Can OC/RDC monitor a user's last logon date?
Can OC/RDC monitor if a user has not logged in for 30 days, or 60 days, and send them an email, or lock their account?
Hi,
If you are looking for the option to email the users - > you have to have your own custom code .
enable the audit trail to DB level. sys.aud$ will store all the login details - you can schedule a job to run every day and see if users didn't login for > 90 days send out email.
If you are only looking for the way to lock the account then its gonna be easy - create a new database profile with the settings you need.
How does one enforce strict password controls?
By default Oracle's security is not extremely good. For example, Oracle will allow users to choose single character passwords and passwords that match their names and userids. Also, passwords don't ever expire. This means that one can hack an account for years without ever locking the user.
From Oracle 8 one can manage passwords through profiles. Some of the things that one can restrict:
* FAILED_LOGIN_ATTEMPTS - failed login attempts before the account is locked
* PASSWORD_LIFE_TIME - limits the number of days the same password can be used for authentication
* PASSWORD_REUSE_TIME - number of days before a password can be reused
* PASSWORD_REUSE_MAX - number of password changes required before the current password can be reused
* PASSWORD_LOCK_TIME - number of days an account will be locked after maximum failed login attempts
* PASSWORD_GRACE_TIME - number of days after the grace period begins during which a warning is issued and login is allowed
* PASSWORD_VERIFY_FUNCTION - password complexity verification script
Look at this simple example:
read http://www.orafaq.com/wiki/Oracle_database_Security_FAQ for more details.
HTH
Similar Messages
-
Is there a system table or V$ view that will show a user's last logon date?
Is there a system table or V$ view that will show a user's last logon date?
I'm using Oracle 9.2.0.7sqlplus
SQL*Plus: Release 11.2.0.1.0 Production on Tue Aug 31 12:44:42 2010
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Enter user-name: / as sysdba
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> desc user$
Name Null? Type
USER# NOT NULL NUMBER
NAME NOT NULL VARCHAR2(30)
TYPE# NOT NULL NUMBER
PASSWORD VARCHAR2(30)
DATATS# NOT NULL NUMBER
TEMPTS# NOT NULL NUMBER
CTIME NOT NULL DATE
PTIME DATE
EXPTIME DATE
LTIME DATE
RESOURCE$ NOT NULL NUMBER
AUDIT$ VARCHAR2(38)
DEFROLE NOT NULL NUMBER
DEFGRP# NUMBER
DEFGRP_SEQ# NUMBER
ASTATUS NOT NULL NUMBER
LCOUNT NOT NULL NUMBER
DEFSCHCLASS VARCHAR2(30)
EXT_USERNAME VARCHAR2(4000)
SPARE1 NUMBER
SPARE2 NUMBER
SPARE3 NUMBER
SPARE4 VARCHAR2(1000)
SPARE5 VARCHAR2(1000)
SPARE6 DATE -
Search for User by last logon date no longer works after upgrading to SPS18
We used to be able to Search by last logon date under User Administration as a quick way to find out who logged on for a particular date. It worked well, but only for a single date range. We were on EP 6.0 SPS13 at the time. Since we have upgraded to SPS18, it no longer works. All we get back now is no user found no matter what date we enter.
Has anyone else experienced this problem? I've been searching and haven't found anything. I wanted to try and get more information before I create an OSS message.
Thank you,
Kathyit's since SP16, to be correct: http://help.sap.com/saphelp_nw04/helpdata/en/43/bc6b9202454dece10000000a422035/frameset.htm
kr, achim -
Last Logon Date for Deleted Users
Hi,
How can I checked to see last logon date for a deleted user-SAP ECC 6.0?
-Wes> ... chekcing USR02 the TRDAT field has been reset.
In lower releases you could easily have made a big mistake doing that.
In all releases the security audit log (SM20) is the correct tool for this, but you cannot retro-fit it.
If the SM20 log is not activated for logon events, then there are several other ways of reconstructing parts of the information but they are all incomplete and a big effort.
Cheers,
Julius -
Hi All,
How to find a Database USER last logon date on 10g? by script.
