on 05-23-2007 9:21 AM
We have SAP on SUSE ES linux with back end as Maxdb 7.5
SAP* and DDIC go locked and while trying with Sql statement
select * from usr02 where mandt='000' and bname='sap*';
unknown table name usr02 sqlstate 42000
could any one help us
swamy
Swamy,
how do you submit the sql statement (which user, which tool) ?
Log on to your Linux box as <sid>adm and run this command:
sqlcli -U DEFAULT "select * from usr02 where mandt='000' and bname='SAP*'"
Best Regards,
Henning
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Swamy,
if SAP* is not in the usr02 table, it probably has been deleted, which would be the first step to unlock a locked SAP* user (in case all users are locked and no user is left to unlock the others in SU01).
The next steps would be:
- add this parameter to instance profile /usr/sap/<SID>/SYS/profile/<SID>_DVEBMGS<instance>_<host> :
login/no_automatic_user_sapstar = 0
- restart SAP system
- logon to SAP system (client 000) as SAP* with password "pass" . This only works if SAP* does not exist in that client.
- create a new SAP* user with SU01, e.g. as a copy from DDIC and group SAP*
- keep the password this time
Best Regards,
Henning
-> your sap release?
-> are you sure user SAP* exists in client 000?
usually you would NOT update the password ovf SAP* but <b>delete the user</b> in the specifiecd client, which opens the (back)door to login to that client using SAP* and password PASS...remember: a user SAP* (incl. authorizations etc.) is not the same as the SAP`which is hard coded into the system...so, when threre is no user SAP you can still use the "hard coded" one...assuming that specific profile paramreters ar not set (like <i>login/no_automatic_user_sapstar</i>)
GreetZ, AH
Thank u Mr. Greetz and Mr. Henning,
I have tried both command first to update and then delete the user. the return code for both the executions is '0"
however when executed the statement select mandt, bname, uflag from usr02 it is returning the with print which has the output vlaue for 000 sap* 128.
neither it is getting updated or deleted.
regards
swamy
Mr. Henning,
we tried the following:
add this parameter to instance profile /usr/sap/<SID>/SYS/profile/<SID>_DVEBMGS<instance>_<host> :
login/no_automatic_user_sapstar = 0
- restart SAP system
- logon to SAP system (client 000) as SAP* with password "pass" . This only works if SAP* does not exist in that client.
when we try to log-in to the system
"password logon no longer possible - too many failed attempts
Mr. Henning
when i give a command in sidadm > sqlcli -U DEFAULT "select * from usr02 where mandt='000' and bname='sap*'"
it prints follows
0;
when i give sqlcli -U DEFAULT "select mandt,bname,uflag from usr02"
it gives like
mandt bname uflag
000 ddic 128
000 sap* 128
000 sapcpic 0
001 ddic 0
001 sap* 0
so what i understood is if uflag is 128 it is locked by user
if it is 0 it is unlock
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.