01-29-2009 7:43 PM
Friends,
We have multiple systems connected to CUA. Can we do password deactivate for selected systems as we do for passowrd reset.
Regards,
Muthu Kumaran KG
01-29-2009 8:03 PM
What is the reasoning behind the deactivated password?
To my knowledge the system can do this automatically either when the user next logs on without using a password (e.g. SSO) but the password had expired (a change would have been required) or when the lifetime of the initial password had expired.
There is a thread in the FAQ at the top of the forum about doing this using BAPI's. You might want to take a look at that discussion first (for more information).
Cheers,
Julius
01-29-2009 8:03 PM
What is the reasoning behind the deactivated password?
To my knowledge the system can do this automatically either when the user next logs on without using a password (e.g. SSO) but the password had expired (a change would have been required) or when the lifetime of the initial password had expired.
There is a thread in the FAQ at the top of the forum about doing this using BAPI's. You might want to take a look at that discussion first (for more information).
Cheers,
Julius
01-29-2009 8:14 PM
Julius,
Thanks much for the reply.
We had few systems connected to CUA. Recently we have built HR system for which all employees should have access to for viewing payroll stuff. We have enabled single sign on for this. Also we have supplier BW which has SSO. These systems are part of CUA now.
These are the few scenarios,
Lets assume PN1 is the SSO enabled system.
1. User exist in PN1 with password deactivated, adding new system will deactivate password for new system, perform reset for the system works fine
2. ID exist in PN1 with deactivated password, same user when connecting different system still can use the old password
3. ID exist in multiple system, you need to add new system for which the password has to be deactivated u2013 Selective deactivate is not possible, deactivate for the whole and then reset accordingly.
We are struck with the 3rd scenario. Though we have workaround of deactivating whole and reset for those systems this is not doable for business.
Does this makes sense ??
Also can we rename users in CUA.
Regards,
Muthu Kumaran KG
01-29-2009 8:21 PM
Hi Muthu,
Take a look at the comments by Wolfgang Janzen about declarative and programmatic deactivation in the discussion about which I refered to above.
If that is not fast enough for you or interferes with other requirements and release dependencies, then use the BAPI approach if it is to be a once off adjustment.
Cheers,
Julius
01-29-2009 8:16 PM
How are you thinking of login to these systems if you deactivate their password ? Not sure what will be achieved by deactivating passwords in few systems of the CUA.
Are you planning to use Single sign on from Portal and is that the reason why you want to deactivate the password in few systems.
01-29-2009 8:19 PM
Those above mentioned HR and BW are dual stack systems have SSO enabled for browser. User administration is still ABAP.
01-29-2009 8:26 PM
Is password reset capability enabled only from CUA and not from the Child systems. You can enable it for all the child system..that could be an option.