E1 Security - Differentiate between terminated and disabled users


The UDC 98/EN controls the ESUSER flag on the F98OWSEC table. out of the box it has 2 values =01 (user enabled) and 02 (user disabled). My client wants to have a third option 03 (user terminated).

If you modify the profile to 03, the user can still sign on. All 4 BSFN's (NY5A*) researched shows that it only allows value 01 to sign on.

So obviously this validation on the first sign-on form happens at a different level using different objects.

Does anyone know which objects are invoked on the sign-on form? The debug logs are not much help to determine the objects called.