cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Password expiration exception

Former Member

on ‎12-02-2008 11:00 AM

0 Kudos

Hello all,

I have standard policy in our landscape to force users to change password every 90 days. We have some service users, communiation users + ddic, sap* etc in 000 client which I do not want them to expire and would like to manually change when we have time which could go beyond 90 days.

Is this possible to achive? If not, what is the best practice to manage this properly, please through any ideas.

Thanks,

Krishna

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎12-02-2008 3:46 PM
0 Kudos

thanks all.

Show replies
Show replies
Former Member
‎12-02-2008 11:43 AM
0 Kudos

Hi Krishna,

The standard practice is :

You should remove all the roles and profiles from the userids (ddic & sap) and lock it. And put it into a regular review that you should change the password in a regular interval. It is wise to put Sap user in the usergroup "SUPER", and it should only assigned to the administrator.

Thanks & Regards,

Satyabrat

Show replies
Show replies
Former Member
‎12-02-2008 12:05 PM
0 Kudos

Hi Both,

Thank you for your replies. To record some batch jobs ( which are actually system users), we change that user to dialog user, login as that user, record the job and convert them back to normal service user.

I lock down SAP* and ddic every where except 000 client to use it in emergency or eg: when we do system copy I could only login as SAP* to apply new licence.

How do you go about this ? So, definetely no way out to have excepetion atleast for sap* and ddic?

Regards,

Krishna

Former Member
‎12-02-2008 12:24 PM
0 Kudos

Hi,

Before go for the system copy you can unlock the user and assign the required authrizations. You can list it as a pre-system copy activity. What I suggest before, you can also put the user in usergroup "SUPER" and give the access only to administrator which assure the minimal usage of the userid sap*.

Thanks & Regards,

Satyabrat

Edited by: Satyabrat Mohanty on Dec 2, 2008 5:55 PM

Former Member
‎12-02-2008 11:34 AM
0 Kudos

Use the System user type for dialog-free communication within a system or for background processing within a system, or also for RFC users for various applications, such as ALE, Workflow, Transport Management System, Central User Administration. It is not possible to use this type of user for a dialog logon. Users of this type are excepted from the usual settings for the validity period of a password. Only user administrators can change the password.

Please refer the note 622464.

Cheers,

Jazz

Show replies
Show replies
Ask a Question