04-20-2010 9:41 AM
Dear all,
Question about changing password. I know that we can use the parameter login/password_expiration_time to force users to change the password every specified period.
Is there a way to set this parameter for certain user and not for all. I want some users to set a new password every 6 months for example but I want others to never change it.
Many thanks for your help.
Regards
04-20-2010 10:42 AM
can you please explain the "other users" mentioned here. If you set this parameter, the system will not prompt for a password change for users other than dialog.
In SU01, under logon data you can find different user types. A search in the forum or google will provide detailed information on each user type.
Regards,
Gowrinadh
04-20-2010 10:02 AM
Hi David,
No, this is not possible... What you can do, is put the value for this parameter to 6 months, and change the user type for the users where you don't want to change the password to technical user. The password for a technical user never expires.
Kind regards,
Mark Dijsselbloem
04-20-2010 10:32 AM
Many thanks for your answer!
How can I change the user type? Where Do I have to set this?
Thanks again!
04-20-2010 10:42 AM
You can do this in transaction SU01 -> logon data -> User type.
Regards,
Mark
04-20-2010 10:42 AM
can you please explain the "other users" mentioned here. If you set this parameter, the system will not prompt for a password change for users other than dialog.
In SU01, under logon data you can find different user types. A search in the forum or google will provide detailed information on each user type.
Regards,
Gowrinadh
04-20-2010 10:44 AM
Thanks for your answer.
I explain what I mean by other users. I have users in offices and users in factories who use scan pistols.
I want users in offices can change the password and users in factories who can never change the password.
Regards
04-20-2010 10:49 AM
I haven't understood much of it "Scan Pistol". What is the risk you see if they change password? One of my client has user's in factories doing production, still we force them to change password every 90 days.
Regards,
Gowrinadh
04-20-2010 10:57 AM
I explain more.
Users in factories use barcode reader to scan labels. They connect to my SAP Production System through a Wireless Server. On this wireless Server, I have a script that permit them to connect The password is written in this script and should be the same than in SAP system. If they change the password in SAP, this new password won't match with the password in my script, so, they won't be able to connect anymore.
I just read documentation about user type. By default, they are all with "Dialog" type. I can try for a Barcode reader user to change it to "system" and see if it works again.
Hope thie explaination is clear.
Many thanks again.
04-20-2010 12:14 PM
Yes it is. Have you hard coded all user's and their passwords in script or just same user id password for all users?
Regards,
Gowrinadh
04-20-2010 12:24 PM
Yes I have hard coded all user's and their passwords in script. I just try now different user types. the only which works is "services". If I set the password similar than in my script, the user can connect with the barcode reader.
So, If I set the parameter login/password_expiration_time , I think this user won't be impacted by this parameter.
Could you please confirm I am right. If it is, really many thanks all for your help!
04-20-2010 12:33 PM
Yes, this is correct. The password of a service user never expires..
Kind regards,
Mark
04-20-2010 12:49 PM
Hi David,
we have a similar problem at our end, and we manage it by having a program that converts the system administrators give password (say, "123456") to a different one (AB$*CX31(9) using the random password generator, and then prints it as a bar code , so that the fork lift operators just scan the bar code, and because the users change in shifts - this is handed over from one to the other at the end of the shift
04-20-2010 1:26 PM
Many thanks everybody. I have set the parameter login/password_expiration_time to a test system.
Users with "dialog" usertype need to change the password and users with "service" usertype don't need it anymore.
Everything works well now.
Really happy to solve this problem so fast. Impossible without your help.
Have a nice day everybody!
04-21-2010 4:15 PM
Ooops! Last question.
I have forgotten that I have users who doesn't use barcode reader but I don't want them to change the password too.
For example, user for scheduling jobs or the user SAP * (SAPSTAR). Is there a security failure if the user SAP * (SAPSTAR) has got the usertype service?
Thanks again!
04-21-2010 7:13 PM
Hi,
You should not use sap* once the system went live. Maintain user master record(last name should present) , remove all profiles /roles and lock it.
If you need a user user for run jobs create separate users of type "system" and use. When you activate the parameter for expiration all dailog user's need to change password. Usually it will be 90 days. It depends on the organization requirements.
Regards,
Gowrinadh
04-22-2010 1:02 PM
Thanks for your answer. If I lock the user sapstar, then my problem is solved. But I didn't know that it was possible to lock the user sapstar without inducing problem on the system. And If One day I need the user sapstar again, I just need to restart the database I think and the user will be regenerated with the initial password. Is that correct?
Many thanks.
04-22-2010 1:17 PM
Hi David,
Go through this, might be helpful: [http://help.sap.com/saphelp_nw04s/helpdata/en/3a/4a0640d7b28f5ce10000000a155106/content.htm]