Thanks,You need to enable auditing to view history in audit files. In v$session you can see only connected sessions.
http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:1830073957439
http://www.dba-oracle.com/art_builder_sec_audit.htm -
PowerShell Active Directory: Get last logon date of a deleted user
So, my first post in this noble community. I've been lurking here and I've been getting some good information. Hopefully, you guys can help me in this concern which may be simple to some but I couldn't seem to get around it.
Is it possible to get the last logon date of a DELETED user in Active Directory?
I can get the available properties of deleted users using the following:
Get-ADObject -Filter {samaccountname -eq <account_name> -and ObjectClass -eq "user"} -IncludeDeletedObjects -Properties *
But the last logon date is not one of the properties available from Get-ADObject. Get-ADUser has the last logon property, but it does not have data on deleted users. Is there anyway this can be achieved? Perhaps convert an ADObject to an ADUser?
Any information would be much appreciated. Thank you.Thanks everyone for your response. It looks like jrv is leading me to the right path, but I'm still having issues. I'm trying to get the lastlogon time by querying all the DCs in our domain, but every query returns a null lastlogon time for all the deleted
users I tried:
$DomainControllers = ((Get-ADForest).Domains | %{ Get-ADDomainController -Filter * -Server $_ }).Name
foreach ($DC in $DomainControllers)
$dn=(Get-ADObject -Filter {samaccountname -eq <user_account>} -includedeletedobjects -server $DC).DistinguishedName
$user=[adsi]"LDAP://$dn"
$user.LastLogon
It always returns null. Morever, simply executing [adsi]"LDAP://$dn" from each DC gives the following error:
format-default : The following exception occurred while retrieving member
"distinguishedName": "There is no such object on the server.
+ CategoryInfo : NotSpecified: (:) [format-default], ExtendedType
SystemException
+ FullyQualifiedErrorId : CatchFromBaseGetMember,Microsoft.PowerShell.Comm
ands.FormatDefaultCommand
It's a bit surprising to me though, since $user=[adsi]"LDAP://$dn" does return a value for $user (instead of null whenever an error is encountered) of type System.DirectoryServices.DirectoryEntry but it has no members.
Anyone know what I'm missing? -
Query users, access level and last logon date
<p>Hello,</p><p> </p><p>Does anybody know how to query Essbase to look up users accesslevel and last logon date?</p><p> </p><p> </p><p>Rey Fiesta</p>
It can be done using the API. Access level is a little complicated because it can be by individual or group they belong to and it of course is different by application/database
-
Last Logon date and Logon time not updating in table USR02
Hi,
Please help us on this. After customer successfully logged in the webshop, we are checking the table USR02 in CRM system and the Logon date and Logon time is not updated. Because of this, the customer will be locked after certain number of days. When we check it in ECC system, customer's last logon date and time is updated. Can you tell us what could be causing this? Any advise what we need to check? Thanks in advance!
Regards,
MikeHi
1. Please check if the USAPPLREF table in ECC has the correct mapping done between the LOGON User and the Sold-to party (Customer)
2. Please check the validity of those user in SU01 user data.
3. Please check the USERS data from the USERADMIN Link (if it is configured in your scenario through XCM settings for USERS)
Hope this will help.
Regards -
BAPI_USER_GET_DETAIL - Last Logon Date not available
From R3 I want to check the last logon Date (USR02-TRDAT) of a user in an outside system such as EBP or BW. BAPI_USER_GET_DETAIL seemed like a good choice but TRDAT is not passed to the BAPI. Last Logon Time is (LTIME) but not Last logon date (TRDAT). How can this be easily done.
Thanks,
-don.the problem with this is that it makes a call for each user. If you have 100k users it becomes a very inefficient process.
If you build something in the backend to collect the details a useble format....1) it is custom, and 2) you need to deply in each backend and 3) maintain it in each backend.
not a good solution.
If anyone has better idea please shout. Again....this RFC call does the job.....but it is like empting a pool full of water with a teaspoon, does the job but very inefficiently.
DenisO -
Hi,
I am working on EP 7.0 SPS 13.
We have LDAP & UME as data source.
Is there any way to get last logon date for all users?
UME method for getting last logon details is deprecated.
What is alternative way?
I need to get list of all users who have not logged on to portal for last 30 days.
Is there any way to achieve this?
