Restiction of Password policy for group of users

Former Member · ‎09-15-2012

Dear all,

We are incorporating password policy by activating few parameters. Before enforcing, i have following doubts, Request you all please add your valuable suggestions.

login/password_expiration_time ---> within this parameter we want to set validity of password for 90 days. I read documentation about this parameter in RZ11, in which it says this parameter has exception for Service & System type Users. This means after 90 days Service & System type of user passwords will be remain same like before right?

Also after 90 days what will be the position of communication type of users like SAPCPIC, TMSADM etc...Do we need to change pwds for these users? Is there is any other way to avoid password change policy like by grouping limited users including few HOD users, ADMIN, Service, System & communication etc...

Please suggest any profile parameters or any process to avoid password policy for limited users out of 500 users.

Rgds,

Durga.

Message was edited by: Durga Gadde Can we achieve my requirement by using login/disable_password_logon = 1 & login/password_logon_usergroup = super parameters?

Former Member · ‎09-15-2012

What is your SAP_BASIS component release?

Former Member · ‎09-17-2012

Dear Madhu,

SAP_BASIS 700 0025 SAPKB70025 SAP Basis Component

Please find the above info and suggest.

Rgds,

Durga.

Former Member · ‎09-17-2012

Unfortunately the solution I thought for you will not work on the release you are on.. also the above parameters will not solve your purpose..

login/disable_password_logon parameter will disable the password login for everyone in the system, this is used if you have any other method of login like SSO etc. and the parameter login/password_logon_usergroup define the user group who still can login via password.

if you are upgrading to 703, SAP has introduced SECURITY POLICIES, similar to what you have in Portal today.. you can define certain set of security policies and assign that to individual users.. you can get more information on that at below link.. but at your current release, you can't achieve what you want to... sorry!!

http://help.sap.com/saphelp_nw73ehp1/helpdata/en/41/019a4dba8d4afcb9e6a12003e40a2a/frameset.htm

Former Member · ‎09-17-2012

Dear Madhu,

Thank you for the update. So what you are saying is group of users also cannot escape from changing passwords if we implement Password policy by activating few parameters with my current version right?

Ok. My actual concern is about SAPCPIC, TMSADM users after given 90 days in login/password_expiration_time paramter. Will my day to day jobs or activities fail after 90 days?.

Please suggest as how to proceed about those communication type of users.

Rgds,

Durga..

Former Member · ‎09-24-2012

Dear all,

I have set the login/password_expiration_time parameter to 90 days in Default profile for testing in our Test Server (Reason for inclusion in default profile is we have one application server is there along with Production) before doing it in Production System. This parameter is static and i have done the restart of Test server.

After restart When i try to login with my existing password in test server, system is prompting for new password screen to change (prompting for 000 client logins also) which i have not expected (i thought i did some mistake).

Is this behavior is standard? as i have not read in any documents/search process.

Request someone pls confirm this query and also any supported standard document of this immediate effect of password change.

Rgds,

Durga.