How to Create a SAP User
Step 1) Execute T-code SU01
Step 2)
1. Enter Username which you want to create.
2. Click the create button
Step 3) In the next screen
1. Click the Address tab.
2. Enter Details.
Step 4) Choose the user type in Logon Data tab.
There are 5 types of users in sap:-
1. Dialog user :- Normally it is used for interactive system access from GUI (used for human users)
2. System user:- Normally it is used for Background processing, communication within a system.
3. Communication user:- It is used for external RFC calls.
4. Service user :- Dialog user available to a larger, anonymous group of users.
5. Reference user :- General, non-person related users that allows the assignment of additional authorizations.
Example: Internet users created with transaction SU01. No logon is possible.
Step 5) Type the initial password for 2 times.
On first logon of the new user , system will ask to re-set the password.
Step 6)
1. Select the roles tab
2. Assign roles as per requirements
Step 7)
1. Select the profiles tab
2. Assign profiles as per requirements
You can assign SAP_ALL and SAP_New profile to user for full authorization.
• SAP_ALL:You assign this profile to users who are to have all R/3 authorizations, including super-user authorization.
• SAP_NEW:You assign this profile to users who have access to all currently unprotected components. The SAP_NEW profile grants unrestricted access to all existing functions for which additional authorization checks have been introduced. Users can therefore continue to work uninterrupted with functions which are subject to new authorization checks which were not previously executed.
Step 8)
1. Press save
2. Then the back button (F3) button
User will be created.
How to Lock/Unlock a User in SAP.
Locking a user
Purpose of locking user is to temporarily deactivate the users so that they cannot longer access the system.
Users can be locked in 2 ways:-
• Automatically
• Explicitly/Forcefully
Automatically:- There are two possibilities when users get lock automatically,
• Maximum number of failed attempts:- controlled via the parameter login/fails_to_user_lock .If value is set to 3 it means after 3 failed attempts user will be locked.
• Auto unlock time:- "login/failed_user_auto_unlock" defines whether user locked due to unsuccessful logon attempts should be automatically removed at midnight.
Explicitly/Forcefully: We can lock and unlock users in 2 ways-
1. Lock single user (SU01)
2. Lock multiple user (SU10)
Procedure to lock a single user
Step 1) Execute T-code SU01
Step 2) Enter username in User field.
Step 3) Press Lock/Unlock button
Step 4) In the next screen, Press Lock button again to lock the user.
Procedure to lock multiple users
Step 1) Execute T-code SU10
Step 2) Enter users' username in User field and Press Lock/Unlock button
All the users listed will be locked
Procedure to unlock a user
Step 1) Execute T-code su01
Step 2) Enter username in User field.
Step 3) Press Lock/Unlock button and Press Unlock button
Procedure to unlock multiple users
Step 1) Execute T-code SU10
Step 2) Enter users' username in User field and Press Unlock button
Users will be unlocked.
How to Limit Logon Attempts in SAP
Before we learn to limit logon attempts we need to know parameter -
How to set Password Restrictions in SAP
You can use the following system profile parameters to specify the minimum length of a password and the frequency with which users must change their password.
• login/min_password_lng: minimum password length.
Default value: Three characters. You can set it to any value between 3 and 8.
• login/password_expiration_time: number of days after which a password expires
To allow users to keep their passwords without limit, leave the value set to the default 0.
Specifying Impermissible Passwords
You can prevent users from choosing passwords that you do not want to allow. To prohibit the use of a password, enter it in table USR40. You can maintain table USR40 with Transaction SM30. In USR40, you can specify impermissible passwords generically if you want. There are two wildcard characters:
1. ? stands for a single character
2. * stands for a sequence of any combination characters of any length.
123* in table USR40 prohibits any password that begins with the sequence "123."
*123* prohibits any password that contains the sequence "123."
AB? prohibits all passwords that begin with "AB" and have one additional character: "ABA", "ABB", "ABC" and so on.
To set restriction for password follow the below procedure:-
Step 1) Execute T-code SM30.
Step 2) Enter the table name USR40 in "Table/View" field.
Step 3) Click Display button.
Step 4) Enter password expression string.
That's it to password management!
