Question: Can anyone help?
In our Earlywatch system (066), the earlywatch and sap* accounts have been locked and no-one knows the passwords. Is there any way I can unlock these user accounts via another SAP client or would the DBA guy have to unlock the accounts at the database level.
Help.........urgent
Thanks
Answer:
Rather use the DB guy than have someone post the solution here!
Otherwise, post your email address.
Ned
Answer:
Use your Database Tools. In MSSQL:
RUN THE FOLLOWING IN THE 'SID' DATABASE QUERY ANALYZER:
select * from USR02 where MANDT='000'
update USR02 set UFLAG=0 where BNAME='SAP*' and MANDT='000'
Or
Use ABAP code:
Or disable parameter login/no_automatic_user_sap_star (value 0)
delete sap* user
recycle system, sap* auto created with default password.
Best method. Create an ABAP program that can only be run by a superuser specified for the purpose, add the superuser to the filters in security audit logs to log usage, use this user to run the program once a month to unlock and reset pw for your SAP standard users in all clients.
Maintaining this consistant security method ensures a consistant auditble method of keeping these users secured and logged without various SAP support people having to resort to radical methods to enable them when the pw are forgotten due to being different in every client. Having a defined and documented maintenance method that is enforced with a check list or other reportable control will serve to keep these users from being abused, and at the same time serve their designed purpose when needed without unnecceary delays due to having to "fix" them when they are needed.
_________________
Gary Morris
SAP Security Analyst/Developer
garymorris@sapsecurity.net
Answer:
Please do not use URGENT in your topic title.
If it's really urgent, open an OSS message at SAP with priority VERY HIGH. They will answer you within 30 minutes... or they will tell you like me that your problem is not urgent!
is your production server down? nope!
Next time, please read Basic rules...
topic is locked
SAP* locked in client 066
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment