Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Inappropriate error message when user is locked

Go to solution
asif_rahmetulla
Participant

‎09-07-2006 10:30 PM

0 Kudos

Hello,

I am wanting to know if the text that appears when a person tries to log into SAP but they are locked can be changed. There are 2 types of locks. One is a password/login type and the other is an administrative. Is there a way to change the text and have a different one message for each type of lock?

When the user ends up locking his own record due to failed login attempts and tries to login again, he/she gets an inappropriate message "User locked. Please notify the person responsible".

The same message gets also issued regardless of whether the record is locked by the user or by the administrator. The UFLAG field in table USR02 reflects different lock status for each case. In case of user locked due to incorrect login the lock status is 128. And when the administrator locks the user record the lock status is 32 or 64.

Please assist

Thanks!

Asif

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎10-13-2006 3:46 PM

0 Kudos

Please check SAP Note: 939017

8 REPLIES 8

Go to solution
Former Member

‎09-08-2006 5:49 AM

0 Kudos

Hi,

when a user gets locked he will not be able to figure why it got locked. but the administrator does and he can see the message when he looks at the lock tab.

I believe error message texts do have character size limit

which makes you to be precise.

Go to solution
asif_rahmetulla
Participant
In response to Former Member

‎09-08-2006 5:57 AM

0 Kudos

No, that does answer my question. With the support structure in place, our customer still need to know whether the lock is due to failed login attempts or administrator level lock.

As for the message text size limit, we can get creative there. I am sure other customers may have looked into this as area for improvement. So is there anyone out there that may have answer to my query.

Appreciate your input. Thanks!

Go to solution
WolfgangJanzen
Product and Topic Expert
Product and Topic Expert

‎09-08-2006 8:54 AM

0 Kudos

As of NW2004s (SAP_BASIS 7.0) the system provides different error messages for both cases; however, in general the system will provide detailed error messages only when providing valid logon data:

When a user tries to logon with invalid UID/PWD then the system only returns the error message "Username or password incorrect".

When a user tries to logon with UID/PWD while the password lock is active (after exceeding the number of permissible failed password logon attempts) the system is not allowed to validate the password (otherwise it would disclose information it is not supposed to disclose). In that case (same as when the user does not have a password at all; in that case the system cannot validate the password as well) the system will return a descriptive error message.

The error messages regarding "account lock" (set by the admin) or "account expiration" (also defined by the admin) will only be displayed when the user has provided valid logon data.

All those statements above refer to NW2004s (SAP_BASIS 7.0).

Regards, Wolfgang

PS: since the entire user authentication is implemented in the kernel (including the evaluation and handling of the locks) there is nothing you can implement in older releases.

Go to solution
asif_rahmetulla
Participant
In response to WolfgangJanzen

‎09-08-2006 8:34 PM

0 Kudos

Thanks!

Go to solution
Former Member

‎10-13-2006 3:46 PM

0 Kudos

Please check SAP Note: 939017

Go to solution
WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to Former Member

‎10-13-2006 4:24 PM

0 Kudos

Well, <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0939017">SAP Note 939017</a> only performs a partial downport of the new 7.0 functionality: it allows to differentiate between <i>account lock</i> and <i>password lock</i> by providing two different error messages (for SAPGUI logon) as well as by providing the <u>ability to request</u> a different behaviour of some API functions.

However, releases prior to 7.0 will still not show a different error handling regarding other logon failure situations: e.g. "account locked" or "account expired" will be displayed even when providing invalid logon information (in releases < 7.0) while as of 7.0 this information is only disclosed when providing valid logon data.

Cheers, Wolfgang

Go to solution
WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to Former Member

‎10-13-2006 4:28 PM

0 Kudos

PS: whenever I'm referring to "release 7.0" I'm referring to "NetWeaver 2004s" respectively "mySAP ERP 2005" - or technically speaking, an "ABAP system with software component SAP_BASIS 7.00"

Go to solution
asif_rahmetulla
Participant

‎01-11-2011 9:33 PM

0 Kudos

Thanks!