Step-by-Step Instructions for Administrators
Locking and unlocking user accounts is a common requirement for Oracle Fusion HCM administrators. Whether an employee has left the organization, access must be temporarily restricted, or security compliance requires action, Oracle HCM provides a simple way to lock/unlock accounts using HCM Data Loader (HDL).
In this blog, you’ll learn how to lock and unlock user accounts using HDL, along with the required HDL file format, steps to load it, and the process required to apply changes.
✅ Prerequisites
Before you begin, make sure you have:
-
Access to perform HDL operations
-
Valid Person Numbers for users you want to lock/unlock
-
Access to run required ESS process (Send Pending LDAP Requests)
-
Admin privileges to verify the user status
🔒 Locking a User Account Using HDL
To lock a user account in Oracle Fusion HCM, you need to set the Suspended flag = Y in the User HDL file.
Step 1: Prepare the HDL File (User.dat)
Use the following format:
Example:
Step 2: Save and Compress the File
-
Save the file as: User.dat
-
Compress it into a ZIP file:
-
Example ZIP name:
LockUser.zip
-
Step 3: Upload the HDL File
Navigate to:
My Client Groups → Data Exchange → HCM Data Loader → Import and Load
Then:
-
Click Import File
-
Upload the ZIP file
-
Submit the load
Step 4: Run Required Process (Very Important)
After HDL loads successfully, you must run:
✅ Send Pending LDAP Requests
This process applies the account changes to the LDAP directory.
Step 5: Verify User is Locked
Go to:
Setup and Maintenance → Create Implementation User
Search using the person number / username and confirm the account is locked.
🔓 Unlocking a User Account Using HDL
To unlock a user account, set the Suspended flag = N.
Step 1: Prepare the HDL File (User.dat)
Example:
Step 2: Save and Compress the File
-
Save as User.dat
-
Zip it:
-
Example ZIP name:
UnlockUser.zip
-
Step 3: Upload the HDL File
Navigate to:
My Client Groups → Data Exchange → HCM Data Loader → Import and Load
-
Click Import File
-
Upload ZIP file
-
Submit
Step 4: Run Required Process (Very Important)
After HDL loads successfully, you must run:
✅ Send Pending LDAP Requests
This process applies the account changes to the LDAP directory.
Step 5: Verify User is Unlocked
Go to:
Setup and Maintenance → Create Implementation User
Confirm the user is now active/unlocked.
⭐ Best Practices and Recommendations
-
Always double-check the Person Number before locking/unlocking
-
Keep an audit log of user account changes
-
Notify users when their account is unlocked (unless security policy says otherwise)
-
Regularly review locked accounts to avoid unnecessary access restrictions
-
Run Send Pending LDAP Requests after every HDL user suspension change
⚠️ Common Issues and Troubleshooting
Issue 1: HDL loads successfully but user is still active
✅ Solution:
Run Send Pending LDAP Requests process.
Issue 2: Person number not found
✅ Solution:
Confirm the person exists and has a user account created.
Issue 3: Changes not reflecting immediately
✅ Solution:
LDAP sync may take time. Wait 5–10 minutes after process completion.
📌 FAQ
1. Can we lock a user account in Oracle Fusion HCM using HDL?
Yes. You can lock a user account using HDL by setting the field Suspended = Y in User.dat.
2. What HDL object is used to lock/unlock users?
The HDL object used is:
User
3. What does the Suspended flag mean in HDL?
-
Y = user is locked/suspended
-
N = user is active/unlocked
4. Do we need to run any process after loading HDL?
Yes. You must run:
✅ Send Pending LDAP Requests
5. Where can we verify if a user is locked/unlocked?
You can verify in:
Setup and Maintenance → Create Implementation User
6. Can we lock multiple users in one HDL file?
Yes. Add multiple MERGE lines:
7. Is locking a user same as terminating an employee?
No. Locking only disables login access. Termination affects employment and HR records.
✅ Conclusion
Locking and unlocking user accounts using HDL is one of the fastest and cleanest methods available for Oracle Fusion HCM administrators. By updating the Suspended flag and running Send Pending LDAP Requests, you can manage user access securely and efficiently.
