Skip to Content

Program to unlock Firefighter user


We have an old report which has an input field for client number in the selection screen. If we input the client number(eg 200) and execute it, the program will unlock the firefighter user 'FIREBASIS' for 1 day in that particular client. User can login with the initial password 'PASS' after executing this program for 1 day.

Now, suddenly this report has stopped working. After executing the report if user tries to login with the user it gives message "The initial password has expired(request a new one)".

I checked that the program is updating the USR02 table entry for the user 'FIREBASIS' to extend the validity. It updates fields like Password Hash Key(BCODE), User Lock Status(UFLAG),User valid to(GLTGB),Password Hash Value(PWDSALTEDHASH) etc. After executing the report it extends the validity of the user till current date, but still we are unable to login.

When I open the user in SU01 it shows the following message: "Password logon not possible (Initial password has expired)". I understand that it has something to do with the last password change date and the profile parameter login/password_max_idle_initial. But even if I change the last password change date to current date in USR02, I'm unable to login.

Since I have to take care of this progrmmatically, it'll be of great help if you can suggest which table I should look into to resolve this issue.



Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

2 Answers

  • Feb 27, 2017 at 07:10 PM

    Are you saying the program updates standard tables directly? That doesn't seem like a good idea and would get you in a lot of trouble with audit.

    There are many SCN posts on how to update user information programmatically. In SU01, when the initial password has expired, you have to specify a new password. Sometimes the user could also be locked (e.g. due to too many login attempts) and SU01 might not tell you that at once. There could also have been system-wide changes for the password requirements, who knows? Are you using GRC? Solution Manager?

    I believe you need to do some research on how to write such programs properly and then do that. Get a system admin to reset the password in the meantime.

    Add comment
    10|10000 characters needed characters exceeded

  • Feb 28, 2017 at 06:40 AM

    Forget it. There are solutions for uplifting authorisations temporarily). I suggest you suggest to your management to get one of these.

    Updating USR02 directly is an astoundingly bad idea, especially as SAP may change the hashing algorithm at any moment.

    Add comment
    10|10000 characters needed characters exceeded