cancel
Showing results for 
Search instead for 
Did you mean: 

More than 3 unsuccessful logon attempts, for just only ONE user...

joo_migueldimas
Active Participant
0 Kudos

Hi gurus

I have a question about users and logon attempts. I want to know if it´s possible to define for only one user where this has the possibility to have more than 3 unsuccessful logon attempts!?

I know there is a parameter that allow more than 3 attempts (login/fails_to_session_end) among 1 to 99 attempts... but when I define that in instance profile, without exceptions, all users in my system have this enable feature, so I don´t want for all users in system but for a group of users (for 1 or 2 or maybe 3) that have that feature enable to take 1 to 99 logon attempts!!

I think I explain well my doubt... so I ask you for help me please! Thanks a lot.

Best regards,

João Dimas - Portugal

Accepted Solutions (0)

Answers (3)

Answers (3)

joo_migueldimas
Active Participant
0 Kudos

Unfortunately there is no way to maintain individual users with this logon feature.

João Dimas - Portugal

Former Member
0 Kudos

Hi

global parameters cannot be assinged to individual users it could be set up for all dialog users in the system

cheers

Sudhakar

Former Member
0 Kudos

this is global parameter. Its not possible to maintain for individual user.

JPReyes
Active Contributor
0 Kudos

Nope... not possible, parameter includes all dialog users.

Regards

Juan

joo_migueldimas
Active Participant
0 Kudos

Ok I understand, thanks for help and quick answer.

Best regards,

João Dimas - Portugal

joo_migueldimas
Active Participant
0 Kudos

Hi, one more time...

I want this because in my enterprise there are one user that blongs to web services and that need to access sometimes at more than one computer/server to a SAP function or process, and so there is a possible when this project pass to production system that occur many acess to this process by a many user, and there will be more probability to unsuccessful logon with 3 logon attempts (in production I think that isn´t correct to change that system parameter to all users because itself a security problem).

Why that´s not possible in SAP... I don´t understand, there is no sense how that powerful tool (SAP) don´t allow this possibility

Best regards,

João Dimas

JPReyes
Active Contributor
0 Kudos

and there will be more probability to unsuccessful logon with 3 logon attempts

I don't understand what's the problem with having a tight logon/password security policy... If a user get locked out then simply call for support....

The best way to keep your information safe is to keep it under control, exceptions always cause problems.... don't believe me?... talk to an auditor.

Regards

Juan

Former Member
0 Kudos

But I didn´t say the opposite!!!! 😐 lol

What I said was that possibility/profile/feature to allow only one or two users to that parameters function should be included in the system, there should be that possibility... I think that´s a limitation of the SAP system, of course that´s my humble opinion!

Best Regards,

João Dimas - Portugal

JPReyes
Active Contributor
0 Kudos

Are you Luis Gomez or João Dimas?...

Regards

Juan

joo_migueldimas
Active Participant
0 Kudos

Sorry Juan Reyes,

I´m João Dimas, that user Luis Gomes it was me with a customer user! Sorry one more time!

Best regards

João Dimas

JPReyes
Active Contributor
0 Kudos

No problem...

Former Member
0 Kudos

Hi João,

>I think that´s a limitation of the SAP system, of course that´s my humble opinion!

Yes, this is a limitation of the SAP system, and an intentional one at that! It is not logical to prevent the lock -- even for only a few users -- as you then lose the intended system protection in the first place. I would seriously question wanting to remove it in your scenario, too. I could understand, say, an administration user perhaps wanting this, but a generic web service user? The security risk of never having this user locked out due to failed password attempts is HUGE (like Juan said, just ask an auditor). Think about it. A brute force attack with enough time will find the password out and you would never know since the user is never locked.

It is better to audit the failed logins and understand who and why login attempts are failing in the first place, and then correct this behavior. Prevention is way better than leaving your system wide open.

Best Regards,

Matt