Skip to Content
Author's profile photo Bharath Padmanabhan

Automatic Notification mail to basis for user locking

Introduction:

Users log in SAP R/3 system by providing userid and password. If they enter wrong userid or password an error message ”Name or password is incorrect(repeat logon)”appears in the taskbar prompting user to provide correct userid and password. The number of incorrect logon attempts is determined by value of profile parameters which are used to define password and logon rules.

The profile parameter  login/fails_to_user_lock defines the number of unsuccessful logon attempts before the system locks the user. By default, the lock applies until midnight. Default value: 12; permissible values: 1 -99. The basis team will set the value for this parameter.

The userid will be locked once the maximum number of incorrect logon attempts is exceeded. Normally user has to manually inform the basis user to unlock his userid. Here we will see how an automatic notification mail is sent to basis user once the userid gets locked.

Step 1: Log in into SAP R/3. Enter the user id and password. Enter wrong userid and password in order to lock the user. We are doing this so that automatic mail will be sent to basis user. An error message will be displayed as below.

image

Step 2: Once the maximum number of incorrect logon attempts exceeds an error message appears in task bar as below. This will automatically trigger a mail to basis user informing them that userid is locked.

 

image

Step 3: In order to trigger a mail create a report in SE38 Tcode. Give the code for report as below.

REPORT  zuser_lock.

* Data declaration Section

DATA : BEGIN OF st1,
        lv_bname LIKE usr02-bname,      ” User Name in User Master Record
        lv_user_flag LIKE usr02-uflag,  ” User Lock Status
        lv_loc_user(255),
       END OF st1.

DATA : BEGIN OF st2,
        lv_loc_user(255),
       END OF st2.

DATA : it_user LIKE TABLE OF st1 WITH HEADER LINE,
       wa_user LIKE LINE OF it_user,
       it_lock LIKE TABLE OF st2 WITH HEADER LINE,
       wa_lock LIKE LINE OF it_lock,
       it_reclist LIKE somlreci1 OCCURS 0 WITH HEADER LINE,
       wa_doc_chng TYPE sodocchgi1,
       lv_lines_txt TYPE i,
       lv_loc_var(1000),
       lv_loc_bname(1000),
       lv_var(5) VALUE ‘0’,
       lv_var1(5) VALUE ‘255’,
       lv_var2(5) VALUE 1,
       it_solisti1 LIKE TABLE OF solisti1 WITH HEADER LINE,
       lv_loc_user(255),
       lv_lin(3) TYPE n,
       lv_len TYPE i,
       strlen TYPE string,
       loc_flag(1).

* Here we retrieve the userids from table USR02
* for whom User Lock Status is set as 128.
* 128 value means Locked Due To Incorrect Logons

SELECT bname uflag FROM usr02 INTO TABLE it_user
 WHERE uflag = ‘128’.

REFRESH: it_reclist.

wa_doc_chng-obj_name = text-000.  “Text Symbol with text as Locked user ids
wa_doc_chng-obj_descr = text-000.
wa_doc_chng-sensitivty = ‘F’.
wa_doc_chng-doc_size = lv_lines_txt * 255.

* Here we assign the user id of receiver
*(Basis user id) who will receive the
*mail. Instead of ABAPER you assign the user id of
*Basis user in your company.

it_reclist-receiver = ‘ABAPER’.
it_reclist-rec_type = ‘B’. ” Specification of recipient type. B means SAP user
APPEND it_reclist.

DESCRIBE TABLE it_user LINES lv_lin.

LOOP AT it_user INTO wa_user.

  lv_loc_bname = wa_user-lv_bname .

  CONCATENATE lv_loc_bname lv_loc_var INTO lv_loc_var SEPARATED BY ‘,’.

ENDLOOP.

it_lock-lv_loc_user = lv_loc_var.
APPEND it_lock.

CONCATENATE ‘Please Unlock the userids:’ lv_loc_var INTO lv_loc_var.

lv_len = STRLEN( lv_loc_var ).

LOOP AT it_lock.

  IF lv_var2 > 0.

    wa_lock-lv_loc_user = lv_loc_var+lv_var(lv_var1).
    APPEND wa_lock TO it_lock.

    lv_var = lv_var + 255.
    lv_var1 = lv_var1 + 255.
    lv_var2 = lv_len – lv_var.
    loc_flag = 1.
    it_solisti1-line = wa_lock-lv_loc_user.
    APPEND it_solisti1.

  ENDIF.

ENDLOOP.

IF lv_loc_var IS NOT INITIAL.

* Function Module to send mail to basis user

  CALL FUNCTION ‘SO_NEW_DOCUMENT_SEND_API1’
    EXPORTING
      document_data              = wa_doc_chng
      document_type              = ‘RAW’
      commit_work                = ‘X’
    TABLES
      object_content             = it_solisti1
      receivers                  = it_reclist
    EXCEPTIONS
      too_many_receivers         = 1
      document_not_sent          = 2
      document_type_not_exist    = 3
      operation_no_authorization = 4
      parameter_error            = 5
      x_error                    = 6
      enqueue_error              = 7
      OTHERS                     = 8.
  IF sy-subrc <> 0.
    MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
            WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
  ELSE.
    MESSAGE s888(sabapdocu) WITH ‘Mail Successfully Sent to Basis User’.
  ENDIF.

ENDIF.

Step 4: Schedule the report in background. This is done so that the report executes repeatedly in background as per the scheduled time interval. Once the userid gets locked this report which runs in background will automatically send a mail to basis user. For scheduling go to SA38 Tcode. Enter the report name and click schedule button.

 image

Step 5: In the next screen enter inputs for job name, start date, time as below.

image

Step 6: To schedule the report periodically click schedule periodically button. A popup appears as below. Choose the required time interval.

image

Step 7: Now once the user id gets locked, a mail is automatically sent to Business Workplace (SBWP Tcode)of basis user as below.

 image

Step 8: In above example mail is sent to only one basis user. The same mail can be sent to any number of basis users by specifying their user ids in receiver list. The mail can be sent to Internet address, shared distribution list etc. In the documentation of Function module SO_NEW_DOCUMENT_SEND_API1 all possible options are given.

Assigned Tags

      3 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Abdul Hakim
      Abdul Hakim
      Hi
      Nice blog. why cant we use the SAP Workflow for this instead of having this ABAP Code in place.

      Cheers,
      Abdul Hakim

      Author's profile photo Aspire WF
      Aspire WF
      Blog Post Author
      Dear Hakim,

      Thanks for your comments. Ofcourse a custom workflow can be developed for this scenario which can be triggered whenever user id gets locked. But as there are no approvals or agent involvement in the process I chose to use ABAP code. As you said its very well possible to build a workflow.

      KR,
      Bharath

      Author's profile photo Former Member
      Former Member
      Might be better to have an autoreaction method in CCMS to send an email...