Skip to Content
avatar image
Former Member

How to Block all the users at table level

Dear all,

Please guide how to block the users at table level so that they can't login to sap system

or which table we have to modify to block all the users.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Jan 10, 2008 at 08:03 AM

    You need to look at table USR02 field UFLAG. There is plenty of sample code if you do a google on terms USR02 and lock

    You can also use EWZ5 to do mass locks in R/3 systems

    I would be very careful using either

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 10, 2008 at 09:02 AM

    other options is to remove/block conections in the network, that is less work and also less dangerous.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 10, 2008 at 09:24 AM

    Hi

    There are many ways exist in the SAP to lock / unlock users,

    You can use SU10 (Mass user maintenace) to lock / unlock client,

    EWZ5 easier than then SU10

    Also, you can lock / unlock the client instead of locking users by the above t-codes, the executing the below functions by the SE37. then no users will be allowed to login to SAP instead of sap* / ddic.

    SE37..

    SSCR_LOCK_CLIENT

    SSCR_UNLOCK_CLIENT

    Regards

    Anwer Waseem

    SAP BASIS

    Edited by: Anwer Waseem on Jan 10, 2008 11:25 AM

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 14, 2008 at 12:01 PM

    Is there any way to lock the user to login with only specific terminal( Windows system hostname)????

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi,

      Ask ur network ppl to block port number 32<Instance Number> on Application Server for the terminal on which u want to block access.

      Regards,

      Mofizur

  • avatar image
    Former Member
    Jan 16, 2008 at 11:46 AM

    Hi,

    below are the different options for locking the users:

    Use SU10 to mass lock/unlock the users.

    Use address data or authorisation data to get a list of users - select the ones you want and

    click transfer.

    Once this is done click on lock or unlock.

    You can also use transaction code EWZ5 to mass lock/unlock the users

    or

    Execute program EWULKUSR in SE38

    or

    Set a profile parameter (login/failed_user_auto_unlock) to unlock at midnight the locked users.

    or

    Here's an ABAP code, short and simple, isn't it?

    REPORT zreusrlock.

    DATA: time_limit TYPE sy-datum.

    DATA: days TYPE i VALUE 40.

    time_limit = sy-datum - days.

    UPDATE usr02 SET uflag = 64 WHERE trdat <>

    If you don't want to specify the time in the program, you can use SE38 to schedule it as a daily background job with the date and time.

    or

    Probably the easiest way would be to write a sqlplus SQL script that sets all the UFLAG fields in table USR02 to 64 EXCEPT for the BNAMEs you don't want locked. When you are done, you can do the same again but change the UFLAG field to 0.

    The SQL statement would look like:

    update SAPR3.USR02 set UFLAG = 64 where MANDT = and BNAME !=

    AND BNAME != ;

    You can replace != with <> if you want. To run this from an OS command line, you would type:

    Unix/Oracle 8---> sqlplus internal @

    NT/Oracle 8.0---> plus80 internal @

    NT/Oracle 8.1---> sqlplus internal @s

    Unix/Oracle 9:--> sqlplus /nolog @

    NT/Oracle 9-----> sqlplus /nolog @

    In UNIX you can cron the script to schedule it. In NT you can schedule it as a task.

    Add comment
    10|10000 characters needed characters exceeded