SAP Knowledge Base Article - Preview

2791368 - How to customize what UFLAG lock codes should be considered valid lock codes, when synchronizing users?

Symptom

In general, users with value of UFLAG different than 0 in plugin table USR02, are considered locked users. Any user with UFLAG different than 0 is marked as locked in GRC repository table GRACUSERCONN (field INACTIVE is set to 'X' by the repository object sync).

Customer wants to consider only Admin lock (UFLAG 64) as a valid lock for users in GRC repository table, and wants all other UFLAG values (128, 192..) not to be considered a lock.

How to customize what UFLAG codes to consider, in your landscape, when you run the repository sync?


Read more...

Environment

  • SAP Access Control 10.0
  • SAP Access Control 10.1
  • Sap Access Control 12.0

Product

SAP Access Control 10.0 ; SAP Access Control 10.1 ; SAP Access Control 11.0 ; SAP Access Control 12.0

Keywords

Locked, expired, Repository, Risk analysis, 1029, 1028, 1004, Plugin GRCFND_A, SPRO, Locked, Admin Lock, 16, 32, flag, uflag GRACUSERCONN, INACTIVE , KBA , inactive , GRC-SAC-ARA , Access Risk Analysis , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.