Possible to lock account (not password) after wron...

Former Member · ‎07-10-2008

Hi

Does anybody know if it is possible to lock a account after several wrong login attempts in a R/3 System?

Important is that I am not talking about a password lock (login through SSO still possible) but about an account lock (login through SSO no longer possible).

Thankls for your Help,

Minima

Former Member · ‎07-10-2008

Hi,

User lock

If the "valid from" to "valid to" gets expired then user gets locked and either by SU01/SU10/EWZ5/Program EWULKUSR/by parameter login/failed_user_auto_unlock you can unlock the user

Password locks

Due to failed login attempts the password is locked and password can be released by SU01 or by parameter login/failed_user_auto_unlock

If you want to lock the user because of failed login attempts then an custom defined abap program will help to achieve that. Capture the event of failed login attempts from parameter login/fails_to_user_lock and lock the user account.

Guess I understood your question rightly

Former Member · ‎07-10-2008

I don't think there is any way of doing this properly. Anyway, when using SSO it is common to deactivate the password.

One possible workaround would be to create a periodic job which every 5 or 10 minutes looks for users with password locked status (BAPI_USER_GETLIST), and then changes this to a user lock (BAPI_USER_LOCK). However you should only do this to Dialog type users, as giving externals the possibility to lock your system accounts is not a wise idea...

I generally think your requirment is a bit strange... to be honest

Cheers,

Julius

Possible to lock account (not password) after wrong login attempts