More on the un/lockup

This Content Component encountered an error

More on the un/lockup
Matthew Billingham

Reader Matthew Billingham takes exception to some of the provisions of our last SAP developers' tip, and herewith offers his improvements.


While this tip is generally useful, there are a few issues with it.

  1. Some users won't allow programs that directly update SAP's own tables.
  2. The SAP locking concept is not implemented, which could under some circumstances, cause problems.
  3. When you unlock the users, you unlock all of them. What if some needed to remain locked?

My solution to the problem, which I have implemented, is to change the validity date of the user account to today's date. (Although if you use validity dates, you'll end up with problem 3; I guess there's no way aound that). To unlock, you clear the validity date. You can achieve this through CALL TRANSACTION SU01. System critical accounts, like DDIC, are hard coded to be excluded.

report ZBCUSERS no standard page heading.
*-------------------------------------------------------------
---------
*
* description:   this program allows user selection of userids
*                and whether these should get no system access or
*                unrestricted access to the system.
*                the data is extracted from the userid table usr02
*                according.  call transaction su01 is then used to
*                update the valid date-to field with either space for
*                unrestrict access or today's date for 
*                restrict access.
*                this program does not in any way affect 
*                authorizations
*                or user profiles.
*
*-------------------------------------------------------------
---------
* PROCESSING NARRATIVE:
* 1. Initialise all program variables and selection fields
* 2. collect the required data from DDIC table USR02 into 
*    internal table
*    t_usr02
* 3. Loop at internal table T_usr02, making the required changes to
*    User access date depending on the user request - using call
*    transaction SU01.
* 4. Output report stating how many users updated otherwise error
*    messages should be displayed
*
*-------------------------------------------------------------
----------
* Define DDIC Tables to be used
*-------------------------------------------------------------
----------
TABLES: USR02,                         "Logon data
     T100.                          "message text
*-------------------------------------------------------------
----------
* Define Program Internal Tables to be used
*-------------------------------------------------------------
----------

*internal table to hold usr02 data
DATA: BEGIN OF T_USR02 OCCURS   0,
      BNAME LIKE USR02-BNAME,        "User name
      END OF T_USR02.

*internal table to hold SU01 transaction data.
DATA: BEGIN OF BDCDATA OCCURS 0.
       INCLUDE STRUCTURE BDCDATA.
DATA: END OF BDCDATA.

*internal table to hold any messages resulting from call transaction
DATA BEGIN OF MESSTAB OCCURS 10.
     INCLUDE STRUCTURE BDCMSGCOLL.
DATA END OF MESSTAB.
 
DATA BEGIN OF T_MESSTAB OCCURS  10.
     INCLUDE STRUCTURE BDCMSGCOLL.
DATA END OF T_MESSTAB.

*-------------------------------------------------------------
----------
* Define Program ranges
*-------------------------------------------------------------
----------
RANGES: R_BNAME FOR USR02-BNAME.

*-------------------------------------------------------------
----------
* Define Program internal variables
*-------------------------------------------------------------
----------

DATA  W_ACCESS_DATE LIKE USR02-GLTGB.  "valid access date
DATA  W_ACTION(12) TYPE C.             "action taken
DATA  W_LINES TYPE I.                  "number of lines in table
DATA  W_USR02_LINES TYPE I.            "number of users to be updated
DATA  W_RESTRICT_DATE LIKE USR02-GLTGB."selection date
DATA  W_TRAN_MODE(1) TYPE C VALUE 'N'. "run call trans. in background
DATA  W_ACCESS_DATE2(10) TYPE C.       "used for passing to trans.
 
*-------------------------------------------------------------
----------
* Selection screen definition
*-------------------------------------------------------------
----------
SELECTION-SCREEN SKIP 4.
SELECTION-SCREEN BEGIN OF BLOCK B1 WITH FRAME TITLE TEXT-006.
SELECTION-SCREEN SKIP 1.
*logon userids
SELECT-OPTIONS S_BNAME FOR USR02-BNAME.
*radio button selection for allow/disallow system access
PARAMETERS: P_LOCK RADIOBUTTON GROUP RBLK,
            P_UNLOCK RADIOBUTTON GROUP RBLK.
SELECTION-SCREEN SKIP 1.
SELECTION-SCREEN END OF BLOCK B1.
 
*include bdcrecxx.
START-OF-SELECTION.

