on 02-06-2013 10:37 AM
Hi All,
Due to urgent audit requirement; we have to run some report in client 066 of production system and send back to auditors.
But we are facing problem as no one is aware of any user's password in cleint 066. Tried ‘support’ for earlywatch user; ‘06071992‘ and 'pass‘ for sap* but did not work. One option we thought of was to delete sap* at OS level for client 066 and login with pass. But parameter "login/no_automatic_user_sapstar" is set to 1 and we cannot restart all production systems twice for doing this activity.
Could anyone please help what are the options here. Please advise if anyone is aware of sql query to copy password of any user from one client to another or to export a user from one client and import to another etc.
Thanks,
Varun
Hello
If you have a user ID and password of a client and if that user is also present in client 066 then you can update the BCODE of the user on client 066 with the one from the other client along with other fields like PWDCHGDATE etc. It is not a standard practice but a dirty trick. it works.
Cheers
RB
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks RB for your reply. Actually are not worried about changing any fields like pwdchgdate etc and we want to keep them actual. Only requirement is to find some user/password to login to 066. We are not able to do it at SAP level; so trying to do this at sql. Could you please elaborate and share the comand how atht can be done.
Thanks
Varun
Assuming that you have an Oracle database and schema is SAPSR3 here is it the SQL statement for you.
update sapsr3.usr02 set
BCODE = (select bcode from sapsr3.usr02 where bname='&&user_name' and MANDT = '&&source_client')
,PASSCODE = (select PASSCODE from sapsr3.usr02 where bname='&&user_name' and MANDT = '&&source_client')
,PWDCHGDATE = (select PWDCHGDATE from sapsr3.usr02 where bname='&&user_name' and MANDT = '&&source_client')
where bname='&&user_name' and MANDT='&&TARGET_CLIENT';
If the schema is different then replace SAPSR3 with the one you have.
You will be asked for the username and source client and then the target client.
Make sure that the user name is same and present on both the clients
I apologize if you have a different database.
Good luck
Cheers
RB
Normally we dont login any other client other than production client to take any report for auditing,
Auditing will be done for production client ,066 client is not meant for us,its for SAP
For my knowledge can i know what kind of the report they are telling you to run in 066?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
As its production system, I would suggest you to stick to the SAP standard procedures. Take system downtime -> activate SAP* -> run the audit reports -> deactivate SAP* -> release for users. If urgent downtime is not possible then schedule the activity for the maintenance window.
Regards
Mudasir.
Hi Steve,
The report is to be run in every client as it is related to users and different in each client. We need to find last logon and password change details of all standard users like ddic, earlywatch, sap* etc in every client. For this we execute suim > user by logon date and password change > execute with all options selected. I hope htis clarifies; why we cannot find this from any other client. Also; we will be able to keep one user's password in 066 for any such future requirement.
Regards
Varun
If you have DB access, you should be able to copy the password fields from table USR02 for a client/user you do know the password for, overwriting those fields for an existing user (I suggest sap*) in 066. The field you want to copy is OCOD1 for the current password.
That said, this appears to have changed since last time I tried this. It looks like it is true still on my 4.7 system, but not for my ERP6/EHP5 system. I don't know how it has changed, nor where the password is in the new system. You'll need to check your system to see if this would work for you.
Steve.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Steve,
Thanks for your reply. We know DDIC password in client 000;100. And we have acess to DB server as sidadm. From there; earlier I have successfully unlocked user on our EHP system with commands like below
SQL> update <schema name>.usr02 set uflag='0' where bname='user' and mandt='000';
I am searching for something similar using which password can be copied but not able to find sql statement which can help in this. We have approvals from management to go for it and overwrite any user's password in 066 and no one in organisation knows it; but we are not able to do it. Could you please help.
Thanks
Varun
User | Count |
---|---|
96 | |
11 | |
11 | |
10 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.