uflag value

============
0 user is not locked

32 user is locked by admin globally

64 user is locked by admin locally

128 user is locked due to incorrect logons

192 user is locked by admin and also locked due to incorrect logons

i want to lock user nbkrishna? how to lock?

if you want to lock / unlock single user we will use t-code su01

if you want to lock / unlock multiple user then user t-code su10

su01 --> type the user name - nbkrishna --> click on lock icon --> lock user
-----------------------
i want to know the user lock status / uflag value for the user nbkrishna?

se16n --> user02 --> type the user name - nbkrishna --> f8

===============================================
what could be the reason if last logon time is all zero's / 0's in USR02 table?

if the last logon time is all 0's / zero's user is created but user is not login
into the system
============================================

if you receive the ticket from user stating that please reset my password?

whenever when we receive the ticket please reset my password,

as a security consultant, first we need to check the user lock status / uflag vaule

if the user lock status / uflag value is 64 ie., user is locked by admin - then we
will ask the user to get an approval from manager and then we will reset the
password and then send the new password to user

if the user lock status / uflag value is 128 i.e., user is locked due to incorrect
logons, then no need to get an approval from manager - we will reset the password
and then send the new password to user

==================================

i want to know the list of users starting with a and user lock status is 64?

se16n --> usr02 --> user name - a* --> user lock --> 64 -> f8

===================================

usr01 - user master record

usr02 - user logon data

usr03 - user address information

=================================

user groups
=============
admin work will become if we create user groups

separate the users based on module wise / location wise

if you want to create user group, t-code is -> SUGR

list of all user groups can be seen in table -> usgrp

the relationship between user and user group can be seen in table -> usgrp_user

default user group is "SUPER"

assigning users to groups

=======================
1) how to assign multiple users in one group?

using sugr, we will assign multiple users to particular group

sugr --> type the group name --> click on change --> type the list of users and
click on save

2) how to assign multiple groups to a particular user?

su01 --> type the user name --> click on change --> go to groups tab --> type the
list of groups and click on save

3) how to assign multiple groups to multiple users?

su10 --> type the users --> click on change --> go to groups tab --> type the group
names and click on change

relationship between user and user group can be seen in table "usgrp_user"

default user group is "SUPER"

STANDARD USERS WILL BE IN THIS GROUP AND ALSO SECURITY CONSULTANS, BUSINESS
POWERFUL USERS

WHAT IS THE PURPOSE OF SUPER USER GROUP?

Users cannot be deleted by anyone until and unless the user in the particular group

================================================

user types
==========
Dialog user

System user
Communication user

Service user

Reference user

Dialog user:-
===========
GUI login is possible for Dialog user

Passowrd policies are applicable

wheneven when anyuser login to the system, user need to change the password for the
first time

Most of the users are Dialog users

System User:-
============
GUI login is not possible

Password policies are not applicable

Used for scheduling background jobs

communication user
=====================
GUI LOGIN is not possible

Password Policies are not applicable

If user want to communicate from one system to another system / from one client to
another client

Service User
=============
Multiple Logons are possible with limited access

Password rules will not apply

Only Admin can reset the password

Reference User
=================
GUI LOGIN IS NOT POSSBILE

PASSWORD POLICIES ARE NOT APPLICABLE

IF A DIALOG USER NEEDS EXTRA ACCESS WE WILL ASSIGN REFERENCE USER

TALBES RELATED TO USER TYPES:-

==============================

USREFUS - RELATIONSHIP BETWEEN USER AND REFERENCE USER CAN BE SEEN IN TABLE USREFUS
LIST OF USER TYPES I.E., DIALOG USER, COMMUNICATION USER, REFERENCE USER, SERVICE
USER, SYSTEM USER CAN BE SEEN IN TABLE - "USR02"

EXAMPLES:-
I WANT TO KNOW LIST OF DIALOG USER

SE16N --> USR02 --> USERTYPE --> DIALOG --> F8

I WANT TO KNOW LIST OF REFERENCE USERS

SE16N --> USR02 --> USERTYPE --> REFERENCE USER --> F8

I WANT TO KNOW LIST OF COMMUNICATION USER

SE16N --> USR02 --> USERTYPE --> COMMUNICATION--> F8

I WANT TO KNOW LIST OF SERVICE USERS

SE16N --> USR02 --> USERTYPE --> SERVICE USER --> F8

I WANT TO KNOW LIST OF SYSTEM USERS

SE16N --> USR02 --> USERTYPE --> SYSTEM USER --> F8

LIST OF ALL USER TYPES CAN BE SEEN IN REPORT -> "RSUSR200"

===================================

PARAMETERS
===============
Parameters is used to fill a field with pre-defined values

Parameters are user specific

if you want to assign the parameter value to user, you need to know the "technical
name / parameter id" for that particular field

The relationship between user and the parameters can be seen in table "usr05"

HOw to find the parameter value?

select the field
right click - click on "f1" or click on "help"
click on "technical information: button
you will find the parameter id for the particular field