Regards,
ApurvaHi Michael,
Thanks for the link.
Our requirement is that if user is not active for say 30 days his userid should be locked and after say 60 days it should be deleted.
In order to determine inactive users we need information about logon details for user ids. Portal Activity Report - Details of users who logged on does not consider reporting period and hence is of no use.
Is there any operation in this web service which can provide us this information?
Regards,
Apurva -
Script to pull out last logon date
Hello,
I have a list of user that I would like to pull out last logon date from AD.
This is the script I am using at the moment but it produces blanks and I don't know what the blanks mean.
Import-Module ActiveDirectory
#This script requires PowerShell AD Module
Import-csv "c:\scripts\samaccountname.csv" |
foreach-object {get-aduser $_.samaccountname -Properties lastlogondate} |
select name,Lastlogondate |
Export-csv c:\scripts\LastLogon.csv -NoTypeInformation
Please can you help?
Kind Regards, PenDraKonIf you want an accurate lastLogon date, you have to check across domain controllers.
Here's an advanced function I created a while ago for this.
Function Get-LastLogon {
<#
.SYNOPSIS
Returns LastLogon information
.DESCRIPTION
Queries the LastLogin information for a user across domain controllers and returns the highest (latest) value
.EXAMPLE
Get-LastLogon User
.EXAMPLE
Get-LastLogon -Identity User
.EXAMPLE
Get-ADUser User | Get-LastLogon
.EXAMPLE
Get-LastLogon User1, User2
.PARAMETER users
List of users - pipeline can be used
#>
[CmdletBinding()]
param
[Parameter(Position= 0,
Mandatory=$True,
ValueFromPipeline=$True,
HelpMessage='What user would you like to find the last logon for?')]
$identity
Begin {}
Process {
Foreach ($account in $identity) {
$dateStamp = $null
$domainController =$null
Get-ADDomainController -Filter * | Foreach {
$dc = $_.HostName
$lastLogon = (Get-ADUser $account -Properties LastLogon -server $dc | Select-Object Name,@{n='LastLogon';e={[DateTime]::FromFileTime($_.LastLogon)}}).Lastlogon
If ($dateStamp -le $lastlogon)
$dateStamp = $lastlogon
$domainController = $dc
} # End of ForEach
$properties = @{
Name=$account;
LastLogon=$dateStamp;
DomainController=$domainController}
New-Object -TypeName PSObject -Prop $properties
} # End of ForEach
} # End of Process
End {}
} # End of Function
You can then run...
Import-CSV ".\samaccountname.csv" | % {Get-LastLogon $_.samaccountname}
or...
Import-CSV ".\samaccountname.csv" | % {Get-LastLogon $_.samaccountname} | Export-CSV ".\report.csv" -noType -
Users receive "Incomplete Logon Data" error when refreshing SSO BW Unv's
I am receiving an 'Incomplete Logon Data' error for users who try to refresh reports using SSO based universe data connections to BW.
The users login to Infoview with WinAD (SSO through Vintella). Their BW alias is already mapped in through the automatically import user function in the SAP Authentication menu in CMC.
Using the sncgss32.dll for the SNC Library path on the BOE side. BW is using the gx64ntlm.dll.
SNC is set and working for the entitlment user and can import roles.
This issue only affects users that have never logged into Infoview with their SAP credentials. Once a user logs into BO with the SAP/BW credentials, its like the alias gets updated and works correctly from that point forward.
It seems to affect only the synched/imported alias. What am I missing?Yes. They exist in both the BW and AD. In CMC they alias's link perfectly. They login through WinAD Kerberos SSO. The fact that they have a BW alias allow them to navigae to the SAP/2.0 folder structure to open the webi reports. When they refresh, the report, they get a 'Incompete logon data WIS 10901' message.
If the user logs into Infoview with their SAP credentials. Then immediately logs out and logs back in with SSO/Kerb, the issue is resolved going forward. Meaning this user will never see the issue again. Unless I delete the BW alias from their ID and reintroduce the alias from the BW synch (import users) -
Maximum Number of users in a "User Group" (SU01/Logon data/User Group)
All,
My security person recently approached me with a problem she has regarding user groups. She wants to assign user groups so that way division leaders/designees can handle password resets within their own area. To do this she has started using the "User Group" field in SU01/Logon data.
