Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

User account Lock through which system

Former Member
0 Kudos
948

Hi Friends,

I need some information to find who locked a particular account.

Generally we can able to see userid with the same user name.

But here I need from which system they tried to login in to SAP system when user id is locked.

Can any one give me useful suggestion to find system information.

Thanks in advance

Jayakar Reddy

1 ACCEPTED SOLUTION

Former Member
0 Kudos
443

Hi,

If you want to see the information for who has locked the account, go to change documents of that locked user through transcation code suim and go to the tab selection criteria for the changed header data and select the adminstrator lock set and execute the report. Now you can check the person who has locked the account.

Cheers,

Bharath.

8 REPLIES 8

Former Member
0 Kudos
444

Hi,

If you want to see the information for who has locked the account, go to change documents of that locked user through transcation code suim and go to the tab selection criteria for the changed header data and select the adminstrator lock set and execute the report. Now you can check the person who has locked the account.

Cheers,

Bharath.

former_member190272
Active Contributor
0 Kudos
443

Hi

You Can chick this via SUIM -


>User----->With unsuccessful logon

and SU01---->User name ->Display---->Last changed on

Rewards point if helpful

Thanks

Pankaj Kumar

0 Kudos
443

Hi

This give s us who are all locked & But what i need is from which system this user got locked, ip address/System name.

Regards

JR

0 Kudos
443

Hi Jayakar,

If I understand what you were looking for correctly.

You wanted to know the terminal or the computername from where the User locking activity was performed.

For this First go to

SUIM Change Documents for Users and Get the User ID (say Y) information of the person who locked the specific user 'XXXX'.

Now go to STAT and give the Transaction Code as SU01 and User ID Y obtained from SUIM and run the report and on the report output select "Task and memory information" related button names "Task/Mem".

You can get the details of the Terminal ID.

Hope this helps

Manohar

0 Kudos
443

Hi Manohar,

Thanks for your information.

I even still can not find what exactly i need.

When we try to enter in to SAP, if user is locked by incorrect logons, it shows in SUIM/Change documents as T.Code KRNL.

When I search with this it is not showing any records.

Any way thankyou very much.

Regards

Jayakar Reddy

0 Kudos
443

Hi Jayakar,

First of all you can use the Security Audit Log (note 139418) in this case.

If these are RFC logons please have a look at note 171805, which gives information how to log logon attempts.

Last but not least you can find out the workprocess in which the attempt happended within the syslog. And then you can have a look into the corresponding tracefile in transaction ST11. There you can find the name of the terminal from which the attempt came.

Hope this information is helpful for you.

Kind regards,

Claudia

0 Kudos
443

Try SM21. Remember you need to chose system log from all remote systems if you have more than one app servers. (System Log -> Choose -> All...)

Since you have the time and date when this happen, you can narrow your search. Double click on the result, it will bring you to the detail screen, it should show the terminal the user is login from.

Have fun.

Lye

Former Member
0 Kudos
443

Hi jayakar,

In the change documents for the locked user there is a column called T.code, if the transcation code is su01 than that particular user is locked from that system and if the T.code is other than SU01like KRNL, than that user is locked from the parent system. Hope this solves your problem.

Cheers,

Bharath.