Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Lock Inactive/Dormant users in SAP automatically

Former Member

‎05-11-2014 9:22 AM

0 Kudos

Hi Guys,

  • We have a requirement to find out a program/report which will lock the inactive dialog users if the user has not logged on for 90 days in the SAP system. This will be implemented in child system.

  • Please advise if there is any standard program/report available in SAP to achieve this task or we need to go for a customized program.
  • The restriction is only on the logon date/no. of days since last logon>=90, user lock currently=0 and user validity=Active user.

Thanks a lot and have a nice day!!

  • Ravi Pinjani.
8 REPLIES 8

Former Member

‎05-11-2014 9:40 AM

0 Kudos

Hi Ravi,

As far I know, there is no standard program for your requirement, you need to go for a customized report.

You can use the report RSUSR200 to get the list of inactive users, from this list you need to develop a BDC to deactivate the users. This BDC would be used to lock the users, change the user group, remove roles from the user.

You can then run this report in background on a periodic basis.

Regards,

Laxman

Former Member
In response to Former Member

‎05-11-2014 9:49 AM

0 Kudos

Hi Laxman,

Thanks for the quick response.

Can you please advise what's the full form of BDC. Our requirement is to only change the user lock value from 0 to 64.

Any reference link for customized program.

What should be the frequency of execution for the customized program?

Thanks for your help

Former Member
In response to Former Member

‎05-12-2014 9:33 AM

0 Kudos

Hi Ravi,

BDC stands for Batch Data Communication, BDC allows you to perform database updates in the background.

Please take help of ABAPer.

Frequency of this program should be daily so system will calculate inactive users and lock them on daily basis. Better to schedule this at night when the load is minimum on system.

Hope this helps.

BR,

Mangesh

Former Member
In response to Former Member

‎05-21-2014 11:35 AM

0 Kudos

No need for a BDC. Look at ABAP function BAPI_USER_LOCK.

Steve.

shivraj_singh2
Active Participant

‎05-12-2014 3:28 PM

0 Kudos

Ravi,

Please look into the profile parameter -

login/password_max_idle_productive -

Specifies the maximum period for which a productive password (a password chosen by the user) remains valid if it is not used. After this period has expired, the password can no longer be used for authentication. The user administrator can reactivate password-based logon by assigning a new initial password. Permissible values: 0 – 24,000 (unit: days); Default value 0, that is, the check is deactivated Available after SAP NetWeaver 6.40

Your objective of preventing users from logging after 90days of inactivity can be handled easily by setting the value to 90 for this parameter. I don't think you need to reinvent the wheel for this by creating ABAP reports etc.

Regards,

Shivraj Singh

Former Member
In response to shivraj_singh2

‎05-21-2014 11:19 AM

0 Kudos

Hi

The parameter will not help as it will effect the SAP stnadard ids and ids in 000/001/066 clients where team does not login on daily basis.

Regards

Saurabh

martin_voros
Active Contributor
In response to shivraj_singh2

‎05-21-2014 11:36 PM

0 Kudos

Hi,

depending on release you could use security policies. This will allow you to have different password rules for different groups of users.

Cheers

Bernhard_SAP
Employee
Employee

‎05-22-2014 12:25 PM

0 Kudos

Hi all,

there is a standard solution available since one year already, for everybody who has no own tool/process defined. Please use SAP note 1656965 to get more details!

b.rgds, Bernhard