It all started with a discussion with one of my colleagues who is working as an SAP security consultant.
During the discussion, I realized that they get multiple requests for resetting passwords and locking or unlocking of users, which consumes a good amount of their time. By the time the discussion ended, I thought of creating a program/tool to automate these requests to save time for other productive tasks.
I have discussed the steps to automate in this blog.
There are two required inputs to run the program:
• Output will have a list of all the User IDs passed in the selection screen and a status for each User ID showing if the request has been completed or not.
• Program will also trigger emails to users individually to let them know the new password or update them about their user status.
Now, let’s see the logic behind this program. I have created a flow diagram for it to have a better understanding.
Image 1: Flow Diagram of logic (Designed via draw.io)
**Note: Email IDs of the users will be captured from user data (Tables: USR21 & ADR6) In-case email id is not maintained in user data, email will be sent to the person running this program.
• BAPI_USER_CHANGE - To change/reset password
• BAPI_USER_LOCK - To lock the user
• BAPI_USER_UNLOCK - To unlock the user
To trigger emails, CL_BCS class is used.
Image 2: Email structure (Designed via draw.io)
Only SAP Security Team or immediate managers would be authorized to use this program.
I hope you find the above steps helpful in setting up the automation tool for setting passwords in SAP. If you need further assistance then feel free to reach out to me at Akash.Jain@rackspace.com.
Learn about Rackspace SAP Managed Services.
Learn about Rackspace Application Security.
Use the Feedback tab to make any comments or ask questions. You can also start a conversation with us.