Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

how to auto lock a user account

Former Member

‎08-07-2007 4:08 AM

0 Kudos

I want to auto lock the user account that hasn't login for over 180 days. How to set in R/3? And how I know the auto lock information? By a report or t-code? Thanks you guys, give me a help.

8 REPLIES 8

Former Member

‎08-07-2007 6:50 AM

0 Kudos

Hi,

I cannot think of a report to lock users, therefore you will need to create a new ABAP, this should not be difficult.

The data you need to look at is in table USR02, there is a Field for the lock status of each user, 0=unlocked, 64=administrator lock, 128=incorrect password lock. There are other variations for CUA and combinations of the above.

Hope this helps.

Regards

Ashley

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert

‎08-07-2007 10:20 AM

0 Kudos

As of NetWeaver 7.0 (NWAS ABAP) this can be achieved by setting a profile parameter (see <a href="https://service.sap.com/sap/support/notes/862989">SAP Note 862989</a>).

This topic has been discussed previously in this forum.

You might search for older threads.

Former Member

‎08-07-2007 2:03 PM

0 Kudos

The OSS note - 862989 - did not indicate how you could auto lock a user after a certain time period. You will have to create an ABAP for this - use the function - SUSR_USER_LOCK.

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to Former Member

‎08-07-2007 2:18 PM

0 Kudos

Sorry, but that's non-sense.

You do not have to set an account lock in order to prevent someone from using a password that has not been used for a longer period of time. If a user tries to use a password which has not been used for a certain period of time (which can be defined by the profile parameter) he'll receive an error message. In such a case the admin has to set a new password for this user (which will have to be changed by the user, then).

Former Member

‎08-07-2007 2:55 PM

0 Kudos

I think the original question was to auto lock a user that has not logged in for 180 days - usually some kind of audit requirement - this user has already logged on with the initial password - but they have not logged on since.

What I think you are referring to is the initial password - that can be set with a parameter - if a user does not log on with the initial password - then the password is invalid after the specified time.

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to Former Member

‎08-07-2007 2:57 PM

0 Kudos

No, as described in <a href="https://service.sap.com/sap/support/notes/862989">SAP Note 862989</a> there are two parameters:

- login/password_max_idle_initial

- login/password_max_idle_productive

Your statement is only true for older systems (6.20 - 6.40); see <a href="https://service.sap.com/sap/support/notes/450452">SAP Note 450452</a> (kindly notice the limitations and constaints mentioned there - and the "outlook" to NetWeaver 7.0).

Former Member
In response to Former Member

‎08-07-2007 3:10 PM

0 Kudos

Yes - you are correct. If Yimeng is on NW 7.0 then the login/password_max_idle_productive parameter can be used. Otherwise it's an ABAP.

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to Former Member

‎08-07-2007 3:17 PM

0 Kudos

Yes - see in this forum.