Recently I had an issue with locking users. I have generated a report about users who have not been logged for a couple of months. This file contained only usernames, since that is all you need to know when it comes to locking someone. The expiration date in this task is the date of lock.

Since locking hundreds of users and setting their expiration date in a couple of systems is insanity, I had to find a different way to do so. Here is a program serving that task:

Mass user lock
REPORT  Z_MASS_USER_LOCK.

“variables for uploading and reading file with usernames
DATA: paa_file  TYPE SAPBSAPPFAD,
       pafile    TYPE SAPBSAPPFAD.
       “paa_file2 TYPE string.

“parameter for local file path
PARAMETERS: p_file(70) TYPE c.
“set filenames
pafile = p_file.
paa_file = ‘Users_For_Lock.csv’.

“path to local file in wich users to be locked is stored
OPEN DATASET  paa_file FOR OUTPUT IN TEXT MODE ENCODING UTF8.
CLOSE DATASET paa_file.

CALL FUNCTION ‘ARCHIVFILE_CLIENT_TO_SERVER’
   EXPORTING
     PATH             = pafile
     TARGETPATH       = paa_file
* EXCEPTIONS
*   ERROR_FILE       = 1
*   OTHERS           = 2
           .
IF SYSUBRC <> 0.
* Implement suitable error handling here
   MESSAGE ‘No such file’ TYPE ‘E’.
ENDIF.

DATA: text    TYPE TABLE OF string,
       csvstr  TYPE string,
       pa_file TYPE string,
       curpos  TYPE i,
       endpos  TYPE i.

pa_file = paa_file.

“data of the user we want to lock
TYPES: BEGIN OF user,
         uname  TYPE BAPIBNAMEBAPIBNAME, “username
         logond TYPE BAPILOGOND,         “logon date, here we set valid through date
         logonx TYPE BAPILOGONX,
        END   OF user.

DATA: wa_user type user.

TRY .
     OPEN DATASET pa_file FOR INPUt in TEXT MODE ENCODING UTF8.
     SET DATASET  pa_file POSITION END OF FILE .
     GET DATASET  pa_file POSITION endpos.
     SET DATASET  pa_file POSITION 0.

     WHILE curpos <> endpos.

       READ DATASET pa_file INTO csvstr.
       APPEND csvstr TO text.
       GET DATASET pa_file POSITION curpos.

       wa_useruname = csvstr.           “set uname of the user to be locked
       wa_userlogondGLTGB = sydatum“set current date as the validity expiration date
       wa_userlogonxGLTGB = ‘X’.       “mark that you want to change the validity expiration date

       DATA RETURN_DUMMY LIKE BAPIRET2 OCCURS 0.

       “set users expiration date
       CALL FUNCTION ‘BAPI_USER_CHANGE’
         EXPORTING
           USERNAME          = wa_useruname
           LOGONDATA         = wa_userlogond
           LOGONDATAX        = wa_userlogonx
         TABLES
           RETURN            = RETURN_DUMMY
         .

       “lock the user
       CALL FUNCTION ‘BAPI_USER_LOCK’
         EXPORTING
           USERNAME = wa_useruname
         TABLES
           RETURN   = RETURN_DUMMY.

     ENDWHILE.

     CLOSE DATASET pa_file.
   CATCH cx_sy_file_open_mode.
     MESSAGE ‘Upload a proper file’ TYPE ‘E’.
ENDTRY.

After starting the program, this is what you should get:

In p_file parameter you add path to local .csv file containing a list of users. An example file should look like this:

Users_to_be_locked.csv

Username1

Username2

Username3

Username4

Username5

Username n

Afterwards you press F8 and the program should run perfectly.

The program uploads your local file into server and works on it. It sets expiration date as current date.

To lock users on other system, all you need is an RFC connection to them and to modify lines:

       “set users expiration date
       CALL FUNCTION ‘BAPI_USER_CHANGE’
         EXPORTING
           USERNAME          = wa_useruname
           LOGONDATA         = wa_userlogond
           LOGONDATAX        = wa_userlogonx
         TABLES
           RETURN            = RETURN_DUMMY
         .

       “lock the user
       CALL FUNCTION ‘BAPI_USER_LOCK’
         EXPORTING
           USERNAME = wa_useruname
         TABLES
           RETURN   = RETURN_DUMMY.

to

       “set users expiration date
       CALL FUNCTION ‘BAPI_USER_CHANGE’ DESTINATION <rfc_name>
         EXPORTING
           USERNAME          = wa_useruname
           LOGONDATA         = wa_userlogond
           LOGONDATAX        = wa_userlogonx
         TABLES
           RETURN            = RETURN_DUMMY
         .

       “lock the user
       CALL FUNCTION ‘BAPI_USER_LOCK’ DESTINATION <rfc_name>
         EXPORTING
           USERNAME = wa_useruname
         TABLES
           RETURN   = RETURN_DUMMY.

Hope this proves usefull

To report this post you need to login first.

8 Comments

You must be Logged on to comment or reply to a post.

    1. Bartlomiej Lubiatowski Post author

      That could be done but it wouldn’t be that convenient in our case. Our client wanted to lock users listed on a report.

      When we had the report on a local file what point would there be in clicking all the users in alv. It was easier and faster for us to upload the file and lock the users we already had listed.

      Worth mentioning this task was to be done in about 20 systems and we couldn’t transport the program due to some conservation work on those systems so we had to use rfc in the program. I don’t think ALV would be convient to run via rfc.

      (0) 
      1. Олег Точенюк

        ALV is convenient to work with lists of users who to block. There are new users, and therefore constantly lying to edit a file on the application server to which access should be restricted.

        (0) 
  1. Suhas Saha

    Why do you want to re-invent the wheel? 😕 You can use the transaction SU10 which allows you to select the users using their logon data (e.g., days since last logon) & lock them in one-go.

    /wp-content/uploads/2014/01/2014_01_02_131111_354831.jpg

    – Suhas

    (0) 
  2. Shreyas Rao

    Well the back to back usage of BAPI_USER_CHANGE and BAPI_USER_LOCK even with COMMIT in between has disadvantage while Bulk processing.

    BAPI_USER_CHANGE has impact on Lock status also. So during bulk processing, if there is a slightest delay between Parent and Child system, BAPI_USER_LOCK will execute first and then BAPI_USER_CHANGE which immediately removes the Lock set by first execution of BAPI_USER_LOCK, leaving the user in Unlocked state.

    I currently have the same issue and searching for the solution.

    (0) 

Leave a Reply