Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to check if password is initial in SAP 4.7

Former Member

‎06-20-2011 1:38 PM

0 Kudos

Hi ,

I wanted to know if we have a functionality to know if the password of a user is initial in SAP 4.7 version.

In ECC 6.0 we have the field PWDINITIAL in the table USR02, also we can check it from the Logon data tab in su01.

But these functionalities are not present in SAP 4.7 version.

Are you aware of any alternate way to get this information?

Thanks ,

Juhi Negi

7 REPLIES 7

Former Member

‎06-20-2011 2:04 PM

0 Kudos

TCode RSUSR200 should provide you the list of users with Initial pwd in 4.7

~Sri

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert

‎06-20-2011 9:08 PM

Kindly use the ABAP function module SUSR_USER_PASSWORD_STATUS_GET instead of directly accessing any tables.

Only APIs will remain stable; the semantic of table fields might be subject of change (w/o prior warning).

Cheers, Wolfgang

Former Member
In response to WolfgangJanzen

‎11-02-2011 9:40 AM

0 Kudos

for the result of function module you can check the documentation (from SE37 transaction code)

Status of User Password (Value: -2/-1/0/1/2/3, see docu.)

Definition

Status of the user password (relating to whether it can or must be changed)

Value Meaning

-2 Password cannot (generally) be changed

-1 Password cannot be changed today (only allowed once a day)

0 Password can be changed, but does not have to be changed

1 Password is initial and must be changed

2 Password has expired and must be changed

3 Password must be changed because it no longer meets the new rules

Former Member

‎06-22-2011 6:37 PM

0 Kudos

The only problem with that Wolfgang is that user adminsitrators often dont have access to use ABAP function module calls (and they probably shouldnt), so it is typical for user admins to use se16 / se16n to access user information via the usr tables, on the understanding that it wont update in realtime once displayed.

Cheers

Steve

mvoros
Active Contributor
In response to Former Member

‎06-22-2011 10:17 PM

0 Kudos

Hi,

admins shouldn't have access to tables with user data. They can just dump passwords and start off line dictionary attack. You can still build a simple custom transactions and use that FM there.

Cheers

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to Former Member

‎06-27-2011 3:00 PM

0 Kudos

Well, what is worse?

Using an API (here: ABAP function module) or directly accessing table contents?!

I still do not understand the intend of this inquriy.

For which concrete purpose do you need to determine whether a user has an "initial" password?

I thought that you want to implement a programmatic check; in that case the usage of APIs is strongly encouraged.

Laszlo_B
Active Contributor

‎01-14-2015 3:53 PM

0 Kudos

Hello Juhi,

perhaps I misunderstand the question, but you can check the status of a password in transaction SU01:

  • go to transaction SU01
  • enter the name of the User, and display its data
  • switch to tab "Logon data"
  • under section "Password" you can see the status of the password.


Right now I couldn't test an initial password, but if the user does not already have an initial password status, the "Productive Password" status is shown here.


Sorry if I misunderstood the query.

Best regards,

Laszlo