|We have a user, manager, it crashes constantly by someone and locked
key test for failed attempts, Can I know who is the person trying to enter
another user and blocks?
Turn on Security Audit Logging using SM19, and review the audit logs using SM20. Use a filter to log everything available for a particular user id. Analyze the logs in SM20 for that user ID.
Pay attention to the terminal being used. If you see more than one terminal, it could be someone else trying to use the id. Also depending on what the application is for, it might be necessary to change the user ID to type System to resolve locks or expired passwords for a non-dialog user in some cases.
Specifically when a non SAP application is able to change the pw of a non dialog id. There is documentation on setting up SAP Security audit logs. It is not difficult. You can even have a CCMS log agent email you in real time if log entries are showing up in the audit logs for that ID and catch the person in the act or identify the underlying cause.
You should also consider reviewing RFC logs. Turn up the verbosity of
the trace and you can see alot of details when the id is being used in
SAP Security Audit Logs
SAP R/3 supports an internal auditing system, called the Security Audit Log. Each SAP application server maintains a daily audit file. You can specify the name and location of the Security Audit Log using the rsau/local/file profile parameter.
To activate the internal audit system, set the audit log parameters as described in the following table :
Audit Log parameter settings Audit Log Parameter Set value to...
This example shows a valid path and filename:
This example shows an invalid path and filename; the filename does not
include a datepart:
This example shows an invalid path and filename; the filename includes
a file extension:
After you set the audit log profile parameters, start transaction SM19 to specify which events to log in the Audit Security Log.
Get help for your Basis problems
SAP Basis Tips
Administration In SAP - Sapgui, Unix, SAP ITS, Router, Client Copy and IDES
All the site contents are Copyright © www.erpgreat.com
and the content authors. All rights reserved.