Skip to Content
-1

How to catch the IP address of user who is netering worng pasword more than 3 times?

Apr 18, 2017 at 11:48 AM

448

avatar image

Hello all,

user is getting locked if he/she enters wrong password more than three times,

in our organization we have a user called SAP**** which can accessed by an end user,

sometimes the user is getting locked because some one is entering wrong password more than 3 times(i think intentionally),,

how do i catch who is entering wrong password ,

is there any FM or Table by which i can find the IP of that user..

thanks in advance...

10 |10000 characters needed characters left characters exceeded

"netering worng pasword" ?

No wonder user is rejected ...

6

I do wonder if I can be bothered tohelp people who themselves can't be bothered to quickly check what they've written before posting.

2

Matthew Billingham writes:

"I do wonder if I can be bothered to people who themselves can't be bothered to quickly check what they've written before posting."

I will assume this was intended as part of the joke and not correct you, MB! haha

2

All I can say is... thank goodness for moderator enhanced privileges!

0

And you STILL didn't correct it! hahahahaha

0

Incremental improvements! :-D

1
* Please Login or Register to Answer, Follow or Comment.

8 Answers

Best Answer
Kiran K Apr 18, 2017 at 11:58 AM
0

Vinay,

Did you checked the FM TH_USER_INFO ?

Info related to no.of failed logon attempts, you can get it from USR02-LOCNT.

Info on whether a User ID got locked or not, you can get it from USR02-UFLAG.

Info related to latest terminal details of a User login, you can get it from USR41-TERMINAL.

K.Kiran.

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi kiran,

thanks for your reply,

yes i have checked it, but contains the details of the user who logged just recently,

but how do we find because of whom the the user has been locked(i.e how entered the wrong password)..

logi1.jpg (52.6 kB)
0
Nicolas VANDER AUWERA Apr 18, 2017 at 02:03 PM
2

Hello,

Did you checked transactions SM21 or SM20 ? When a dialog user has been locked due to incorrect logon, an entry is registered in these transactions. The user's terminal is mentionned.

Regards,

Nicolas

Share
10 |10000 characters needed characters left characters exceeded
Christopher Solomon
Apr 18, 2017 at 02:10 PM
2

"in our organization we have a user called SAP**** which can accessed by an end user"

So you are saying you have multiple people (all end users?) sharing a single SAP user account?

Show 2 Share
10 |10000 characters needed characters left characters exceeded

I hope SAP legal department does not browse SCN...

2

"oh la la" sounds like Diageo :)

0
Prithviraj Rajpurohit Apr 18, 2017 at 02:16 PM
1

Hi Vinay,

You can check the details of terminal in tcode STAD but, this depends on the how much old data is retained in your system.

Else the only way is by enabling auditing in the system (tcode SM19) and check the logs in SM20.

USR41-TERMINAL will only give the details of current user.

Regards

Prithviraj

Share
10 |10000 characters needed characters left characters exceeded
Harish Karra Apr 24, 2017 at 10:56 PM
1

in our organization we have a user called SAP**** which can accessed by an end user

Sharing a generic account by many people is a license violation, First go and fix it. You can take a look at audit logs (SM20) to identify the terminal Id from which this Id got locked. But for this you need to have audit log enabled in your system.

Regards,

Harish Karra

Share
10 |10000 characters needed characters left characters exceeded
Raghu Boddu Apr 28, 2017 at 06:47 AM
1

1. What is the purpose of the user ID?

2. Why it is shared with multiple people (It's against the SAP rules of usage). Shared ID is never recommended.

Further, SM20 audit logs will only give you the information when the audit log is enabled. It is never a recommendation to set audit log if the ID is extensively used especially when the activity of the user is high.

For your requirement, I advise to have one custom program developed to find out the login/logout time and the user terminal along with the lock status. There is no standard report available.

Regards, Raghu Boddu

Share
10 |10000 characters needed characters left characters exceeded
Bruce Tjosvold May 01, 2017 at 08:59 PM
1

Couldn't you could do an implicit enhancement in SAP's code where that logon failure message is coming from, adding any code you need? This seems like a very reasonable use of implicit enhancement.

Buce

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Buce,

Agree that creating an IMPLICIT Enhanement is much easier wherever it is possible to create one.But,imho it should not be the option for every custom requirement within the Standard Process flow.Developer should be judicious before creating an Implicit Enh.

To my knowledge,I don't see any need here to interfere with the Standard Process flow by creating an Implicit enhancement.Awaiting experts to Opine.

K.Kiran.

0
Matthew Billingham
Apr 18, 2017 at 02:06 PM
0

What is the nature of the account you suspect is being hacked? Is it used only by a single named person, or is it used to access a service provided on your SAP system - via RFC for example?

Share
10 |10000 characters needed characters left characters exceeded