Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Password lock, but different rules for different users

molakalasasikan
Employee
Employee

‎11-25-2009 3:27 PM

0 Kudos

UserID should get locked if login fails for X number of times. there must also be a global setting in addition to individual setting. Allow some groups of accounts to be locked only when he fails for 10 times, but generally for all others itu2019s 3 times, i.e. 3 attempts is the default and it can be overridden. Can someone suggest ?

Edited by: SasikanthReddy M on Nov 25, 2009 4:27 PM

Edited by: Julius Bussche on Nov 25, 2009 4:46 PM

Please use meaningfull subject titles

2 REPLIES 2

Former Member

‎11-25-2009 7:51 PM

0 Kudos

This is not practlcal without customisation.

What is the logic behind the requirement? It makes no sense to me.

Former Member

‎12-08-2009 2:19 PM

0 Kudos

There was discussion about this once before and the idea that the password policies should be client specific groups of configuration which can then be assigned to a user (also client dependent) according to their user group or some other attribute.

The user type already drives some of the behaviour and in a selected few you can define an exception, but they are all global for all users in clients because the RZ10 params are independent as well.

Optionally transportable customizing which overrides the instance param could be an imaginable solution for this and there seems to be some demand for it, so if you wish to you can add this to our [Security Functionality Wishlist|http://wiki.sdn.sap.com/wiki/display/Security/SecurityFunctionalityWishlist-Topics] in the wiki to gather support.

Cheers,

Julius