*-------------------------------------------------------------
----------
* Read DDIC table USR02 and extract all users into internal table
* that are specified in the selection paramaters
*-------------------------------------------------------------
----------

PERFORM INITIALISE-SELECTIONS.
 
 IF P_LOCK = 'X'.
   PERFORM RESTRICT_USER_ACCESS.
 ELSE.
   PERFORM UNRESTRICT_USER_ACCESS.
 ENDIF.
 
*check to see if any data selected for updating
 DESCRIBE TABLE T_USR02 LINES W_USR02_LINES.
 IF W_USR02_LINES = 0.
   WRITE: / 'There are no users selected for updating !!!!!'.
   STOP.
 ENDIF.
 
 PERFORM PROCESS_USER_DATA_UPDATE.
 
 WRITE: / W_USR02_LINES,
          'users have been processed to have their Logon access ',
          W_ACTION.
 PERFORM WRITE_ERROR_MESSAGES.
 
*&------------------------------------------------------------
 ---------*
*&      Form  INITIALISE-SELECTIONS
*&------------------------------------------------------------
---------*
*       Initialise program variables and selection parameters
*-------------------------------------------------------------
---------*
FORM INITIALISE-SELECTIONS.
 
*initialisations
 REFRESH T_USR02.
 CLEAR T_USR02.
 CLEAR W_RESTRICT_DATE.
 
*initialisations according to lock request
 IF P_LOCK = 'X'.
   W_ACCESS_DATE = SY-DATUM - 1.
   WRITE W_ACCESS_DATE TO W_ACCESS_DATE2 DD/MM/YYYY.
 
   W_ACTION = 'Restricted'.
 ELSE.
   W_ACCESS_DATE = SPACE.
   W_ACCESS_DATE2 = SPACE.
   W_ACTION = 'Unrestricted'.
 ENDIF.
 
 CLEAR R_BNAME.
*fill range for selections
 R_BNAME-LOW = 'SAP*'.
 PERFORM FILL_RANGE_R_BNAME.
 R_BNAME-LOW = 'DDIC'.
 PERFORM FILL_RANGE_R_BNAME.
 R_BNAME-LOW = 'SAPCPIC'.
 PERFORM FILL_RANGE_R_BNAME.
 
ENDFORM.                               " INITIALISE-SELECTIONS
 
*&------------------------------------------------------------
---------*
*&      Form  RESTRICT_USER_ACCESS
*&------------------------------------------------------------
---------*
*       select userids which should have logon access removed
*       where uflag ne 0 these userids should not be touched
*       only select userids which have so far not been restricted i.e.
*        valid date-to blank
*-------------------------------------------------------------
---------*
FORM RESTRICT_USER_ACCESS.

 SELECT BNAME FROM USR02 INTO TABLE T_USR02
    WHERE BNAME IN S_BNAME
    AND   BNAME NOT IN R_BNAME
    AND   UFLAG = 0                   "user flag > 0 - already locked
    AND   GLTGB = W_RESTRICT_DATE.    "users with no restriction

ENDFORM.                               " RESTRICT_USER_ACCESS
 
*&------------------------------------------------------------
---------*
*&      Form  UNRESTRICT_USER_ACCESS
*&------------------------------------------------------------
---------*
*       select userids which should have logon access changed 
to active
*       where uflag ne 0 these userids should not be touched
*       only select userids which have so far been restricted i.e.
*       valid date-to not blank
*
*-------------------------------------------------------------
---------*
FORM UNRESTRICT_USER_ACCESS.
 
 SELECT BNAME FROM USR02 INTO TABLE T_USR02
    WHERE BNAME IN S_BNAME
    AND   BNAME NOT IN R_BNAME
    AND   UFLAG = 0                   "user flag > 0 - already locked
    AND   GLTGB > W_RESTRICT_DATE.    "users who have no 
system access

ENDFORM.                               " UNRESTRICT_USER_ACCESS
 
*&------------------------------------------------------------
---------*
*&      Form  PROCESS_USER_DATA_UPDATE
*&------------------------------------------------------------
---------*
*       for each userid entry in the internal table t_usr02 set the
*       date and user name within the call transaction data and then
*       update through transaction SU01
*-------------------------------------------------------------
---------*
FORM PROCESS_USER_DATA_UPDATE.
 
