- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- forcing initial password change for Non Dialog use...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
forcing initial password change for Non Dialog user
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-17-2008 9:32 AM
Hi,
I have a requirement to force a password change for a NON-Dialog users ( system or Communications )
When I create a user with initial password, The application must force the password change during first logon, Is there a parameter that can be set at the user profile level?
I have to use this trick for BW users where they must not login into SAP using SAPGUI,
but allowed they are allowed for other BEX tools ( with password change )
Thanks,
AJ
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2008 6:49 PM
Hello Abdullah,
The following is the password description for the rest of foure users.
System
The password change requirement does not apply to the passwords, that is, they cannot be initial or expired.
Communications
Although the system checks whether the password has expired or is initial, the implementation of the requirement to change the password, which exists in principle, depends on the logon method (interactive or non-interactive).
Service
During a log on, the system does not check whether the password has expired or is initial.
Reference
It is not possible to log on to the system.
Plesae use the following links to get more info
http://help.sap.com/saphelp_nwmobile71/helpdata/en/98/e25592bd554df3a6ee661d9bef1453/frameset.htm
Hope the above info is helpful
Regards,
Satish
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-17-2008 9:44 AM
> I have a requirement to force a password change for a NON-Dialog users ( system or Communications )
>
> When I create a user with initial password, The application must force the password change during first logon, Is there a parameter that can be set at the user profile level?
>
> I have to use this trick for BW users where they must not login into SAP using SAPGUI,
>
> but allowed they are allowed for other BEX tools ( with password change )
SYSTEM type users cannot change their own password in the way you have described (at logon).
Cheers,
Julius
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2008 6:49 PM
Hello Abdullah,
The following is the password description for the rest of foure users.
System
The password change requirement does not apply to the passwords, that is, they cannot be initial or expired.
Communications
Although the system checks whether the password has expired or is initial, the implementation of the requirement to change the password, which exists in principle, depends on the logon method (interactive or non-interactive).
Service
During a log on, the system does not check whether the password has expired or is initial.
Reference
It is not possible to log on to the system.
Plesae use the following links to get more info
http://help.sap.com/saphelp_nwmobile71/helpdata/en/98/e25592bd554df3a6ee661d9bef1453/frameset.htm
Hope the above info is helpful
Regards,
Satish
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2008 9:00 PM
Please see SAP Note 862989 for changes to the password rules (one of the documents you linked is 9 years old already) and SAP Note 622464 for current information about the impact of user types (the other link is specific to mobile communication which should not be interactive).
If you want to use a personalized user ID on the back end which cannot login via SAPGUI login screen, the Communication type user would be one option.
Another option would be to restrict their dialog type user ABAP system entry points (transaction codes, RFCs, Services and other authorizations) to such a minimum that even if they did logon via SAPGUI, they would not be able to do anything other than that which they could do from RRMX anyway?
As long as they have a valid password and "line-of-site" to the ABAP system and authority for it... they will be able to do so anyway...
@ Abdullah: Could you explain what the reason is for this requirement?
Cheers,
Julius
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-19-2008 6:32 AM
Hi, The original requirement was to give only access to Bex tools like Query designer. So that user can login into the BI system directly from Bex query designer for end users so that they can design their adhoc queries. But our worry was if they gain access to SAPgui using their username / password, they may do something which may not be necessary for the team. This may also becomes a security hole.
Finaly I achieved this by cretating a set of ROLES in PFCG and adding only necessary auth objects manualy.Even if they gain access to SAPGUI, they cannot execute any tcode because I removed everything from S_TCODE.
Thank you all for the prompt and very helpful answer.
..AJ
- SAP Managed Tags:
- Security