Step 1) Execute T-code SU01
Step 2)
1. Enter Username which you want to create.
2. Click the create button
Step 3) In the next screen
1. Click the Address tab.
2. Enter Details.
Step 4) Choose the user type in Logon Data tab.
There are 5 types of users in sap:-
1. Dialog user :- Normally it is used for interactive system access from GUI (used for human users)
2. System user:- Normally it is used for Background processing, communication within a system.
3. Communication user:- It is used for external RFC calls.
4. Service user :- Dialog user available to a larger, anonymous group of users.
5. Reference user :- General, non-person related users that allows the assignment of additional authorizations.
Example: Internet users created with transaction SU01. No logon is possible.
Step 5) Type the initial password for 2 times.
On first logon of the new user , system will ask to re-set the password.
Step 6)
1. Select the roles tab
2. Assign roles as per requirements
Step 7)
1. Select the profiles tab
2. Assign profiles as per requirements
You can assign SAP_ALL and SAP_New profile to user for full authorization.
• SAP_ALL:You assign this profile to users who are to have all R/3 authorizations, including super-user authorization.
• SAP_NEW:You assign this profile to users who have access to all currently unprotected components. The SAP_NEW profile grants unrestricted access to all existing functions for which additional authorization checks have been introduced. Users can therefore continue to work uninterrupted with functions which are subject to new authorization checks which were not previously executed.
Step 8)
1. Press save
2. Then the back button (F3) button
User will be created.
How to Lock/Unlock a User in SAP.
Locking a user
Purpose of locking user is to temporarily deactivate the users so that they cannot longer access the system.
Users can be locked in 2 ways:-
• Automatically
• Explicitly/Forcefully
Automatically:- There are two possibilities when users get lock automatically,
• Maximum number of failed attempts:- controlled via the parameter login/fails_to_user_lock .If value is set to 3 it means after 3 failed attempts user will be locked.
• Auto unlock time:- "login/failed_user_auto_unlock" defines whether user locked due to unsuccessful logon attempts should be automatically removed at midnight.
Explicitly/Forcefully: We can lock and unlock users in 2 ways-
1. Lock single user (SU01)
2. Lock multiple user (SU10)
Procedure to lock a single user
Step 1) Execute T-code SU01
Step 2) Enter username in User field.
Step 3) Press Lock/Unlock button
Step 4) In the next screen, Press Lock button again to lock the user.
Procedure to lock multiple users
Step 1) Execute T-code SU10
Step 2) Enter users' username in User field and Press Lock/Unlock button
All the users listed will be locked
Procedure to unlock a user
Step 1) Execute T-code su01
Step 2) Enter username in User field.
Step 3) Press Lock/Unlock button and Press Unlock button
Procedure to unlock multiple users
Step 1) Execute T-code SU10
Step 2) Enter users' username in User field and Press Unlock button
Users will be unlocked.
How to Limit Logon Attempts in SAP
Before we learn to limit logon attempts we need to know parameter -
How to set Password Restrictions in SAP
You can use the following system profile parameters to specify the minimum length of a password and the frequency with which users must change their password.
• login/min_password_lng: minimum password length.
Default value: Three characters. You can set it to any value between 3 and 8.
• login/password_expiration_time: number of days after which a password expires
To allow users to keep their passwords without limit, leave the value set to the default 0.
Specifying Impermissible Passwords
You can prevent users from choosing passwords that you do not want to allow. To prohibit the use of a password, enter it in table USR40. You can maintain table USR40 with Transaction SM30. In USR40, you can specify impermissible passwords generically if you want. There are two wildcard characters:
1. ? stands for a single character
2. * stands for a sequence of any combination characters of any length.
123* in table USR40 prohibits any password that begins with the sequence "123."
*123* prohibits any password that contains the sequence "123."
AB? prohibits all passwords that begin with "AB" and have one additional character: "ABA", "ABB", "ABC" and so on.
To set restriction for password follow the below procedure:-
Step 1) Execute T-code SM30.
Step 2) Enter the table name USR40 in "Table/View" field.
Step 3) Click Display button.
Step 4) Enter password expression string.
That's it to password management!
No comments:
Post a Comment