 LOOP AT T_USR02.
   REFRESH BDCDATA.
   PERFORM BDC_DYNPRO      USING 'SAPMS01J' '0200'.
   PERFORM BDC_FIELD       USING 'BDC_OKCODE'
                                 'USER'.
   PERFORM BDC_FIELD       USING 'BDC_CURSOR'
                                 'XU200-XUSER'.
   PERFORM BDC_FIELD       USING 'XU200-XUSER'
                                 T_USR02-BNAME.
   PERFORM BDC_DYNPRO      USING 'SAPMS01J' '0213'.
   PERFORM BDC_FIELD       USING 'BDC_OKCODE'
                                 'UPD'.
   PERFORM BDC_FIELD       USING 'BDC_CURSOR'
                                 'USR02-GLTGB'.
*change date to either initial date or yesterday's date
   PERFORM BDC_FIELD       USING 'USR02-GLTGB'
                                 W_ACCESS_DATE2.

   CALL TRANSACTION 'SU01' USING BDCDATA
                           MODE W_TRAN_MODE
                           MESSAGES INTO MESSTAB.
   CHECK SY-SUBRC NE 0.
*check to see if any messages returned from call transaction
*these will be reported later.
   DESCRIBE TABLE MESSTAB LINES W_LINES.
   IF W_LINES NE 0.
     LOOP AT MESSTAB WHERE MSGTYP NE 'S'.
       MOVE MESSTAB TO T_MESSTAB.
       APPEND T_MESSTAB.
     ENDLOOP.
     REFRESH MESSTAB.
     CLEAR MESSTAB.
   ENDIF.
 
 ENDLOOP.
 
ENDFORM.                               " PROCESS_USER_DATA_UPDATE
*&------------------------------------------------------------
---------*
*&      Form  FILL_RANGE_R_BNAME
*&------------------------------------------------------------
---------*
*       create internal table r_bname for select option range
*-------------------------------------------------------------
---------*
FORM FILL_RANGE_R_BNAME.

 R_BNAME-OPTION = 'EQ'.
 R_BNAME-SIGN = 'I'.
 APPEND R_BNAME.
 CLEAR R_BNAME.
ENDFORM.                               " FILL_RANGE_R_BNAME
 
*-------------------------------------------------------------
---------*
*        Start new screen                                     
        *
*-------------------------------------------------------------
---------*
FORM BDC_DYNPRO USING PROGRAM DYNPRO.
 CLEAR BDCDATA.
 BDCDATA-PROGRAM  = PROGRAM.
 BDCDATA-DYNPRO   = DYNPRO.
 BDCDATA-DYNBEGIN = 'X'.
 APPEND BDCDATA.
ENDFORM.
 
*-------------------------------------------------------------
---------*
*        Insert field                                         
        *
*-------------------------------------------------------------
---------*
FORM BDC_FIELD USING FNAM FVAL.
 CLEAR BDCDATA.
 BDCDATA-FNAM = FNAM.
 BDCDATA-FVAL = FVAL.
 APPEND BDCDATA.
ENDFORM.
 
*&------------------------------------------------------------
---------*
*&      Form  WRITE_ERROR_MESSAGES
*&------------------------------------------------------------
---------*
*       write out the texts of any error messages
*-------------------------------------------------------------
---------*
FORM WRITE_ERROR_MESSAGES.
 
*check to see if any error messages returned from call transaction
 DESCRIBE TABLE T_MESSTAB LINES W_LINES.
 IF W_LINES = 0.
   EXIT.
 ENDIF.
 WRITE: / W_LINES,
          ' messages were encountered in the update'.
*write out all messages
 LOOP AT T_MESSTAB.
   CLEAR T100.
   SELECT SINGLE * FROM T100
   WHERE    SPRSL = SY-LANGU
      AND   ARBGB = T_MESSTAB-MSGID
      AND   MSGNR = T_MESSTAB-MSGNR.
 
   WRITE:/
          T_MESSTAB-MSGTYP,
          T_MESSTAB-MSGID,
          T_MESSTAB-MSGNR,
          / '.....',
          T100-TEXT,
          T_MESSTAB-MSGV1,
          T_MESSTAB-MSGV2.
 ENDLOOP.
ENDFORM.                               " WRITE_ERROR_MESSAGES

[insert bio here]

Do you agree with Matthew? Do you have another way to do this or a tip of your own? Let us know by email.


This was first published in January 2001

Dig deeper on SAP Java and J2EE

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchManufacturingERP

SearchOracle

SearchDataManagement

SearchAWS

SearchBusinessAnalytics

SearchCRM

SearchContentManagement

SearchFinancialApplications

Close