG value to 0 in either script.

UFLAG values-

0 Not Locked

32 Locked Globally By Administrator

64 Locked Locally By Administrator

128 Locked Due To Incorrect Logons (Limited Term)

In some cases when running the script it will throw an error about sr1.USR02. This is either due to the SID/Schema needing to be in uppercase ie; SR1.USR02 or not being needed at all ie; USR02

Former Member
‎01-30-2011 6:38 AM
0 Kudos

Hi Chris,

Yes you are absolutely right. Lock all users by not including bname field in the query.

update <schema>.usr02 set uflag=64/128 where mandt='client no';

Then you can unlock individual users by setting uflag='0' and specifing the users in the bname field

update <schema>.usr02 set uflag=0 where bname ='DDIC' and mandt='client no';

Regards,

SBK

Ask a Question