User Activity Notification by Email on Outlook – Lock / Unlock / Too many failed attempts
Requirement 1: LOGIN DAYS
Whenever, a user who has not logged onto system for example 30 or 60 days days then an email notification should be sent to him/her and a copy to system administrator.
Users login information is stored in table USR02.
Create a program taking information from USR02 and then use the FM SO_DOCUMENT_SEND_API1 to send the email.
You can schedule it to run daily and send the notification accordingly.
Requirement 2: LOCK / UNLOCK
Whenever user is locked by administrator using transaction SU01 then send notification.
This can also be achieved by scheduling a program based on table USR02 as mentioned above.
However, if the requirement is that email should be sent immediately then you have to modify the standard program of SU01 (To be specific in the FM SUSR_USER_MAINT_WITH_DIALOG)
Please note that Implicit enhancement does not works here, nor does it has any customer exit or BADI that we can utilize.
When you try to use the implicit enhancement in the said FM, you get the message “Object FUGR SUU0 is part of the central basis and therefore cannot be enhanced”.
So the last option is to take the key from SAP and modify the FM.
Here call your own code where you can utilize the FM SO_DOCUMENT_SEND_API1 to send emails.
Requirement 3: TOO MANY FAILED LOGIN ATTEMPTS
Whenever user enters wrong password many times on the initial login screen then his acccount gets locked automatically by the system. We need to send an email as soon as his account gets locked.
Purpose of sending email could be security concern. For example, someone tries to illegally login to another users account by guessing and trying the password multiple times. In this case the actual user whose login is being compromised should be notified as soon as his account gets locked.
For login screen there is a user exit SUSR0001 (User exit after logon to SAP System). Unfortunately we can not use this since it works only when users has successfully logged into system. But the case in question here is multiple wrong login attempts !!
The other option of enhancing the code of login screen (SAPMSYST) also fails as well as modifying the code. When you try to display this code you get the message “The desired source text is protected by SAP because changing it could cause system errors.”
However, there is one solution from CCMS side using transactions RZ20 & RZ21.
Step No. 1
First create the Function Module that will have your actual code for sending the email to correct recipient.
You can copy SALO_EMAIL_IN_CASE_OF_ALERT_V2 to a new FM say Z_BS_CCMS_EMAIL_ON_PASS_LOCKV2.
In this copied FM you can now change the recipient, subject and body text as well.
You have to bypass the paramter RECIPIENT in the method definition so that your code automatically picks the user and his/her email ID.
Please find below the snapshot of code where we have changed the recipient, copied the mail to BASIS Administrator with changed body text.
Please note that since the CCMS method works on client 000 hence you have to write your select statement with ‘CLIENT SPECIFIED’ for the select statement to take the user data from another cleint.
Step No. 2.
Now go to transaction RZ21.
Under second screen block you will find ‘Methods’ select the radio button ‘method definitions’ and click on ‘Display overview’ button.
Create a new method for example ZUSER_SECURITY_ALERT and for type of call select the ‘Function module’ radio button.
Here you have to give your own FM Z_BS_CCMS_EMAIL_ON_PASS_LOCKV2 that you created above.
NOTE: Please note that you have to maintain at least one parameter SENDER in the method parameter and the same user (for example here USERNOTIF) should be created in SU01.
(In our example, although we are overwriting this sender with other email in the above FM coding. It is necessary to maintain the sender parameter.)
Step No. 3
Go to RZ20 –> SAP CCMS Monitor Templates –> Entire System
Expand Application Server –> R3Syslog –> Security
Click on properties. Under the tab ‘Methods’ use your own method (ZUSER_SECURITY_ALERT which you created above) for ‘Auto-reaction method’
Note: SOST in the current client will not show you the email notification that has been sent to user for failed multiple logon attempts. You have to log on to client 000 to check SOST.
Have a great day !!