She's told me the maximum number of users she can add to a "User Group" is 30. Can anyone else confirm this? Is there a setting (profile or otherwise) to increase this limit? Any DSN or outside reading that anyone can refer me to on this matter?
Many thanks....> There is a little green clip board icon on the bottom right corner...
I only get that after hitting the Authorization data button in SU10 and the the Multiple selection button next to the user. Ow, and it's not green, the upload from textfile button is
By the way, hitting F4 on a user input field in SU10 will also provide you with the possibility to select more than 30 users in one go.
Edited by: Jurjen Heeck on Dec 29, 2009 12:08 PM -
Export Office 365 User Last Logon Date
When following this procedure http://technet.microsoft.com/en-US/ms772425 I receive the error below. Any help is appreciated.
C:\Get-LastLogonStats.ps1 : A parameter cannot be found that matches parameter
name 'InputFile'.
At line:1 char:97
+ .\Get-LastLogonStats.ps1 -Office365Username uername@domain -Office365Password
password -InputFile <<<< c:\Files\InputFile.txt
+ CategoryInfo : InvalidArgument: (:) [Get-LastLogonStats.ps1], P
arameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Get-LastLogonStats.ps1You need to enable auditing to view history in audit files. In v$session you can see only connected sessions.
http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:1830073957439
http://www.dba-oracle.com/art_builder_sec_audit.htm -
Hi,
We need to get the portal users "Last Successful Logon" information in Portal 7.0 SP 19.
Please help me with your ideas in implementation.
Regards,
RajuHi,
Create a abstract portal component and copy and paste the below code for the doContent () Method.
public void doContent(IPortalComponentRequest request, IPortalComponentResponse response)
DataSource dataSource= null;
ResultSet resultSet= null;
String sqlStatement =null;
ResultSetMetaData rsmd =null;
String nativesqlStatement=null;
try
sqlStatement = "select MAX(TIMESTAMPHOUR),LOGONID from WCR_USERSTAT GROUP BY LOGONID";
InitialContext initialContext= new InitialContext();
dataSource= (DataSource) initialContext.lookup("jdbc/SAP/EP_PCD");
java.sql.Connection connection= dataSource.getConnection();
java.sql.Statement statement= connection.createStatement();
Statement stmt=NativeSQLAccess.createNativeStatement(connection);
resultSet= statement.executeQuery(sqlStatement);
rsmd=resultSet.getMetaData();
if(resultSet!=null)
int m = 0;
response.write("<html>");
response.write("<body>");
response.write("<br>");
response.write("<TABLE width='100%' border='2' cellspacing='2'>");
response.write("<tr>");
response.write("<td>"+"LAST SUCCESSFULL LOGON" +"</td>" );
response.write("<td>"+"LOGONID"+"</td>" );
response.write("</tr>");
while (resultSet.next()) {
m++;
Timestamp ts = new Timestamp(resultSet.getLong(1));
response.write("<tr>");
response.write("<td>"+ts.toGMTString()+"</td>" );
response.write("<td>"+resultSet.getString(2)+ "</td>");
response.write("</tr>");
response.write("</table>");
response.write("<br>");
response.write("Record count is " + m);
catch (Exception e)
response.write("<br>Exception : " + e);
response.write("</body>");
response.write("</html>");
Maybe you are looking for
-
I have a 3gs and just updated my ios from 4.1 to 6.1. But I can't activate it after the upgrade. what to do?
-
Vendor and Customer Hard and Group Currency balances
Please let me know the table names of Vendor, Customer and GL balances for Hard and Group currencies (Ex KNC1 for Customer balance in Company Code Currency) Ramesh
-
Earplug is not working properly IPhone 5
Headphones, sound quality is very poor, strong noise and can not be controlled
-
Storing images inside the database
hi, we are running oracle 9ir2 on Solaris and would like to know how to go about achiving the following: would like to be able to read/write/create/delete bitmap image files in a file share on the same server as the database which would be stored in
-
Hi All, There are more than one rows on iGrid and user needs to select multiple rows and send to SAP But there are many options for multiple selection 1) shift key 2) control key 3) and selecting one row and dragging it to the last row if user drags