07-30-2012 12:47 PM
Dear Experts,
In our server,we have set parameter login/password_expiration_time for 30 days. System ask password change after every 30 days. We are ok with this option but we want that user couldn't have "change password" option. "password change" option should be available with CORE team only....
Please suggest for the same....
07-30-2012 12:52 PM
Are you sure about this? It sounds like a silly idea to administrate everyone else's password every 30 days 🙂
Possibly you are using user ID accounts which are shared by multiple people and you do not want them to lock each other out? There is a nice solution for that problem...
Cheers,
Julius
07-30-2012 12:59 PM
Dear Julius,
Really appreciate for your understanding. Actually We have one SAP ID used by multiple users, after every 30 days, that SAP ID ask for "new password",
Our CORE team wants to keep that option with them, because if anybody of them change then it's difficult to figure out who change password
Please help us.....
07-30-2012 1:07 PM
Make your common multi login user id type as "SERVICE USER" and this will exclude the user id from password expiration parameter.
Regards,
Jayadeep
07-30-2012 1:37 PM
Dear Jaya,
No, jayadeep, actually We want new password option for that particular SAP ID after every 30 days but restriction should be that only CORE team will able to set new password....
07-30-2012 1:46 PM
07-30-2012 1:53 PM
07-30-2012 1:42 PM
Hi Sumit,
You can use the parameter login/password_logon_usergroup - Controls the deactivation of password-based logon for user groups ( Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package ) and you will assign the user ID in that specific user group.
In future if you need the same for any other user ID you can able to do the same and assign the user in that user group. Also we can change the dialog user to service user which enable user to deactivate the password change in sap.
Hope this helps.
07-30-2012 2:17 PM
Hi Murug,
Let me clear the case:
login/password_expiration_time behaves like a reminder also. requirement is that parameter reminder & disabling new password option should go hand in hand
Means, we want to get reminder from parameter as well as users shouldn't able to set new password if we make SAP ID as "service type",
Is it possible....
07-30-2012 2:29 PM
I think a combination of both not possible, somebody should remember every 30days to reset the service user password
Regards,
Jayadeep
07-30-2012 3:05 PM
I hope you are aware this has audit and license implications...?
Anyway, it sounds more like the CORE team needs a reminder to reset the password every 30 days? (as the 100 users will anyway not be able to do anything about it if you get this working and they cannot change the password)
--> Schedule RSUSR200 with variant for this / these user(s) looking for passwords older than 30 days, output the spool to the CORE team's mailbox. If the CORE team needs some data source to know who to send the new password to and that can be accessed from an ABAP program, you can possibly even automate the whole process. (but make sure you protect the variant!!)
It is still much cleaner and easier to create 100 user IDs for 100 people who then each have their own password...
Cheers,
Julius
07-30-2012 5:26 PM
Hi Sumit,
Whenever we make the service user it not gets any alert to change the password. if you want this you can set the parameter
login/password_logon_usergroup - Controls the deactivation of password-based logon for user groups ( Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package ) and you will assign the user ID in that specific user group.
07-30-2012 5:46 PM
Are you sure about that? I don't see how this has anything to do with the question...
login/password_logon_usergroup is for 1 user group for whom password based authentication is permitted despite the fact that the system is instructed to accept SNC based SSO authentication only and passwords are otherwise blocked.
Cheers,
Julius
07-31-2012 3:40 AM
Hi Murug,
Yes, you r right i tried combination of password_expiration_time + service user type in sandbox server, it didn't work.
now , i 'll try password_expiration_time + password_logon_usergroup + dialog user and password_expiration_time + password_logon_usergroup + service user .
Will post the result soon....
08-02-2012 4:02 PM
Hi murug,
Parameter-> login/password_logon_usergroup asking for password, I thought if I put any user in group then assign that group name to this parameter,then it'll not ask for password...
we have set password expiration password parameter & login/password_logon_usergroup.
And put 1 SAP ID into group, then assign that group to login/password_logon_usergroup.
But i login with that SAP ID, it asks for password. Please suggest i going right way or somewhere wrong
Second option service user type, we are working on this....
08-03-2012 10:36 PM
You are wasting your time with these speculative answers to change parameters. Sorry that I did not moderate it fast enough but I did warn you (see above).
If you are sharing user IDs for multiple people, you must either split the user IDs or prevent the password change (type SERVICE if is is to be SAPGUI capable).
However what you are doing is intentionally not supported and you will probably only get points frenzy folks making speculative answers to your question and they will not work either.(at least they will not work reliably).
Perhaps you want to contact your account manager to discuss licenses for folks who work in shifts. Possibly you only need to license 5 scanners?
Cheers,
Julius
08-23-2012 12:24 PM
I investigate how business intelligence supports making operational decisions.
The research involves only operational management and how they use business intelligence to make their operational decisions. I would kindly ask all of you guys who have experience in using BI to make operational decisions to get in touch and to complete a simple questionnaire which
could further prove or deny my hypothesis. Many Thanks
08-24-2012 11:33 PM