Skip to Content
-1

How to catch the IP address of user who is netering worng pasword more than 3 times?

Hello all,

user is getting locked if he/she enters wrong password more than three times,

in our organization we have a user called SAP**** which can accessed by an end user,

sometimes the user is getting locked because some one is entering wrong password more than 3 times(i think intentionally),,

how do i catch who is entering wrong password ,

is there any FM or Table by which i can find the IP of that user..

thanks in advance...

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

8 Answers

  • Best Answer
    Apr 18, 2017 at 11:58 AM

    Vinay,

    Did you checked the FM TH_USER_INFO ?

    Info related to no.of failed logon attempts, you can get it from USR02-LOCNT.

    Info on whether a User ID got locked or not, you can get it from USR02-UFLAG.

    Info related to latest terminal details of a User login, you can get it from USR41-TERMINAL.

    K.Kiran.

    Add comment
    10|10000 characters needed characters exceeded

    • Hi kiran,

      thanks for your reply,

      yes i have checked it, but contains the details of the user who logged just recently,

      but how do we find because of whom the the user has been locked(i.e how entered the wrong password)..

      logi1.jpg (52.6 kB)
  • Apr 18, 2017 at 02:03 PM

    Hello,

    Did you checked transactions SM21 or SM20 ? When a dialog user has been locked due to incorrect logon, an entry is registered in these transactions. The user's terminal is mentionned.

    Regards,

    Nicolas

    Add comment
    10|10000 characters needed characters exceeded

  • Apr 18, 2017 at 02:10 PM

    "in our organization we have a user called SAP**** which can accessed by an end user"

    So you are saying you have multiple people (all end users?) sharing a single SAP user account?

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Apr 18, 2017 at 02:16 PM

    Hi Vinay,

    You can check the details of terminal in tcode STAD but, this depends on the how much old data is retained in your system.

    Else the only way is by enabling auditing in the system (tcode SM19) and check the logs in SM20.

    USR41-TERMINAL will only give the details of current user.

    Regards

    Prithviraj

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Apr 24, 2017 at 10:56 PM

    in our organization we have a user called SAP**** which can accessed by an end user

    Sharing a generic account by many people is a license violation, First go and fix it. You can take a look at audit logs (SM20) to identify the terminal Id from which this Id got locked. But for this you need to have audit log enabled in your system.

    Regards,

    Harish Karra

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Apr 28, 2017 at 06:47 AM

    1. What is the purpose of the user ID?

    2. Why it is shared with multiple people (It's against the SAP rules of usage). Shared ID is never recommended.

    Further, SM20 audit logs will only give you the information when the audit log is enabled. It is never a recommendation to set audit log if the ID is extensively used especially when the activity of the user is high.

    For your requirement, I advise to have one custom program developed to find out the login/logout time and the user terminal along with the lock status. There is no standard report available.

    Regards, Raghu Boddu

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    May 01, 2017 at 08:59 PM

    Couldn't you could do an implicit enhancement in SAP's code where that logon failure message is coming from, adding any code you need? This seems like a very reasonable use of implicit enhancement.

    Buce

    Add comment
    10|10000 characters needed characters exceeded

    • Buce,

      Agree that creating an IMPLICIT Enhanement is much easier wherever it is possible to create one.But,imho it should not be the option for every custom requirement within the Standard Process flow.Developer should be judicious before creating an Implicit Enh.

      To my knowledge,I don't see any need here to interfere with the Standard Process flow by creating an Implicit enhancement.Awaiting experts to Opine.

      K.Kiran.

  • Apr 18, 2017 at 02:06 PM

    What is the nature of the account you suspect is being hacked? Is it used only by a single named person, or is it used to access a service provided on your SAP system - via RFC for example?

    Add comment
    10|10000 characters needed characters exceeded