Hello Kiran,

I think tp unlocksys <SID> pf=//usr/sap/trans/bin/TP_DOMAIN_<SID>.pfl; will unlock users at the databse level rite?Do i directly need to write this command at the command prompt level for unlocking users at the databse level ?

Do i need to type this complete command :

UPDATE SAP<schema>.usr02 set uflag=0 where mandt=<CLNT NO> and uflag=64;

In this SQL statement schema refers to SAP System ID na?

Wts mandt field here and why do i need to write uflag=64 ?

One more thing i want to ask you :

In one of the forums where i raised this question ,one person replied :

<b>i guess u have locked all users including sap* and logged out. ie., no more login with sap* also.

in this case,

goto DB level and delete sap* user.

and try to login sap* with default password.

then unlock all users.</b>

My question over this is :

<b>U r telling to delete the SAP* user ,u dont mean with the System created default user SAP* rite but u mean to delete our self created SAP*/any super user rite? Secondly how to delete tat user at the database level?</b>

Can u plz revert back to these queries? i know its many queries but tat wll help me in clearly understanding the concept and awarding u points. It shall be really kind of u to revert back to all queries in this.

Requested to revert at earliest.

Regards,

Saumya

Hi,

Just hold

Dont delete anything.

SAP<SCHEMA>.USR02 it means

just SAP<SID>.USR02.

the name of the schema and your sid will be same.

ex sapd01.usr02.

While installation the schema is created according to the SID so dont confuse

Go to cmd prompt.

sqlplus /nolog

conn /as sysdba

This will take you to the sqlprompt.

Just execute the earlier commands there.

sqlplus>update sap<sid>.usr02

set uflag=0 where mandt=<client no>;

sqlplus>commit;

client means 100/200/whatever is applicable in yr case.

NB: carryout these in the server where your database resides.

Regards

Hello Manas,

Two of my queries still remained unanswered.

1. tp unlocksys <SID> pf=//usr/sap/trans/bin/TP_DOMAIN_<SID>.pfl; will unlock users at the databse level rite?Do i directly need to write this command at the command prompt level for unlocking users at the databse level ?

2.In one of the forums where i raised this question ,one person replied :

i guess u have locked all users including sap* and logged out. ie., no more login with sap* also.

in this case,

goto DB level and delete sap* user.

and try to login sap* with default password.

then unlock all users.

My question over this is :

U r telling to delete the SAP* user ,u dont mean with the System created default user SAP* rite but u mean to delete our self created SAP*/any super user rite? Secondly how to delete tat user at the database level?

Iam not asking this question for deleting SAP* user but asking it for understanding wt he exactly meant and wt is the procedure to delete a user at the database level ?

This shall help me in understanding the concept.

Plz revert at earliest so tat i can reward u points.

Regards,

Saumya

Hi,

1. The tp lock and tp unlock command locks or unlocks the SID as a whole u have to write this on cmd prompt.This deprives all the users from logging into the specific SID.

But the SQL commands (the other option) u have to execute in SQL prompt by logging to sqlplus and connecting to database.

2.Case two is the client may not be locked but the users are locked, in that case u have to unlock at the database level . I have described u already how and why users get locked.

3. Am not telling to delete sap* .Why it was told by someone is due to the reason that u cant delete the sap* user. Whenever u delete the sap* user it again gets recreated with the default password. Most prob this is why he asked to delete the sap* user. I doubt whether it will get unlocked by this means.Moreover there can be only one sap* user u cannot creat the same .

Every sap installation has two users by default sap* and ddic with default password 06071992 and 19920706. Regarding deleting a user from database level it is never prescribed as it contains link to several database tables and it will not be possible to remove traces from each tables manually. So we do it via sap tcode which takes care of these.

For understanding the concepts u need to follow the materials privided by sap.

Hope this clarifies some of your doubts

Regards

Message was edited by:

Manas Pattnaik

Thnx Manas ,want to assign u points but not able to ,its not showing tat option,how to do tat?

If u feel comfortable with reverting,just shall appreciate three more answers frm you:

1. U meant with the SAP* standard user whose password we change and if we delete it ,it gets recreated with default password rite ?

2. Wt is the rite option to go for after standard installation , to disable standard SAP* user / to change its password and wts the procedure for doing tat?

3. In client command tp unlocksys <SID> pf=//usr/sap/trans/bin/TP_DOMAIN_<SID>.pfl ,nowhere is client mentioned ,then how is tat particular client identified ,is it in TP_DOMAIN_<SID>.pfl ?

Dont forget to revert on how to reward u points ?

Regards,

Saumya

Hi,

1.Right

2.Change the default password of sap* and ddic via tcode su01 in the Logon Data tab in edit mode and save.

3.Tht was a mistake. It locks the SID . Have rectified tht.

4. To award points tick the option buttons against the replies in the left hand side mentioned as Resolved; Helpful answers etc.

For more inf on tp commands follow

http://help.sap.com/saphelp_45b/helpdata/en/3d/ad5b744ebc11d182bf0000e829fbfe/content.htm

Regards

Thnx for ur reply.

1.I was asking u abt the procedure to disable standard SAP* user and Wt is the rite option to go for after standard installation ,to disable standard SAP* user / to change its password and wts the procedure for doing tat?

2.k so it locks all the clients in any standard installed SAP SID ie 090,000 and 066 or any particular one?

3. no option button to award points is appearing here ,can u plz check and confirm,Administrator plz check tat.

Thanx for ur help link.

Regards,

saumya

1.It has to be there .

To change pwd go to tcode su01--->put the user name>click edit mode>go to Logon data tab--->put the new pwd and save.

2.All clients in the sid.

3.Its ok. Logoff once and then login it may appear. Otherwise its ok.

By the way (one personal ques)what do u do?

Regards

Again repeating not asking the procedure to chnge password of a user ,i know tat,iam asking procedure to disable SAP* user .According to u the recommended option after standard SAP Installation is to change SAP* standard user password and not to delete it.........rite?

Ill check out by logging off and logging in again?

regards,

Saumya

Sorry correcting my mistake in the earlier message _ Message again -

Again repeating not asking the procedure to chnge password of a user ,i know tat,iam asking procedure to disable SAP* user .According to u the recommended option after standard SAP Installation is to change SAP* standard user password and not to <b>disable</b> it.........rite?

Ill check out by logging off and logging in again?

regards,

Saumya

Thnx Kanti

hello somya,

You can delete sap* and also restrict sap*

!.Deleting sap* : -goto sqlplus prompt and give the command

DELETE SAP<SID>.usr02 where mandt='CLIENT.NO' and bname=SAP*;

after doing this restart the system.so, that a new user with the name "sap*" gets generated with password "pass".

2.To disable sap* we do have a parameter

<b> login/no_automatic_user_sapstar= 0: Automatic user SAP* is permitted

1: Automatic user SAP* is deactivated</b>

Regards,

Kanthi.D

hi manas

i have a question

created new password in t.c. su01.

go to the sap log on

entered the new password

after entering the password

a pop up screen displayed with contents new password and repeat password though i was already created the new password

i want to supress ths pop up screen so tht pop up screen ll nt displayed after entering my new password

how do i do???