How to lock (SU01) and unlock (SU10) an SAP user
Authorizations
If your system is already above SAP NetWeaver Release 7.0, then you must either import SAP Note 1731549 or a corresponding Support Package. Afterwards, when creating new users, it is no longer possible to assign user names that are only composed of variants of spaces or other invisible special characters. Important: Changes to already existing users with these names or their deletion option are not affected by this! The SAP Note also adds the customizing switch BNAME_RESTRICT, whereupon you can control yourself whether alternative spaces are allowed to appear in certain places in the user name. For this, the following values must be set in the customizing table PRGN_CUST: NO = The alternative spaces are still allowed in the user name. ALL = The character set is reduced to a defined range, excluding certain special characters because they have specific meanings in certain operating systems or databases. This predefined character set is: ABCDEFGHIJKLNMOPQRSTUVWXYZ_0123456789,;-§&()={[]}+#. FME = The letters F, M and E stand for Front, Middle and End. With an 'X' in this three-digit switch value you can now explicitly specify at which position in the user name no wide spaces and control characters may occur. All combinations are possible, e.g.: XME = None of these special characters may occur at the BEGINNING of the user name. XMX = In the user name none of these special characters may occur at the BEGINNING and at the END. FME = One of these special characters may occur at any position in the user name (this corresponds to the default setting, i.e. as if no entry was maintained in PRGN_CUST for the switch). SAP recommends the use of the value ALL.
This advanced SAP administration training course provides confidence in in-depth administration tasks on your SAP system. For example, SAP administration with WebAS with ABAP and Java, system configuration and system updates, importing patches and corrections, and updating users and authorizations. Furthermore, the program includes the setup of printers, knowledge of system security and system monitoring as well as transport functions. Not to forget the help system and data backup in your SAP systems.
Two ways to use Security Automation
Part of an IT or cloud strategy may be to define architectural guidelines and a framework for the use and use of certain services. The SAP basis is to actively participate in shaping the rules and framework and the architectural guidelines, and bring in its existing expertise from the SAP technology environment.
To view the software components installed in your SAP system with their respective package levels, select Status Package Levels. A dialogue box appears listing the installed software components with additional information. For more information on this dialogue, please refer to the Online Manual. SPAM: ABAP/Dynpro Generation Usage For performance reasons, the SPAM is set by default to prevent ABAP/Dynpro generation from occurring during the commit. The corresponding programmes are not generated until they are called. However, you can set the SPAM so that the generation takes place during the recording. It is quite possible that the SPAM will report errors during generation because, for example, a self-written or modified report is syntactically wrong and refers to an object that is being played over the cue. Often it is desirable to ignore the generation errors for the time being and to fix them after inserting them. Prerequisites to play Support Packages.
"Shortcut for SAP Systems" makes it easier and quicker to complete a number of SAP basis tasks.
Therefore, especially with regard to SAP security, it must always be checked whether the necessary SAP basic settings also correspond to the minimum level.
Scheduling the RHAUTUPD_NEW report with two variants has proven to be a best practice: Once a day before users log on for the first time (e.g. midnight or very early in the morning).