08-07-2007 4:08 AM
I want to auto lock the user account that hasn't login for over 180 days. How to set in R/3? And how I know the auto lock information? By a report or t-code? Thanks you guys, give me a help.
08-07-2007 6:50 AM
Hi,
I cannot think of a report to lock users, therefore you will need to create a new ABAP, this should not be difficult.
The data you need to look at is in table USR02, there is a Field for the lock status of each user, 0=unlocked, 64=administrator lock, 128=incorrect password lock. There are other variations for CUA and combinations of the above.
Hope this helps.
Regards
Ashley
08-07-2007 10:20 AM
As of NetWeaver 7.0 (NWAS ABAP) this can be achieved by setting a profile parameter (see <a href="https://service.sap.com/sap/support/notes/862989">SAP Note 862989</a>).
This topic has been discussed previously in this forum.
You might search for older threads.
08-07-2007 2:03 PM
The OSS note - 862989 - did not indicate how you could auto lock a user after a certain time period. You will have to create an ABAP for this - use the function - SUSR_USER_LOCK.
08-07-2007 2:18 PM
Sorry, but that's non-sense.
You do not have to set an account lock in order to prevent someone from using a password that has not been used for a longer period of time. If a user tries to use a password which has not been used for a certain period of time (which can be defined by the profile parameter) he'll receive an error message. In such a case the admin has to set a new password for this user (which will have to be changed by the user, then).
08-07-2007 2:55 PM
I think the original question was to auto lock a user that has not logged in for 180 days - usually some kind of audit requirement - this user has already logged on with the initial password - but they have not logged on since.
What I think you are referring to is the initial password - that can be set with a parameter - if a user does not log on with the initial password - then the password is invalid after the specified time.
08-07-2007 2:57 PM
No, as described in <a href="https://service.sap.com/sap/support/notes/862989">SAP Note 862989</a> there are two parameters:
- login/password_max_idle_initial
- login/password_max_idle_productive
Your statement is only true for older systems (6.20 - 6.40); see <a href="https://service.sap.com/sap/support/notes/450452">SAP Note 450452</a> (kindly notice the limitations and constaints mentioned there - and the "outlook" to NetWeaver 7.0).
08-07-2007 3:10 PM
Yes - you are correct. If Yimeng is on NW 7.0 then the login/password_max_idle_productive parameter can be used. Otherwise it's an ABAP.
08-07-2007 3:17 PM