|Home • Trainings • Quiz • Tips • Tutorials • Functional • Cert Q's • Interview Q's • Jobs • Testimonials • Advertise • Contact Us|
Bruteforce User Maintenance
By Gaurab Banerji, Capgemini India
Made for User Administration help for BASIS people.
Firstly I have created a program ZGB_PROG01 with the
The code for this program is available
The following Selection Texts are used.
We create a transaction named ZBASIS for a Report using SE93
The program can make changes irrespective of the client.
Changes are done directly into databases so it is preferable
that the transaction uses some authorization profile. I would recommend using
Authority check within the program also if possible.
To use simply type in the transaction ZBASIS.
Select the client number from the drop down list and then
select the user name.
Press Enter or press the TICK arrow or simply click a tab.
Data gets fetched.
I have only brought some details from the USR02 table since I
don’t require further information. If you need you can make further changes
and bring more data to screen in the User data tab.
The user status tab shows whether the user is currently
locked for logging into sap.
You can press the unlock button to allow the user to log into
Developer Keys are assigned to users for development access
thereby letting users create Y and Z programs. In this tab we can view the
installation number and the developer key.
SAP developer keys are generated by sap depending on the
installation number and the user id. Basis people should be able to remove
illegal/incorrect developer key using this transaction. Here we also have an
option to add developer keys but I have not implemented any kind of checking
whether the key is correct. I assume that the basis guys are right.
Password history can be quite annoying for users when trying
to change the passwords. SAP stores the last 5 passwords used in history. The
clear password history helps you use your favorite password again and again.
In this tab you will find a unique feature. Suppose you are
the administrator ADMIN user and you have access to all clients with a standard
password say SUPER. It happens that someone doesn’t want anyone to use the
user ADMIN in client 800 and changes the default password to something else,
which we are unaware of. Here this utility comes handy. SAP stores passwords as
password HASHES in table USR02 (and USH02 also but we don’t require it) as a
field BCODE. Decoding the passwords is not possible and even if it can be done
SAP always makes changes so as to ensure it is not decoded.
The passwords hashes are primarily dependent on User ID and
password which in this case is ADMIN and SUPER. However the Hashes are
independent of Client number and as such copying the password hash from a user
in a client to another (same user id ) would be identical to copying the
This utility does the same. If ADMIN password is changed in
Client 800 then what we can do is copy the Password Hash from say Client 620 (
same user ADMIN with known password say SUPER ) to reset the password of client
800. This can be done without logging into the Client 800 at all. It might
happen that we find ADMIN is locked. We can unlock ADMIN of Client 800 or any
user of any client as described above.
Many users are unable to login to the system because a
validity date check is applied to the user. This Reset helps totally remove the
validity dates rather than change them enabling users to have system access as
long as it exists.
This program has been created for educational purposes only. The primary target spectators of this program would be the guys who are new in SAP-BASIS. The code in the program is simple but the data handled is crucial. I won’t recommend misusing this program. Other than the primary functionality of this program, which is basis administration, it demonstrates the use of tab strips and sub screens in reports (No SE51), search helps, drop down lists etc. which makes the program unique in its own way. I hope you will like it.
Please send us your feedback/suggestions at webmaster@SAPTechnical.COM
©2006-2007 SAPTechnical.COM. All rights reserved.
product names are trademarks of their respective companies. SAPTechnical.COM
is in no way affiliated with SAP AG.
Graphic Design by Round the Bend Wizards