SAP table USR02 (Logon Data (Kernel-Side Use))

SAP table USR02 is a critical system table used to store logon-related data for user accounts within the SAP system. It includes information such as user statuses, failed logon attempts, password hash data, password change timestamps, and lock statuses. This table is primarily utilized by the SAP kernel to manage and secure user authentication and access. Due to its sensitive nature, access to USR02 should be restricted to authorized administrators.

SAP table USR02 has 2 primary key fields being MANDT,BNAME.

If you're only analyzing data from a single SAP instance you may omit field MANT in your relationships as it will we the same across the entire dataset. On the other hand, if you're combining data from multiple SAP instances you need to take MANDT into account.

Field

Description

Data Type

Length

Decimals

Checktable

Data Element

MANDT

Client

CLNT

MANDT

BNAME

User Name in User Master Record

CHAR

XUBNAME

BCODE

Password Hash Key

RAW

XUCODE

GLTGV

User valid from

DATS

XUGLTGV

GLTGB

User valid to

DATS

XUGLTGB

USTYP

User Type

CHAR

XUUSTYP

A	Dialog
B	System
C	Communications Data
L	Reference (Logon not possible)
S	Service

CLASS

User group in user master maintenance

CHAR

USGRP

XUCLASS

LOCNT

Number of failed logon attempts

INT1

XULOCNT

UFLAG

User Lock Status

INT1

XUUFLAG

0	Not Locked
128	Locked Due To Incorrect Logons (Limited Term)
32	Locked Globally By Administrator
64	Locked Locally By Administrator

ACCNT

Account ID

CHAR

XUACCNT

ANAME

Creator of the User Master Record

CHAR

XUANAME

ERDAT

Creation Date of the User Master Record

DATS

XUERDAT

TRDAT

Last Logon Date

DATS

XULDATE

LTIME

Last Logon Time

TIMS

XULTIME

OCOD1

Password Hash Key

RAW

XUCODE

BCDA1

Date of Last Password Change

DATS

XUBCDAT

CODV1

Code Version of Password Hash Algorithm (Old Systems)

CHAR

XUCODEVERS

A	Code version A (obsolete)
B	Code version B (MD5-based, 8 characters, uppercase, ASCII)
C	Code Version C (Not Implemented)
D	Code version D (MD5-based, 8 characters, uppercase, UTF-8)
E	Code version E (= corrected code version D)
X	Password Deactivated

OCOD2

Password Hash Key

RAW

XUCODE

BCDA2

Date of Last Password Change

DATS

XUBCDAT

CODV2

Code Version of Password Hash Algorithm (Old Systems)

CHAR

XUCODEVERS

A	Code version A (obsolete)
B	Code version B (MD5-based, 8 characters, uppercase, ASCII)
C	Code Version C (Not Implemented)
D	Code version D (MD5-based, 8 characters, uppercase, UTF-8)
E	Code version E (= corrected code version D)
X	Password Deactivated

OCOD3

Password Hash Key

RAW

XUCODE

BCDA3

Date of Last Password Change

DATS

XUBCDAT

CODV3

Code Version of Password Hash Algorithm (Old Systems)

CHAR

XUCODEVERS

A	Code version A (obsolete)
B	Code version B (MD5-based, 8 characters, uppercase, ASCII)
C	Code Version C (Not Implemented)
D	Code version D (MD5-based, 8 characters, uppercase, UTF-8)
E	Code version E (= corrected code version D)
X	Password Deactivated

OCOD4

Password Hash Key

RAW

XUCODE

BCDA4

Date of Last Password Change

DATS

XUBCDAT

CODV4

Code Version of Password Hash Algorithm (Old Systems)

CHAR

XUCODEVERS

A	Code version A (obsolete)
B	Code version B (MD5-based, 8 characters, uppercase, ASCII)
C	Code Version C (Not Implemented)
D	Code version D (MD5-based, 8 characters, uppercase, UTF-8)
E	Code version E (= corrected code version D)
X	Password Deactivated

OCOD5

Password Hash Key

RAW

XUCODE

BCDA5

Date of Last Password Change

DATS

XUBCDAT

CODV5

Code Version of Password Hash Algorithm (Old Systems)

CHAR

XUCODEVERS

A	Code version A (obsolete)
B	Code version B (MD5-based, 8 characters, uppercase, ASCII)
C	Code Version C (Not Implemented)
D	Code version D (MD5-based, 8 characters, uppercase, UTF-8)
E	Code version E (= corrected code version D)
X	Password Deactivated

VERSN

User master record version

CHAR

XUVERSION

CODVN

Code Version of Password Hash Algorithm (New Systems)

CHAR

XUCODEVER2

A	Code version A (obsolete)
B	Code version B (MD5-based, 8 characters, uppercase, ASCII)
C	Code Version C (Not Implemented)
D	Code version D (MD5-based, 8 characters, uppercase, UTF-8)
E	Code version E (= corrected code version D)
F	Code version F (SHA1, 40 characters, case-sensitive, UTF-8)
G	Code version G = version F + version B (two hash values)
H	Code version H (generic hash method)
I	Code version I = code versions H + F + B (three hash values)
X	Password Deactivated

TZONE

Time Zone

CHAR

TTZZ

TZNZONE

ZBVMASTER

CUA User Template: Logon Not Possible Here

CHAR

XUZBVFLAG

PASSCODE

Password Hash Value (SHA1, 160 Bit)

RAW

PWD_SHA1

PWDCHGDATE

Date of Last Password Change

DATS

XUBCDAT

PWDSTATE

Password Change: Required / Allowed / Not Possible

INT1

PWDCHGSTATE

0	Password can be changed but does not need to be changed
1	Password is initial and must be changed
2	Password has expired and must be changed
254	Password cannot be changed in principle
255	Password cannot be changed until the end of the wait time
3	Password must be changed due to tightened rules

RESERVED

CUA Control Information

INT1

XUCUACNTL

0	Normal User (Can be distributed using CUA)
11	Local User (Is not distributed using CUA)

PWDHISTORY

Indicator: Password History Stored in Table USRPWDHISTORY

INT1

XUPWDHIST

PWDLGNDATE

Date of Last Password Logon

DATS

XULPDAT

PWDSETDATE

Date: Password Reset by Administrator

DATS

XUSPDAT

PWDINITIAL

Indicator: Password Is Initial (= Set by Administrator)

INT1

XUPWDINIT

PWDLOCKDATE

Date: Setting of Password Lock

DATS

XUPLDAT

PWDSALTEDHASH

Password Hash Value (Various Algorithms and Codings)

CHAR

255

PWD_HASH_STRING

SECURITY_POLICY

Security Policy Name

CHAR

SEC_POLICY_CUST

SECURITY_POLICY_NAME

USR02 foreign key relationships

Table	Field	Check Table		Check Field
0 USR02	CLASS	USGRP	User Groups	MANDT
0 USR02	CLASS	USGRP	User Groups	USERGROUP
1 USR02	SECURITY_POLICY	SEC_POLICY_CUST	Configuration of Security Policies	CLIENT
1 USR02	SECURITY_POLICY	SEC_POLICY_CUST	Configuration of Security Policies	NAME
0 USR02	TZONE	TTZZ	Time zones	TZONE