2007 May 17 12:44 PM
Hi Friends,
I need some information to find who locked a particular account.
Generally we can able to see userid with the same user name.
But here I need from which system they tried to login in to SAP system when user id is locked.
Can any one give me useful suggestion to find system information.
Thanks in advance
Jayakar Reddy
2007 May 17 1:50 PM
Hi,
If you want to see the information for who has locked the account, go to change documents of that locked user through transcation code suim and go to the tab selection criteria for the changed header data and select the adminstrator lock set and execute the report. Now you can check the person who has locked the account.
Cheers,
Bharath.
2007 May 17 1:50 PM
Hi,
If you want to see the information for who has locked the account, go to change documents of that locked user through transcation code suim and go to the tab selection criteria for the changed header data and select the adminstrator lock set and execute the report. Now you can check the person who has locked the account.
Cheers,
Bharath.
2007 May 17 1:56 PM
Hi
You Can chick this via SUIM -
>User----->With unsuccessful logon
and SU01---->User name ->Display---->Last changed on
Rewards point if helpful
Thanks
Pankaj Kumar
2007 May 17 2:39 PM
Hi
This give s us who are all locked & But what i need is from which system this user got locked, ip address/System name.
Regards
JR
2007 May 18 7:52 AM
Hi Jayakar,
If I understand what you were looking for correctly.
You wanted to know the terminal or the computername from where the User locking activity was performed.
For this First go to
SUIM Change Documents for Users and Get the User ID (say Y) information of the person who locked the specific user 'XXXX'.
Now go to STAT and give the Transaction Code as SU01 and User ID Y obtained from SUIM and run the report and on the report output select "Task and memory information" related button names "Task/Mem".
You can get the details of the Terminal ID.
Hope this helps
Manohar
2007 May 18 2:18 PM
Hi Manohar,
Thanks for your information.
I even still can not find what exactly i need.
When we try to enter in to SAP, if user is locked by incorrect logons, it shows in SUIM/Change documents as T.Code KRNL.
When I search with this it is not showing any records.
Any way thankyou very much.
Regards
Jayakar Reddy
2007 May 18 2:56 PM
Hi Jayakar,
First of all you can use the Security Audit Log (note 139418) in this case.
If these are RFC logons please have a look at note 171805, which gives information how to log logon attempts.
Last but not least you can find out the workprocess in which the attempt happended within the syslog. And then you can have a look into the corresponding tracefile in transaction ST11. There you can find the name of the terminal from which the attempt came.
Hope this information is helpful for you.
Kind regards,
Claudia
2007 May 22 11:50 PM
Try SM21. Remember you need to chose system log from all remote systems if you have more than one app servers. (System Log -> Choose -> All...)
Since you have the time and date when this happen, you can narrow your search. Double click on the result, it will bring you to the detail screen, it should show the terminal the user is login from.
Have fun.
Lye
2007 May 17 3:07 PM
Hi jayakar,
In the change documents for the locked user there is a column called T.code, if the transcation code is su01 than that particular user is locked from that system and if the T.code is other than SU01like KRNL, than that user is locked from the parent system. Hope this solves your problem.
Cheers,
Bharath.