05-28-2009 4:41 PM
Hi
Is there a program which can be used to lock/unlock users based on user group or other criteria at specific date & Time?
I want to lock specific number of users on 05/30/2009 at 10:00 am. When I run a program, it should kick out the user if the user is logged in SAP and then block him.
Help is appreciated.
05-28-2009 5:13 PM
Don't make this complicated. You can easily do this by SU10 (as much as users you want).
Regards,
Dipanjan
05-28-2009 4:53 PM
I am not very sure about specific date and time automatically.
but for locking users you can use tcode EWZ5
05-28-2009 5:13 PM
Don't make this complicated. You can easily do this by SU10 (as much as users you want).
Regards,
Dipanjan
05-28-2009 5:28 PM
Yes,,.. This is a good way.. infact it becomes easier by SU10 if users are selected based on user groups.
05-28-2009 5:39 PM
05-28-2009 9:15 PM
> ... on 05/30/2009 at 10:00 am.
You can use network security for this - for example a using SAP router or web dispatcher via which the users have to access the server network.
Locking the user is not very usefull if they are already logged on.
Restricting the validity of their roles / accounts might be more effective though...
Cheers,
Julius
05-29-2009 6:23 AM
Hi
Both the options of user lock is right with the help of Su01 or EWZ5 .
You can set the validity befor hand as replied by Julius Secondly you can also try to make a program from LSMW not sure just check out once.
Thx
Shilpa
05-29-2009 6:55 AM
Hi,
EWZ5 transaction we can lock/unlock mass users.EWZ5Choose userwe have to tick the users which account you want to be not locked--then click on lock user.
SU10 also we can lock the mass users.
Regards,
Asif
05-29-2009 7:38 AM
Okay, I think we have EWZ5 well covered from all sides now.
Lets wait for Tridev to follow-up on the 10:00 a.m. part of the requirement.
Cheers,
Julius
05-29-2009 2:11 PM
Thanks all of you for the response. I decided to create a Z program which will have selection by user ID, user Group, Department etc. We will schedule this job to run at 10:00 am. This program will use FM THUSRINFO to get the list of all users (Only Dialog Users and valid users. Expiry date is blank) who're logged on to the system based on the section on selection screen of program and then will call FM TH_DELETE_USER to log them off and then it will lock these users.
This program will then update a Z table with userids, date and time locked.
The second part of this program when executed with option Unlock users on selection screen will get userids from the custom table and unlock them.
The selction screen will have following selections.
Selection
UserID
User Groups
Cost centers
CheckBox:
Lock
UnLock
Again thanks everyone.
06-03-2009 12:47 PM
>
> Thanks all of you for the response. I decided to create a Z program which will have selection by user ID, user Group, Department etc. We will schedule this job to run at 10:00 am. This program will use FM THUSRINFO to get the list of all users (Only Dialog Users and valid users. Expiry date is blank) who're logged on to the system based on the section on selection screen of program and then will call FM TH_DELETE_USER to log them off and then it will lock these users.
> This program will then update a Z table with userids, date and time locked.
> The second part of this program when executed with option Unlock users on selection screen will get userids from the custom table and unlock them.
>
> The selction screen will have following selections.
>
> Selection
> UserID
> User Groups
> Cost centers
>
> CheckBox:
>
> Lock
> UnLock
in case you have more than one instance on your system (e. g. several application servers) you might want to check to which machine the user is logged on. search for another TH- function module doing that for you (i am not willing to talk about taskhandler functions in a public forum).
if you are running IDOCs or RFC-processes with other systems, web-applications etc etc make sure you are not logging of any RFC processes/users. also, the posting process might call sub-processes with the same userID - i wouldn't dare to use the task handler function to kill one of those. risky if you are forcing a DEQUEUE_ALL without having the process under control. so you might want to look for another TH function module giving you a clue whether you are dealing with a RFC or an actual GUI-login. kick only the GUI-ones.
05-29-2009 8:10 PM
05-30-2009 4:23 AM
HII,
The users can be locked based on user group can be done by using tcode ewz5
but locking here works in reverse manner do not select the user which u want to lock
and click on lock button..........
Thanks and regards..............
05-30-2009 9:12 AM
Please see the other answers before giving the same answer again....
> ...locking here works in reverse manner...
What has not been discussed yet, is that users who prior were already locked should not be unlocked again when the system is made available.
Perhaps that is what you meant? That is a valid concern which should not be overlooked. I just assumed that is what Tridev is using the User Group (e.g. "RETIRED") for.
Cheers,
Julius
05-31-2009 1:46 AM
05-31-2009 11:07 AM
the problem with SU10 is that it won't do: "it should kick out the user if the user is logged in SAP"
SU10 can also be a bit patchy when locking thousands of users.
03-18-2015 12:51 PM
07-24-2015 9:40 AM
07-27-2015 8:48 AM
03-20-2021 10:32 PM
I could not get it how to work with user groups in EWZ5 / EWULKUSR.
It would be cool, if someone could explain it. Thanks!
03-24-2021 7:20 AM
Hi Symon,
I'd recommend to follow the steps described in SAP Note "2050677 - Steps to shutdown a complete system":
Step 4: Restrict logon to selected users
Report: RLFW_SD_DISABLE_LOGON
Severity: Obligatory
[...]
This part of the SAP Notes references and makes use of the functionaltity described in SAP Note "1891583 - Restricting logon to the application server".
Best regards,
Jens
SAP SE | Product Management for downtime-optimization
03-22-2021 11:08 AM
Hello,
quite old thread coming up here again...
Click on "Choose user", then mark the users that should be excluded from the function "Lock user". Then click on "Save". After that with "Lock user" all others can be locked.
EWZ5 is quite old, made for the EURO conversion in 2001. To be honest, I don't think that it is advisable to still use this obsolete tool and would like to forward you to the SU10 transaction (like many others here did).
03-07-2023 7:18 AM
The transaction EWZ5 was delivered in connection with the euro changeover, for more information, see note511956-EWK5: Locking subsequently created users and note1263473 - EWZ5/EWZ6: Authorization default missing
You should use here SU10.
The tr. EWZ5 is reserved for Currency Conversion processes.
Please do not use the transaction EWZ5 for other purpose, unless you carry a Local Currency Changeover. This is the recommendation of the development.
Btw, i am also looking for an alternate program/FM or a logic to develop a program to use for locking and unlocking users in a client, including in a CUA client. In CUA client, it should not consider the CUA users, should only consider local users. anybody has any thoughts, please share.
By
Rajesh Mavila Veedu