Solution Manager can tell me if a system account is locked (ABAP)
Ever get tired of finding a system account is locked when a critical business function stops and it takes a few hours to discover it was a password that was changed and something still had the old password. Well bring on Solution Manager and System Monitoring!
I would like to point out that in order for this to work it will require you to define accounts to monitor for a lock status; if you are looking for any account being locked you may be interested in a blog entry I posted: http://scn.sap.com/community/netweaver-administrator/blog/2013/06/20/notifications-upon-account-locking
So lets start off by getting on the same page, issue Tx Solman_setup (or navigate to the SAP Solution Manager: Configuration work center).
- Technical Monitoring is where the configuration(s) is for the Alert Inbox
- System Monitoring is the type of Technical Monitoring, the other radio buttons provide different metrics
- If the Configure Infrastructure and Standard Users steps have been completed, we can start our work under Template Maintenance
- Change to Edit mode
- Ensure you flip on Expert mode (even though it says Standard mode, this is what it will show)
- Select the correct template, it is important that you select the Technical System templates. In my screenshot you can see that ABAP 7.00 is supported, I confirmed that 6.20 – 6.40 also supports this metric, 4.6C does not have this metric collection it may be possible to create it and alert off of it based on a newer release template.
- Ensure you copy the template as you can’t make changes to the base templates supplied by SAP, now doing this will require a transport. I recommend not doing a local or $tmp transport so down the road if you need to transport your work at some later point in time. It is also at this point under the ‘Template Settings’ tab (above Change Settings) and you can re-name the Template to something that makes sense; I have left mine in the screenshot as an example.
- This is a dual point, you first need to navigate to ‘User Lock status’ (note the list is in semi alphabetically order, I recommend filtering on Exceptions). Once you have the line highlighted you can click on Change Settings, this will allow for the ‘Data Collection’ tab to have changes made to it.
- Add variant is an odd way to specify adding an account to monitor, but you have to click this for each account you want monitored. Keep in mind that the users defined are in the system you are monitoring, a good example is solman_admin and the SM_* accounts those should only exist in SolMan and not something like ECC/ERP.
- Define your users and click the Save/Next button (you will probably be prompted for a transport number).
Now you can select the SID under 5 ‘Define Scope’ and click the Next button. Now under 6 ‘Setup Monitoring’ the Managed Object Name you want SID~ABAP and assign the template that you created in ‘Template Maintenance’. Something to keep in mind is that you can only assign 1 template per object.
Now at this point you should see entries show up in the Alert Inbox of Solution Manager, by adding entries in the notification portions of Technical Monitoring you will get an email typically within a minute (keep in mind my experience may differ due to a small[er] landscape, timing may vary).