09-07-2006 10:30 PM
Hello,
I am wanting to know if the text that appears when a person tries to log into SAP but they are locked can be changed. There are 2 types of locks. One is a password/login type and the other is an administrative. Is there a way to change the text and have a different one message for each type of lock?
When the user ends up locking his own record due to failed login attempts and tries to login again, he/she gets an inappropriate message "User locked. Please notify the person responsible".
The same message gets also issued regardless of whether the record is locked by the user or by the administrator. The UFLAG field in table USR02 reflects different lock status for each case. In case of user locked due to incorrect login the lock status is 128. And when the administrator locks the user record the lock status is 32 or 64.
Please assist
Thanks!
Asif
10-13-2006 3:46 PM
09-08-2006 5:49 AM
Hi,
when a user gets locked he will not be able to figure why it got locked. but the administrator does and he can see the message when he looks at the lock tab.
I believe error message texts do have character size limit
which makes you to be precise.
09-08-2006 5:57 AM
No, that does answer my question. With the support structure in place, our customer still need to know whether the lock is due to failed login attempts or administrator level lock.
As for the message text size limit, we can get creative there. I am sure other customers may have looked into this as area for improvement. So is there anyone out there that may have answer to my query.
Appreciate your input. Thanks!
09-08-2006 8:54 AM
As of NW2004s (SAP_BASIS 7.0) the system provides different error messages for both cases; however, in general the system will provide detailed error messages only when providing valid logon data:
When a user tries to logon with invalid UID/PWD then the system only returns the error message "Username or password incorrect".
When a user tries to logon with UID/PWD while the password lock is active (after exceeding the number of permissible failed password logon attempts) the system is not allowed to validate the password (otherwise it would disclose information it is not supposed to disclose). In that case (same as when the user does not have a password at all; in that case the system cannot validate the password as well) the system will return a descriptive error message.
The error messages regarding "account lock" (set by the admin) or "account expiration" (also defined by the admin) will only be displayed when the user has provided valid logon data.
All those statements above refer to NW2004s (SAP_BASIS 7.0).
Regards, Wolfgang
PS: since the entire user authentication is implemented in the kernel (including the evaluation and handling of the locks) there is nothing you can implement in older releases.
09-08-2006 8:34 PM
10-13-2006 3:46 PM
10-13-2006 4:24 PM
Well, <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0939017">SAP Note 939017</a> only performs a partial downport of the new 7.0 functionality: it allows to differentiate between <i>account lock</i> and <i>password lock</i> by providing two different error messages (for SAPGUI logon) as well as by providing the <u>ability to request</u> a different behaviour of some API functions.
However, releases prior to 7.0 will still not show a different error handling regarding other logon failure situations: e.g. "account locked" or "account expired" will be displayed even when providing invalid logon information (in releases < 7.0) while as of 7.0 this information is only disclosed when providing valid logon data.
Cheers, Wolfgang
10-13-2006 4:28 PM
PS: whenever I'm referring to "release 7.0" I'm referring to "NetWeaver 2004s" respectively "mySAP ERP 2005" - or technically speaking, an "ABAP system with software component SAP_BASIS 7.00"
01-11-2011 9:33 PM